Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report https://www.voicemod.net/downloadVoicemod.php

Overview

General Information

Sample URL:https://www.voicemod.net/downloadVoicemod.php
Analysis ID:373949
Infos:

Most interesting Screenshot:

Detection

Score:39
Range:0 - 100
Whitelisted:false
Confidence:20%

Signatures

Changes security center settings (notifications, updates, antivirus, firewall)
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read device registry values (via SetupAPI)
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file contains strange resources
Queries device information via Setup API
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses code obfuscation techniques (call, push, ret)
Uses net.exe to stop services
Yara signature match

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior



Startup

  • System is w10x64
  • cmd.exe (PID: 4116 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://www.voicemod.net/downloadVoicemod.php' > cmdline.out 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • conhost.exe (PID: 1528 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • wget.exe (PID: 3544 cmdline: wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://www.voicemod.net/downloadVoicemod.php' MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)
  • VoicemodSetup_2.8.0.4.exe (PID: 4876 cmdline: 'C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exe' MD5: 8199D89BD279D96152F4ABAC8655F0FF)
    • VoicemodSetup_2.8.0.4.tmp (PID: 3096 cmdline: 'C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp' /SL5='$50230,66830058,819200,C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exe' MD5: E34D411292EEAD40863949B1E6A88A7D)
      • curl.exe (PID: 4580 cmdline: 'C:\Windows\system32\curl.exe' -v https://wsw.voicemod.net/api.windows/v2/webutils/getAnonymousId/?initialUuid=d06ed635-68f6-4e9a-955c-4899f5f57b9a -o C:\Users\user\AppData\Local\Temp\is-LK17V.tmp\deviceId.txt MD5: BDEBD2FC4927DA00EEA263AF9CF8F7ED)
        • conhost.exe (PID: 6072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • cmd.exe (PID: 204 cmdline: 'C:\Windows\system32\cmd.exe' /C tasklist > C:\Users\user\AppData\Local\Temp\\tasklist_unins000.exe.txt MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • conhost.exe (PID: 5780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • tasklist.exe (PID: 1752 cmdline: tasklist MD5: B12E0F9C42075B4B7AD01D0B6A48485D)
      • cmd.exe (PID: 4244 cmdline: 'C:\Windows\system32\cmd.exe' /C tasklist > C:\Users\user\AppData\Local\Temp\\tasklist_VoicemodDesktop.exe.txt MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • conhost.exe (PID: 4260 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • tasklist.exe (PID: 5228 cmdline: tasklist MD5: B12E0F9C42075B4B7AD01D0B6A48485D)
      • SaveDefaultDevices.exe (PID: 5604 cmdline: 'C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe' defaultdevices.txt MD5: CE0E059D4365C22F6F8CC1CE04FF5418)
        • conhost.exe (PID: 5816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • cmd.exe (PID: 5764 cmdline: 'C:\Windows\system32\cmd.exe' /C ''C:\Program Files\Voicemod Desktop\driver\setupDrv.bat'' MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • conhost.exe (PID: 5380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • net.exe (PID: 5044 cmdline: net stop audiosrv /y MD5: 15534275EDAABC58159DD0F8607A71E5)
          • net1.exe (PID: 5152 cmdline: C:\Windows\system32\net1 stop audiosrv /y MD5: AF569DE92AB6C1B9C681AF1E799F9983)
        • net.exe (PID: 5364 cmdline: net stop AudioEndpointBuilder /y MD5: 15534275EDAABC58159DD0F8607A71E5)
  • svchost.exe (PID: 6116 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 460 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 1708 cmdline: c:\windows\system32\svchost.exe -k unistacksvcgroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5632 cmdline: c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 3396 cmdline: c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5872 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • SgrmBroker.exe (PID: 3864 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: D3170A3F3A9626597EEE1888686E3EA6)
  • svchost.exe (PID: 2420 cmdline: c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • MpCmdRun.exe (PID: 484 cmdline: 'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable MD5: A267555174BFA53844371226F482B86B)
      • conhost.exe (PID: 5744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • svchost.exe (PID: 1844 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files\Voicemod Desktop\is-03V3U.tmpSUSP_NET_NAME_ConfuserExDetects ConfuserEx packed fileArnim Rupp
  • 0x10e55:$name: ConfuserEx
  • 0xf43b:$compile: AssemblyTitle
C:\Program Files\Voicemod Desktop\is-O72HK.tmpSUSP_NET_NAME_ConfuserExDetects ConfuserEx packed fileArnim Rupp
  • 0x10e55:$name: ConfuserEx
  • 0xf43b:$compile: AssemblyTitle
C:\Program Files\Voicemod Desktop\is-UKQ25.tmpSUSP_NET_NAME_ConfuserExDetects ConfuserEx packed fileArnim Rupp
  • 0x237c57:$name: ConfuserEx
  • 0x20297d:$compile: AssemblyTitle
C:\Program Files\Voicemod Desktop\is-RU7LS.tmpSUSP_NET_NAME_ConfuserExDetects ConfuserEx packed fileArnim Rupp
  • 0x13149:$name: ConfuserEx
  • 0x36b6:$compile: AssemblyTitle
C:\Program Files\Voicemod Desktop\is-0FCKT.tmpSUSP_NET_NAME_ConfuserExDetects ConfuserEx packed fileArnim Rupp
  • 0x13149:$name: ConfuserEx
  • 0x36b6:$compile: AssemblyTitle

Sigma Overview

System Summary:

barindex
Sigma detected: Net.exe ExecutionShow sources
Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: net stop audiosrv /y, CommandLine: net stop audiosrv /y, CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: 'C:\Windows\system32\cmd.exe' /C ''C:\Program Files\Voicemod Desktop\driver\setupDrv.bat'', ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5764, ProcessCommandLine: net stop audiosrv /y, ProcessId: 5044

Signature Overview

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod DesktopJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\ResourcesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\Resources\DefaultSoundsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\driverJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\esJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\zhJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\ruJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\deJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\frJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\koJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\ptJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\x64Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\unins000.datJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-DQ7E3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-PVNDU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\driver\is-T54JD.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\driver\is-K00DV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\driver\is-MCLEV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\driver\is-TFO18.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\driver\is-37BUS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\driver\is-OGQU8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\driver\is-8K6JF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\driver\is-I9CMN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-PAE5B.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-J9C5K.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-93RRB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-C3ID6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-9NK0J.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-M9O4R.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-2L1AC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-COTNB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-GUSEB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-8NHGK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-CGC8A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-1KGRU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-6MAGC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-1QVHO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-MVP0S.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-0BHLO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-3QJCD.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-L144U.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-DP93Q.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-GJVJG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-90CC6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-0J1QU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-7J14T.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-O89NV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-H6OTH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-OI1OH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-2G6RS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-784PS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-3QOI3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-F8PMF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-KMV4G.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-96140.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-1RKVN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-51I1F.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-0VBUH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-9I0L2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-HGG02.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-GHBQA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-6BADM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-0HCVR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-JUHGV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-P86LN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-ANGPN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-5JDB3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-OGLK3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-5M6SE.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-7LCED.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-DISHG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-8VQF8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-6LRB8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-8TVRG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-1KV1T.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-ICEC6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-HB3IT.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-KE0KN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-4KOV0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-LOTOK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-17LO4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-QQLHQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-4C3VH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-KL16B.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-444JM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-OFKEI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-S95E9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-KABB2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-OU5IA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-M60AN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-N149V.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-RPN0I.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-JBMKO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-147A0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-4FV5C.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-NPL4I.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-TJ4FP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-PN0K5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-1L277.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-O5QOR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-POGC5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-0JAKV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-NSTA9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-2FF34.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-CFM6J.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-HH8S6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-17PTA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-SUPD6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-23IFS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-3G1TG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-6TH30.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-TLF4O.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-828CN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-DITGO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-NU1I6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-H21RJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-RU7LS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-O72HK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-SV5LI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-JKD7E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-PKIO4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-A2KVS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-N79BS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-23522.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-Q84K7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\localesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-8CJV9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-VL07T.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-BI396.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-T1MUS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-9TNNJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-43RGC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-P9LUJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-S580S.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-4AFKH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-7U002.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-7FD80.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-MC0MU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-3605R.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-LAS5M.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-IF9F6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-VJQHQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-0E0VA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-LAU41.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-4691S.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-HJ5MA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-TFQOM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-BG9HR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-KTMHR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-U2ET3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-4M5DM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-R4DPQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-R7MKQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-CA5IV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-2G5U2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-3ARQP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-ECM4I.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-J61OM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-E1CDJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-7GS7E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-6PNUQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-9DA2V.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-0AI41.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-1Q56H.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-G035B.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-DFPQJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-1RND3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-4QGIR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-7LGTS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-EO6S9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-TV1OH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-QCHR3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-D5QI5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-937OP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-JCPQ4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-KLC22.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-D57G0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-CRPKS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-1O99J.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-F57UF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-SJR92.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-KC69A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-R5P2N.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-559R3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\Resources\DefaultSounds\is-V23J6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\Resources\DefaultSounds\44100Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\Resources\DefaultSounds\44100\is-GKA2Q.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\Resources\DefaultSounds\48000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\Resources\DefaultSounds\48000\is-9PF58.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\Resources\DefaultSounds\NAudioJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\Resources\DefaultSounds\NAudio\is-B27ML.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-R6681.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-UKQ25.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-0FCKT.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-03V3U.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-9IF5E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-UV9S2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\unins000.msgJump to behavior
Source: C:\Windows\System32\cmd.exeDirectory created: C:\Program Files\Voicemod Desktop\driver\uninstalldriver.log
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8435A407-F778-4647-9CDB-46E5EC50BAD0}_is1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Users\user\AppData\Local\Temp\Setup Log 2021-03-23 #001.txtJump to behavior
Source: C:\Windows\System32\cmd.exeFile created: C:\Program Files\Voicemod Desktop\driver\uninstalldriver.log
Source: Binary string: /_/src/Microsoft.AspNetCore.Hosting.Server.Abstractions/obj/Release/netstandard2.0/Microsoft.AspNetCore.Hosting.Server.Abstractions.pdbSHA256 source: is-2G6RS.tmp.8.dr
Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Collections.Immutable\netstandard\System.Collections.Immutable.pdb source: is-1L277.tmp.8.dr
Source: Binary string: C:\projects\jsonsubtypes\JsonSubTypes\obj\Release\net47\JsonSubTypes.pdb source: is-DP93Q.tmp.8.dr
Source: Binary string: C:\projects\ably-dotnet\src\IO.Ably.NETFramework\bin\Release\packaged\IO.Ably.pdb$> source: is-3QJCD.tmp.8.dr
Source: Binary string: R:\GitlabRunner\builds\BGzmzA2o\0\desktop\voicemod-desktop\DriverCleaner\obj\Release\drivercleaner.pdb source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589804292.0000000005107000.00000004.00000001.sdmp, is-UV9S2.tmp.8.dr
Source: Binary string: C:\projects\ably-dotnet\src\IO.Ably.NETFramework\bin\Release\packaged\IO.Ably.pdb source: is-3QJCD.tmp.8.dr
Source: Binary string: d:\Projects\Voicemod\01\windowsvirtualaudiocable\source\simple\x64\Win8.1 Release\vmdrv.pdb source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp
Source: Binary string: /_/src/Microsoft.Net.Http.Headers/obj/Release/netstandard2.0/Microsoft.Net.Http.Headers.pdb source: is-QQLHQ.tmp.8.dr
Source: Binary string: C:\VoicemodProjects\vsteffects\VisualStudio\SaveDefaultDevices\SaveDefaultDevices\x64\Release\SaveDefaultDevices.pdb55 source: SaveDefaultDevices.exe, 0000001E.00000000.440631567.00007FF7F884C000.00000002.00020000.sdmp
Source: Binary string: C:\projects\nlogweb\src\NLog.Web.AspNetCore\obj\Any CPU\release\net461\NLog.Web.AspNetCore.pdbSHA256 source: is-M60AN.tmp.8.dr
Source: Binary string: /_/artifacts/obj/System.Threading.Channels/netstandard-Release/System.Threading.Channels.pdbSHA256f source: is-DITGO.tmp.8.dr
Source: Binary string: /_/src/Microsoft.AspNetCore.Http.Abstractions/obj/Release/netstandard2.0/Microsoft.AspNetCore.Http.Abstractions.pdb source: is-784PS.tmp.8.dr
Source: Binary string: /_/artifacts/obj/System.Threading.Channels/netstandard-Release/System.Threading.Channels.pdb source: is-DITGO.tmp.8.dr
Source: Binary string: d:\Projects\Voicemod\01\windowsvirtualaudiocable\source\simple\x64\Win8 Release\vmdrv.pdb source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp
Source: Binary string: C:\projects\nlogweb\src\NLog.Web.AspNetCore\obj\Any CPU\release\net461\NLog.Web.AspNetCore.pdb source: is-M60AN.tmp.8.dr
Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Collections.Immutable\netstandard\System.Collections.Immutable.pdbSHA256* source: is-1L277.tmp.8.dr
Source: Binary string: d:\Projects\Voicemod\01\windowsvirtualaudiocable\source\simple\x64\Win7 Release\vmdrv.pdb source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp
Source: Binary string: /_/src/Microsoft.AspNetCore.Hosting.Server.Abstractions/obj/Release/netstandard2.0/Microsoft.AspNetCore.Hosting.Server.Abstractions.pdb source: is-2G6RS.tmp.8.dr
Source: Binary string: /_/src/Microsoft.Net.Http.Headers/obj/Release/netstandard2.0/Microsoft.Net.Http.Headers.pdbSHA256[ source: is-QQLHQ.tmp.8.dr
Source: Binary string: /_/src/Microsoft.AspNetCore.Http.Abstractions/obj/Release/netstandard2.0/Microsoft.AspNetCore.Http.Abstractions.pdbSHA256 source: is-784PS.tmp.8.dr
Source: Binary string: C:\projects\jsonsubtypes\JsonSubTypes\obj\Release\net47\JsonSubTypes.pdb5HOH AH_CorDllMainmscoree.dll source: is-DP93Q.tmp.8.dr
Source: Binary string: f:\mydev\inno-download-plugin\unicode\idp.pdb source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589555081.0000000004F70000.00000004.00000001.sdmp, idp.dll.8.dr
Source: Binary string: C:\VoicemodProjects\vsteffects\VisualStudio\SaveDefaultDevices\SaveDefaultDevices\x64\Release\SaveDefaultDevices.pdb source: SaveDefaultDevices.exe, 0000001E.00000000.440631567.00007FF7F884C000.00000002.00020000.sdmp
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_0040B268 FindFirstFileW,FindClose,5_2_0040B268
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_0040AC9C GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,5_2_0040AC9C
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: 8_2_0040CBFC FindFirstFileW,FindClose,8_2_0040CBFC
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: 8_2_005EAC28 FindFirstFileW,GetLastError,8_2_005EAC28
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: 8_2_006432DC FindFirstFileW,SetFileAttributesW,FindNextFileW,FindClose,8_2_006432DC
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: 8_2_0040C630 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,8_2_0040C630
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: Lhttps://www.facebook.com/sharer.php?u= equals www.facebook.com (Facebook)
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: twitterMhttps://www.facebook.com/sharer.php?u=EWe don't have a share info for {0} equals www.facebook.com (Facebook)
Source: curl.exe, 0000000F.00000003.298432583.000001BE33F1A000.00000004.00000001.sdmpString found in binary or memory: http://apps.identrust.com/roots/
Source: curl.exe, 0000000F.00000003.298348965.000001BE33F2C000.00000004.00000001.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: http://bit.ly/2J5jwti
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: http://bit.ly/2PO8Qj0
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: http://bit.ly/2PO8Qj0RFREE
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: http://bit.ly/2PO8Qj0SFREE
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589555081.0000000004F70000.00000004.00000001.sdmp, idp.dll.8.drString found in binary or memory: http://bitbucket.org/mitrich_k/inno-download-plugin
Source: wget.exe, 00000002.00000003.252341350.0000000002BC8000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt
Source: wget.exe, 00000002.00000003.252341350.0000000002BC8000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0
Source: wget.exe, 00000002.00000003.252341350.0000000002BC8000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crtQ5
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: wget.exe, 00000002.00000002.253046104.0000000002BC0000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp, is-03V3U.tmp.8.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: wget.exe, 00000002.00000002.253046104.0000000002BC0000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp, is-03V3U.tmp.8.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA.crt0
Source: wget.exe, 00000002.00000002.253046104.0000000002BC0000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp, is-03V3U.tmp.8.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: wget.exe, 00000002.00000002.253046104.0000000002BC0000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp, is-03V3U.tmp.8.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: is-TFQOM.tmp.8.dr, is-JCPQ4.tmp.8.dr, is-4AFKH.tmp.8.dr, is-BI396.tmp.8.drString found in binary or memory: http://code.google.com/p/chromium/issues/entry
Source: curl.exe, 0000000F.00000003.298432583.000001BE33F1A000.00000004.00000001.sdmpString found in binary or memory: http://cps.letsencrypt.org0
Source: curl.exe, 0000000F.00000003.298432583.000001BE33F1A000.00000004.00000001.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org0
Source: wget.exe, 00000002.00000003.252286440.0000000002B84000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: wget.exe, 00000002.00000003.252286440.0000000002B84000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wget.exe, 00000002.00000003.252286440.0000000002B84000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crlL7
Source: curl.exe, 0000000F.00000003.298348965.000001BE33F2C000.00000004.00000001.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
Source: wget.exe, 00000002.00000003.252341350.0000000002BC8000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl
Source: wget.exe, 00000002.00000003.252341350.0000000002BC8000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl07
Source: wget.exe, 00000002.00000003.252341350.0000000002BC8000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crlX7
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: wget.exe, 00000002.00000002.253046104.0000000002BC0000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp, is-03V3U.tmp.8.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: wget.exe, 00000002.00000002.253046104.0000000002BC0000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp, is-03V3U.tmp.8.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigning-g1.crl03
Source: wget.exe, 00000002.00000002.253046104.0000000002BC0000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp, is-03V3U.tmp.8.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: wget.exe, 00000002.00000003.252286440.0000000002B84000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl
Source: svchost.exe, 00000006.00000002.602517145.000001E936015000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
Source: wget.exe, 00000002.00000003.252341350.0000000002BC8000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m
Source: wget.exe, 00000002.00000003.252286440.0000000002B84000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crlD7
Source: wget.exe, 00000002.00000002.253046104.0000000002BC0000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp, is-03V3U.tmp.8.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: wget.exe, 00000002.00000003.252286440.0000000002B84000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.coU
Source: wget.exe, 00000002.00000003.252341350.0000000002BC8000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl
Source: wget.exe, 00000002.00000003.252341350.0000000002BC8000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl0L
Source: wget.exe, 00000002.00000003.252341350.0000000002BC8000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crlZ7
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: wget.exe, 00000002.00000002.253046104.0000000002BC0000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp, is-03V3U.tmp.8.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: wget.exe, 00000002.00000002.253046104.0000000002BC0000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp, is-03V3U.tmp.8.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigning-g1.crl0K
Source: wget.exe, 00000002.00000002.253046104.0000000002BC0000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp, is-03V3U.tmp.8.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: wget.exe, 00000002.00000002.253046104.0000000002BC0000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp, is-03V3U.tmp.8.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: is-3QJCD.tmp.8.drString found in binary or memory: http://james.newtonking.com/projects/json
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589555081.0000000004F70000.00000004.00000001.sdmp, idp.dll.8.drString found in binary or memory: http://mitrichsoftware.wordpress.comB
Source: wget.exe, 00000002.00000003.252341350.0000000002BC8000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.c&Q
Source: wget.exe, 00000002.00000003.252286440.0000000002B84000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com
Source: wget.exe, 00000002.00000003.252286440.0000000002B84000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com)
Source: wget.exe, 00000002.00000003.252341350.0000000002BC8000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: wget.exe, 00000002.00000003.252341350.0000000002BC8000.00000004.00000001.sdmp, svchost.exe, 00000006.00000002.602517145.000001E936015000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0:
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: wget.exe, 00000002.00000002.253046104.0000000002BC0000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp, is-03V3U.tmp.8.drString found in binary or memory: http://ocsp.digicert.com0C
Source: wget.exe, 00000002.00000002.253046104.0000000002BC0000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp, is-03V3U.tmp.8.drString found in binary or memory: http://ocsp.digicert.com0H
Source: wget.exe, 00000002.00000002.253046104.0000000002BC0000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp, is-03V3U.tmp.8.drString found in binary or memory: http://ocsp.digicert.com0I
Source: wget.exe, 00000002.00000002.253046104.0000000002BC0000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp, is-03V3U.tmp.8.drString found in binary or memory: http://ocsp.digicert.com0O
Source: wget.exe, 00000002.00000003.252286440.0000000002B84000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.comG
Source: svchost.exe, 00000006.00000002.602517145.000001E936015000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.msocsp.com0
Source: curl.exe, 0000000F.00000003.298432583.000001BE33F1A000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/0
Source: curl.exe, 0000000F.00000003.298432583.000001BE33F1A000.00000004.00000001.sdmpString found in binary or memory: http://r3.o.lencr.on
Source: curl.exe, 0000000F.00000003.298348965.000001BE33F2C000.00000004.00000001.sdmpString found in binary or memory: http://r3.o.lencr.org0
Source: svchost.exe, 00000006.00000003.600973843.000001E9308AE000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap
Source: svchost.exe, 0000000C.00000002.313013366.000002961CA13000.00000004.00000001.sdmpString found in binary or memory: http://www.bingmapsportal.com
Source: wget.exe, 00000002.00000002.253046104.0000000002BC0000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589804292.0000000005107000.00000004.00000001.sdmp, is-03V3U.tmp.8.drString found in binary or memory: http://www.digicert.com/CPS0
Source: wget.exe, 00000002.00000002.253046104.0000000002BC0000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp, is-03V3U.tmp.8.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: VoicemodSetup_2.8.0.4.exe, 00000005.00000003.687141506.0000000000B25000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.286963749.00000000034E0000.00000004.00000001.sdmpString found in binary or memory: http://www.dk-soft.org/
Source: VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000000.285919151.0000000000401000.00000020.00020000.sdmpString found in binary or memory: http://www.graphical-installer.com/
Source: VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000000.285919151.0000000000401000.00000020.00020000.sdmpString found in binary or memory: http://www.innosetup.com/
Source: VoicemodSetup_2.8.0.4.exeString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
Source: VoicemodSetup_2.8.0.4.exe, 00000005.00000000.281664877.0000000000401000.00000020.00020000.sdmpString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: is-3QJCD.tmp.8.drString found in binary or memory: http://www.newtonsoft.com/jsonschema
Source: VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmpString found in binary or memory: http://www.remobjects.com/ps
Source: VoicemodSetup_2.8.0.4.exe, 00000005.00000003.687282777.0000000000BE3000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.650490655.0000000002594000.00000004.00000001.sdmpString found in binary or memory: http://www.voicemod.net
Source: VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282427644.0000000002600000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.286963749.00000000034E0000.00000004.00000001.sdmpString found in binary or memory: http://www.voicemod.net.http://www.voicemod.net.http://www.voicemod.net
Source: svchost.exe, 0000000A.00000002.1357537294.000002138B63E000.00000004.00000001.sdmpString found in binary or memory: https://%s.dnet.xboxlive.com
Source: svchost.exe, 0000000A.00000002.1357537294.000002138B63E000.00000004.00000001.sdmpString found in binary or memory: https://%s.xboxlive.com
Source: svchost.exe, 0000000A.00000002.1357537294.000002138B63E000.00000004.00000001.sdmpString found in binary or memory: https://activity.windows.com
Source: VoicemodSetup_2.8.0.4.exe, 00000005.00000003.687171442.0000000000B63000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.650194519.0000000003619000.00000004.00000001.sdmpString found in binary or memory: https://aka.ms/vs/16/release/VC_redist.x64.exe
Source: VoicemodSetup_2.8.0.4.exe, 00000005.00000003.687171442.0000000000B63000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.650194519.0000000003619000.00000004.00000001.sdmpString found in binary or memory: https://aka.ms/vs/16/release/VC_redist.x86.exe
Source: svchost.exe, 0000000C.00000003.312531286.000002961CA60000.00000004.00000001.sdmpString found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
Source: svchost.exe, 0000000A.00000002.1357537294.000002138B63E000.00000004.00000001.sdmpString found in binary or memory: https://bn2.notify.windows.com/v2/register/xplatform/device
Source: is-TFQOM.tmp.8.dr, is-JCPQ4.tmp.8.dr, is-4AFKH.tmp.8.dr, is-BI396.tmp.8.drString found in binary or memory: https://chrome.google.com/webstore/category/extensions
Source: is-BI396.tmp.8.drString found in binary or memory: https://chrome.google.com/webstore?hl=bg
Source: is-4AFKH.tmp.8.drString found in binary or memory: https://chrome.google.com/webstore?hl=el
Source: is-TFQOM.tmp.8.drString found in binary or memory: https://chrome.google.com/webstore?hl=hi
Source: is-JCPQ4.tmp.8.drString found in binary or memory: https://chrome.google.com/webstore?hl=trK
Source: svchost.exe, 0000000A.00000002.1357537294.000002138B63E000.00000004.00000001.sdmpString found in binary or memory: https://co4-df.notify.windows.com/v2/register/xplatform/device
Source: svchost.exe, 0000000C.00000003.312560290.000002961CA5A000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
Source: svchost.exe, 0000000C.00000003.312531286.000002961CA60000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
Source: svchost.exe, 0000000C.00000002.313074368.000002961CA3D000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
Source: svchost.exe, 0000000C.00000003.312531286.000002961CA60000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
Source: svchost.exe, 0000000C.00000003.312503364.000002961CA49000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
Source: svchost.exe, 0000000C.00000002.313074368.000002961CA3D000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
Source: svchost.exe, 0000000C.00000003.312531286.000002961CA60000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
Source: svchost.exe, 0000000C.00000003.312531286.000002961CA60000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
Source: svchost.exe, 0000000C.00000003.312531286.000002961CA60000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
Source: svchost.exe, 0000000C.00000003.312585853.000002961CA40000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
Source: svchost.exe, 0000000C.00000003.312585853.000002961CA40000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
Source: svchost.exe, 0000000C.00000003.312531286.000002961CA60000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
Source: svchost.exe, 0000000C.00000003.312585853.000002961CA40000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.313137827.000002961CA5C000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: https://discord.gg/voicemodevm.$store.dispatch(
Source: VoicemodSetup_2.8.0.4.exe, 00000005.00000003.687171442.0000000000B63000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.650194519.0000000003619000.00000004.00000001.sdmpString found in binary or memory: https://download.voicemod.net/b2c/netframeworks/NetFramework472.exe
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: https://download.voicemod.net/static/icons-rebrand/
Source: svchost.exe, 0000000C.00000003.312560290.000002961CA5A000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
Source: svchost.exe, 0000000C.00000002.313137827.000002961CA5C000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
Source: svchost.exe, 0000000C.00000002.313137827.000002961CA5C000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
Source: svchost.exe, 0000000C.00000003.312503364.000002961CA49000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.312560290.000002961CA5A000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.t
Source: svchost.exe, 0000000C.00000003.312531286.000002961CA60000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
Source: svchost.exe, 0000000C.00000002.313074368.000002961CA3D000.00000004.00000001.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 0000000C.00000003.290726622.000002961CA32000.00000004.00000001.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
Source: is-2G6RS.tmp.8.drString found in binary or memory: https://github.com/aspnet/Hosting/tree/0724e6cde1149ee1a19bfec9c13a2c9327b71213
Source: is-QQLHQ.tmp.8.drString found in binary or memory: https://github.com/aspnet/HttpAbstractions/tree/91db78cf926939821bc96e8e60616cf5dde0b489
Source: is-6TH30.tmp.8.drString found in binary or memory: https://github.com/dotnet/corefx/tree/02b11eeee1fbc5f3ef43a1452fe07efd25fa17158
Source: is-1L277.tmp.8.drString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
Source: is-1L277.tmp.8.drString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
Source: is-03V3U.tmp.8.drString found in binary or memory: https://github.com/statianzo/Fleck
Source: is-3QJCD.tmp.8.drString found in binary or memory: https://help.ably.io/error/
Source: is-3QJCD.tmp.8.drString found in binary or memory: https://help.ably.io/error/40171
Source: is-3QJCD.tmp.8.drString found in binary or memory: https://internet-up.ably-realtime.com/is-the-internet-up.txt
Source: is-3QJCD.tmp.8.drString found in binary or memory: https://internet-up.ably-realtime.com/is-the-internet-up.txteCannot
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: https://iris-int-api.voicemod.dev/api/v1/auth
Source: is-M60AN.tmp.8.drString found in binary or memory: https://nlog-project.org/
Source: is-4AFKH.tmp.8.drString found in binary or memory: https://passwords.google.com
Source: is-TFQOM.tmp.8.dr, is-JCPQ4.tmp.8.drString found in binary or memory: https://passwords.google.comGoogle
Source: VoicemodSetup_2.8.0.4.exe, 00000005.00000003.687171442.0000000000B63000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.650194519.0000000003619000.00000004.00000001.sdmpString found in binary or memory: https://s2s.mparticle.com/v2/events
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: https://s2s.mparticle.com/v21Segment.LoggerHandlers:
Source: is-BI396.tmp.8.drString found in binary or memory: https://support.google.com/chrome/?p=ui_supervised_users&hl=bg
Source: is-4AFKH.tmp.8.drString found in binary or memory: https://support.google.com/chrome/?p=ui_supervised_users&hl=el
Source: is-TFQOM.tmp.8.drString found in binary or memory: https://support.google.com/chrome/?p=ui_supervised_users&hl=hi
Source: is-JCPQ4.tmp.8.drString found in binary or memory: https://support.google.com/chrome/?p=ui_supervised_users&hl=tr
Source: is-TFQOM.tmp.8.dr, is-JCPQ4.tmp.8.dr, is-4AFKH.tmp.8.drString found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: is-TFQOM.tmp.8.dr, is-JCPQ4.tmp.8.dr, is-4AFKH.tmp.8.drString found in binary or memory: https://support.google.com/cloudprint/answer/2541843
Source: svchost.exe, 0000000C.00000002.313074368.000002961CA3D000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
Source: svchost.exe, 0000000C.00000002.313074368.000002961CA3D000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.313013366.000002961CA13000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
Source: svchost.exe, 0000000C.00000003.312585853.000002961CA40000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
Source: svchost.exe, 0000000C.00000003.312585853.000002961CA40000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
Source: svchost.exe, 0000000C.00000003.290726622.000002961CA32000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
Source: svchost.exe, 0000000C.00000002.313061524.000002961CA3B000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
Source: svchost.exe, 0000000C.00000003.312503364.000002961CA49000.00000004.00000001.sdmpString found in binary or memory: https://t0.tiles.ditu.live.com/tiles/gen
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/intent/tweet?text=
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/intent/tweet?text=5Input
Source: VoicemodSetup_2.8.0.4.exe, 00000005.00000003.687171442.0000000000B63000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.650194519.0000000003619000.00000004.00000001.sdmpString found in binary or memory: https://wsw.voicemod.net/api.windows/v2/webutils/getAnonymousId/?initialUuid=
Source: curl.exe, 0000000F.00000002.298629897.000001BE33EC0000.00000004.00000020.sdmpString found in binary or memory: https://wsw.voicemod.net/api.windows/v2/webutils/getAnonymousId/?initialUuid=d06ed635-68f6-4e9a-955c
Source: VoicemodSetup_2.8.0.4.exe, 00000005.00000003.687171442.0000000000B63000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.650194519.0000000003619000.00000004.00000001.sdmpString found in binary or memory: https://wsw.voicemod.net/api.windows/v2/windowsb2c/gotosurvey/uninstall/
Source: wget.exe, 00000002.00000002.253046104.0000000002BC0000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp, is-03V3U.tmp.8.drString found in binary or memory: https://www.digicert.com/CPS0
Source: is-TFQOM.tmp.8.dr, is-JCPQ4.tmp.8.dr, is-4AFKH.tmp.8.drString found in binary or memory: https://www.google.com/cloudprint#jobs
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/search?q=sound
Source: wget.exe, 00000002.00000003.252341350.0000000002BC8000.00000004.00000001.sdmpString found in binary or memory: https://www.voicemod.net/b2c/v2/VoicemodSetup_2.8.0.4.exe
Source: wget.exe, 00000002.00000002.252682013.0000000001095000.00000004.00000040.sdmpString found in binary or memory: https://www.voicemod.net/b2c/v2/VoicemodSetup_2.8.0.4.exeX7
Source: wget.exe, 00000002.00000002.252548505.00000000001D0000.00000004.00000020.sdmpString found in binary or memory: https://www.voicemod.net/downloadVoicemod.php
Source: wget.exe, 00000002.00000002.252677743.0000000001090000.00000004.00000040.sdmpString found in binary or memory: https://www.voicemod.net/downloadVoicemod.phpT7
Source: wget.exe, 00000002.00000002.252677743.0000000001090000.00000004.00000040.sdmpString found in binary or memory: https://www.voicemod.net/downloadVoicemod.phpX7
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: https://www.voicemod.net/privacy/
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: https://www.voicemod.net/privacy/nhttps://www.voicemod.net/voicemod-windows-terms-of-use/
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: https://www.voicemod.net/redirect.php
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: https://www.voicemod.net/support/?source=connection_problems
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: https://www.voicemod.net/voicemod-windows-sample-rate/
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpString found in binary or memory: https://www.voicemod.net/voicemod-windows-terms-of-use/
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpBinary or memory string: GetRawInputData
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\driver\is-T54JD.tmpJump to dropped file
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F8849D50: DeviceIoControl,GetLastError,GlobalAlloc,DeviceIoControl,GlobalFree,30_2_00007FF7F8849D50
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_004A0E28 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,5_2_004A0E28
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: 8_2_005EDCC4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,8_2_005EDCC4
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_004254D05_2_004254D0
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_0040ECB45_2_0040ECB4
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_00431F505_2_00431F50
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: 8_2_0041073E8_2_0041073E
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: 8_2_005C7C348_2_005C7C34
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: 8_2_00641D908_2_00641D90
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: 8_2_0040AFF48_2_0040AFF4
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F883114030_2_00007FF7F8831140
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F8833E5030_2_00007FF7F8833E50
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F88455F030_2_00007FF7F88455F0
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F883715030_2_00007FF7F8837150
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F884314030_2_00007FF7F8843140
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F883816030_2_00007FF7F8838160
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F8837AA030_2_00007FF7F8837AA0
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F883FEF030_2_00007FF7F883FEF0
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F883DB1030_2_00007FF7F883DB10
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F883971030_2_00007FF7F8839710
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F8835E7030_2_00007FF7F8835E70
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F884626030_2_00007FF7F8846260
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F8844E6030_2_00007FF7F8844E60
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F8845E6030_2_00007FF7F8845E60
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F883766030_2_00007FF7F8837660
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F8843F3030_2_00007FF7F8843F30
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F883BF2030_2_00007FF7F883BF20
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F8845B8030_2_00007FF7F8845B80
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F883C4B030_2_00007FF7F883C4B0
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F88354F030_2_00007FF7F88354F0
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F8836C2030_2_00007FF7F8836C20
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F884B05830_2_00007FF7F884B058
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F883F89030_2_00007FF7F883F890
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F883848030_2_00007FF7F8838480
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: String function: 00007FF7F8838D80 appears 41 times
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: String function: 005BCB7C appears 40 times
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: String function: 005F4704 appears 39 times
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: String function: 005EB6A0 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: String function: 005D2BC0 appears 60 times
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: String function: 005F4988 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: String function: 005D28DC appears 48 times
Source: VoicemodSetup_2.8.0.4.tmp.5.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: VoicemodSetup_2.8.0.4.tmp.5.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: VoicemodSetup_2.8.0.4.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: VoicemodSetup_2.8.0.4.tmp.5.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: VoicemodSetup_2.8.0.4.tmp.5.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Windows\System32\svchost.exeSection loaded: xboxlivetitleid.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cdpsgshims.dll
Source: C:\Program Files\Voicemod Desktop\is-03V3U.tmp, type: DROPPEDMatched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 2021-01-22, modified = 2021-01-25
Source: C:\Program Files\Voicemod Desktop\is-O72HK.tmp, type: DROPPEDMatched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 2021-01-22, modified = 2021-01-25
Source: C:\Program Files\Voicemod Desktop\is-UKQ25.tmp, type: DROPPEDMatched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 2021-01-22, modified = 2021-01-25
Source: C:\Program Files\Voicemod Desktop\is-RU7LS.tmp, type: DROPPEDMatched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 2021-01-22, modified = 2021-01-25
Source: C:\Program Files\Voicemod Desktop\is-0FCKT.tmp, type: DROPPEDMatched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 2021-01-22, modified = 2021-01-25
Source: 8.3.VoicemodSetup_2.8.0.4.tmp.4fdc9ec.2.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 2021-01-22, modified = 2021-01-25
Source: 8.3.VoicemodSetup_2.8.0.4.tmp.4fd1505.3.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 2021-01-22, modified = 2021-01-25
Source: 8.3.VoicemodSetup_2.8.0.4.tmp.4fc6025.1.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 2021-01-22, modified = 2021-01-25
Source: classification engineClassification label: sus39.evad.win@52/211@0/7
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F8844E60 memset,memset,waveInAddBuffer,waveOutPause,waveInGetErrorTextA,strncpy,waveOutGetErrorTextA,memset,waveOutWrite,ResetEvent,GetLastError,ResetEvent,GetLastError,ResetEvent,GetLastError,_beginthreadex,GetLastError,FormatMessageA,strncpy,LocalFree,waveOutGetErrorTextA,SetThreadPriority,GetLastError,waveInStart,waveOutRestart,waveInGetErrorTextA,waveOutGetErrorTextA,30_2_00007FF7F8844E60
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_004A0E28 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,5_2_004A0E28
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: 8_2_005EDCC4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,8_2_005EDCC4
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_0041A5FC GetDiskFreeSpaceW,5_2_0041A5FC
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: 8_2_006027B0 GetVersion,CoCreateInstance,8_2_006027B0
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_004A1700 FindResourceW,SizeofResource,LoadResource,LockResource,5_2_004A1700
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod DesktopJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\Desktop\cmdline.outJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4260:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5780:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5744:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5816:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5380:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1528:120:WilError_01
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpMutant created: \Sessions\1\BaseNamedObjects\Voicemod Desktop Setup
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6072:120:WilError_01
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeFile created: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\system32\cmd.exe' /C ''C:\Program Files\Voicemod Desktop\driver\setupDrv.bat''
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile read: C:\Program Files\desktop.iniJump to behavior
Source: C:\Windows\SysWOW64\wget.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: C:\Windows\SysWOW64\wget.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\wget.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\curl.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\curl.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS {0}({1} VARCHAR PRIMARY KEY , {2} BLOB, UNIQUE({2}));
Source: VoicemodSetup_2.8.0.4.exeString found in binary or memory: rting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file after having checked the co
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://www.voicemod.net/downloadVoicemod.php' > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://www.voicemod.net/downloadVoicemod.php'
Source: unknownProcess created: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exe 'C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exe'
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeProcess created: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp 'C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp' /SL5='$50230,66830058,819200,C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exe'
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k unistacksvcgroup
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess created: C:\Windows\System32\curl.exe 'C:\Windows\system32\curl.exe' -v https://wsw.voicemod.net/api.windows/v2/webutils/getAnonymousId/?initialUuid=d06ed635-68f6-4e9a-955c-4899f5f57b9a -o C:\Users\user\AppData\Local\Temp\is-LK17V.tmp\deviceId.txt
Source: C:\Windows\System32\curl.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\system32\cmd.exe' /C tasklist > C:\Users\user\AppData\Local\Temp\\tasklist_unins000.exe.txt
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\system32\cmd.exe' /C tasklist > C:\Users\user\AppData\Local\Temp\\tasklist_VoicemodDesktop.exe.txt
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe 'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess created: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe 'C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe' defaultdevices.txt
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\system32\cmd.exe' /C ''C:\Program Files\Voicemod Desktop\driver\setupDrv.bat''
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net stop audiosrv /y
Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop audiosrv /y
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net stop AudioEndpointBuilder /y
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://www.voicemod.net/downloadVoicemod.php' Jump to behavior
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeProcess created: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp 'C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp' /SL5='$50230,66830058,819200,C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess created: C:\Windows\System32\curl.exe 'C:\Windows\system32\curl.exe' -v https://wsw.voicemod.net/api.windows/v2/webutils/getAnonymousId/?initialUuid=d06ed635-68f6-4e9a-955c-4899f5f57b9a -o C:\Users\user\AppData\Local\Temp\is-LK17V.tmp\deviceId.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\system32\cmd.exe' /C tasklist > C:\Users\user\AppData\Local\Temp\\tasklist_unins000.exe.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\system32\cmd.exe' /C tasklist > C:\Users\user\AppData\Local\Temp\\tasklist_VoicemodDesktop.exe.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess created: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe 'C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe' defaultdevices.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\system32\cmd.exe' /C ''C:\Program Files\Voicemod Desktop\driver\setupDrv.bat''Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe 'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net stop audiosrv /y
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net stop AudioEndpointBuilder /y
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop audiosrv /y
Source: C:\Windows\System32\net.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpWindow found: window name: TSelectLanguageFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod DesktopJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\ResourcesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\Resources\DefaultSoundsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\driverJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\esJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\zhJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\ruJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\deJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\frJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\koJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\ptJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\x64Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\unins000.datJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-DQ7E3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-PVNDU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\driver\is-T54JD.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\driver\is-K00DV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\driver\is-MCLEV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\driver\is-TFO18.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\driver\is-37BUS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\driver\is-OGQU8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\driver\is-8K6JF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\driver\is-I9CMN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-PAE5B.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-J9C5K.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-93RRB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-C3ID6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-9NK0J.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-M9O4R.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-2L1AC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-COTNB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-GUSEB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-8NHGK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-CGC8A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-1KGRU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-6MAGC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-1QVHO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-MVP0S.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-0BHLO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-3QJCD.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-L144U.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-DP93Q.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-GJVJG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-90CC6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-0J1QU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-7J14T.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-O89NV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-H6OTH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-OI1OH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-2G6RS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-784PS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-3QOI3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-F8PMF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-KMV4G.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-96140.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-1RKVN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-51I1F.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-0VBUH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-9I0L2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-HGG02.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-GHBQA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-6BADM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-0HCVR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-JUHGV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-P86LN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-ANGPN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-5JDB3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-OGLK3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-5M6SE.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-7LCED.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-DISHG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-8VQF8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-6LRB8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-8TVRG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-1KV1T.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-ICEC6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-HB3IT.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-KE0KN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-4KOV0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-LOTOK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-17LO4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-QQLHQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-4C3VH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-KL16B.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-444JM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-OFKEI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-S95E9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-KABB2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-OU5IA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-M60AN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-N149V.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-RPN0I.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-JBMKO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-147A0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-4FV5C.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-NPL4I.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-TJ4FP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-PN0K5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-1L277.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-O5QOR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-POGC5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-0JAKV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-NSTA9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-2FF34.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-CFM6J.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-HH8S6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-17PTA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-SUPD6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-23IFS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-3G1TG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-6TH30.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-TLF4O.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-828CN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-DITGO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-NU1I6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-H21RJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-RU7LS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-O72HK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-SV5LI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-JKD7E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-PKIO4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-A2KVS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-N79BS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-23522.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-Q84K7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\localesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-8CJV9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-VL07T.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-BI396.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-T1MUS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-9TNNJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-43RGC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-P9LUJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-S580S.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-4AFKH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-7U002.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-7FD80.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-MC0MU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-3605R.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-LAS5M.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-IF9F6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-VJQHQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-0E0VA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-LAU41.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-4691S.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-HJ5MA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-TFQOM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-BG9HR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-KTMHR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-U2ET3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-4M5DM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-R4DPQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-R7MKQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-CA5IV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-2G5U2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-3ARQP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-ECM4I.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-J61OM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-E1CDJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-7GS7E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-6PNUQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-9DA2V.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-0AI41.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-1Q56H.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-G035B.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-DFPQJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-1RND3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-4QGIR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-7LGTS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-EO6S9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-TV1OH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-QCHR3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-D5QI5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-937OP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-JCPQ4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-KLC22.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-D57G0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-CRPKS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\locales\is-1O99J.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-F57UF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-SJR92.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-KC69A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-R5P2N.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-559R3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\Resources\DefaultSounds\is-V23J6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\Resources\DefaultSounds\44100Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\Resources\DefaultSounds\44100\is-GKA2Q.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\Resources\DefaultSounds\48000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\Resources\DefaultSounds\48000\is-9PF58.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\Resources\DefaultSounds\NAudioJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\Resources\DefaultSounds\NAudio\is-B27ML.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-R6681.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-UKQ25.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-0FCKT.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-03V3U.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-9IF5E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\is-UV9S2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDirectory created: C:\Program Files\Voicemod Desktop\unins000.msgJump to behavior
Source: C:\Windows\System32\cmd.exeDirectory created: C:\Program Files\Voicemod Desktop\driver\uninstalldriver.log
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8435A407-F778-4647-9CDB-46E5EC50BAD0}_is1Jump to behavior
Source: Binary string: /_/src/Microsoft.AspNetCore.Hosting.Server.Abstractions/obj/Release/netstandard2.0/Microsoft.AspNetCore.Hosting.Server.Abstractions.pdbSHA256 source: is-2G6RS.tmp.8.dr
Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Collections.Immutable\netstandard\System.Collections.Immutable.pdb source: is-1L277.tmp.8.dr
Source: Binary string: C:\projects\jsonsubtypes\JsonSubTypes\obj\Release\net47\JsonSubTypes.pdb source: is-DP93Q.tmp.8.dr
Source: Binary string: C:\projects\ably-dotnet\src\IO.Ably.NETFramework\bin\Release\packaged\IO.Ably.pdb$> source: is-3QJCD.tmp.8.dr
Source: Binary string: R:\GitlabRunner\builds\BGzmzA2o\0\desktop\voicemod-desktop\DriverCleaner\obj\Release\drivercleaner.pdb source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589804292.0000000005107000.00000004.00000001.sdmp, is-UV9S2.tmp.8.dr
Source: Binary string: C:\projects\ably-dotnet\src\IO.Ably.NETFramework\bin\Release\packaged\IO.Ably.pdb source: is-3QJCD.tmp.8.dr
Source: Binary string: d:\Projects\Voicemod\01\windowsvirtualaudiocable\source\simple\x64\Win8.1 Release\vmdrv.pdb source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp
Source: Binary string: /_/src/Microsoft.Net.Http.Headers/obj/Release/netstandard2.0/Microsoft.Net.Http.Headers.pdb source: is-QQLHQ.tmp.8.dr
Source: Binary string: C:\VoicemodProjects\vsteffects\VisualStudio\SaveDefaultDevices\SaveDefaultDevices\x64\Release\SaveDefaultDevices.pdb55 source: SaveDefaultDevices.exe, 0000001E.00000000.440631567.00007FF7F884C000.00000002.00020000.sdmp
Source: Binary string: C:\projects\nlogweb\src\NLog.Web.AspNetCore\obj\Any CPU\release\net461\NLog.Web.AspNetCore.pdbSHA256 source: is-M60AN.tmp.8.dr
Source: Binary string: /_/artifacts/obj/System.Threading.Channels/netstandard-Release/System.Threading.Channels.pdbSHA256f source: is-DITGO.tmp.8.dr
Source: Binary string: /_/src/Microsoft.AspNetCore.Http.Abstractions/obj/Release/netstandard2.0/Microsoft.AspNetCore.Http.Abstractions.pdb source: is-784PS.tmp.8.dr
Source: Binary string: /_/artifacts/obj/System.Threading.Channels/netstandard-Release/System.Threading.Channels.pdb source: is-DITGO.tmp.8.dr
Source: Binary string: d:\Projects\Voicemod\01\windowsvirtualaudiocable\source\simple\x64\Win8 Release\vmdrv.pdb source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp
Source: Binary string: C:\projects\nlogweb\src\NLog.Web.AspNetCore\obj\Any CPU\release\net461\NLog.Web.AspNetCore.pdb source: is-M60AN.tmp.8.dr
Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Collections.Immutable\netstandard\System.Collections.Immutable.pdbSHA256* source: is-1L277.tmp.8.dr
Source: Binary string: d:\Projects\Voicemod\01\windowsvirtualaudiocable\source\simple\x64\Win7 Release\vmdrv.pdb source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmp
Source: Binary string: /_/src/Microsoft.AspNetCore.Hosting.Server.Abstractions/obj/Release/netstandard2.0/Microsoft.AspNetCore.Hosting.Server.Abstractions.pdb source: is-2G6RS.tmp.8.dr
Source: Binary string: /_/src/Microsoft.Net.Http.Headers/obj/Release/netstandard2.0/Microsoft.Net.Http.Headers.pdbSHA256[ source: is-QQLHQ.tmp.8.dr
Source: Binary string: /_/src/Microsoft.AspNetCore.Http.Abstractions/obj/Release/netstandard2.0/Microsoft.AspNetCore.Http.Abstractions.pdbSHA256 source: is-784PS.tmp.8.dr
Source: Binary string: C:\projects\jsonsubtypes\JsonSubTypes\obj\Release\net47\JsonSubTypes.pdb5HOH AH_CorDllMainmscoree.dll source: is-DP93Q.tmp.8.dr
Source: Binary string: f:\mydev\inno-download-plugin\unicode\idp.pdb source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589555081.0000000004F70000.00000004.00000001.sdmp, idp.dll.8.dr
Source: Binary string: C:\VoicemodProjects\vsteffects\VisualStudio\SaveDefaultDevices\SaveDefaultDevices\x64\Release\SaveDefaultDevices.pdb source: SaveDefaultDevices.exe, 0000001E.00000000.440631567.00007FF7F884C000.00000002.00020000.sdmp
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F88345E0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GlobalAlloc,memset,CoInitialize,FormatMessageA,strncpy,LocalFree,GetCurrentThreadId,GetModuleHandleA,GetProcAddress,GetCurrentProcess,30_2_00007FF7F88345E0
Source: botva2.dll.8.drStatic PE information: real checksum: 0x0 should be: 0x178be
Source: VoicemodSetup_2.8.0.4.exe.2.drStatic PE information: real checksum: 0x4082bf9 should be:
Source: VoicemodSetup_2.8.0.4.exe.2.drStatic PE information: section name: .didata
Source: VoicemodSetup_2.8.0.4.tmp.5.drStatic PE information: section name: .didata
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_004A7000 push 004A70DEh; ret 5_2_004A70D6
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_004A7980 push 004A7A43h; ret 5_2_004A7A3B
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_0043007C push ecx; mov dword ptr [esp], eax5_2_0043007D
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_004990E0 push ecx; mov dword ptr [esp], edx5_2_004990E1
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_00456090 push ecx; mov dword ptr [esp], ecx5_2_00456094
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_00430094 push ecx; mov dword ptr [esp], eax5_2_00430095
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_00498144 push ecx; mov dword ptr [esp], edx5_2_00498145
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_0045A170 push ecx; mov dword ptr [esp], edx5_2_0045A171
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_00454110 push 00454166h; ret 5_2_0045415E
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_004251C8 push ecx; mov dword ptr [esp], eax5_2_004251CD
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_0041A1D4 push ecx; mov dword ptr [esp], ecx5_2_0041A1D8
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_00459264 push ecx; mov dword ptr [esp], edx5_2_00459265
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_00430214 push ecx; mov dword ptr [esp], eax5_2_00430215
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_00494224 push 00494303h; ret 5_2_004942FB
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_004223E4 push 004224E8h; ret 5_2_004224E0
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_00458384 push ecx; mov dword ptr [esp], edx5_2_00458385
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_00458394 push ecx; mov dword ptr [esp], edx5_2_00458395
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_004953B0 push ecx; mov dword ptr [esp], edx5_2_004953B1
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_00493454 push ecx; mov dword ptr [esp], edx5_2_00493457
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_00458468 push ecx; mov dword ptr [esp], ecx5_2_0045846C
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_00499474 push ecx; mov dword ptr [esp], edx5_2_00499475
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_00457424 push ecx; mov dword ptr [esp], eax5_2_00457426
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_004544B0 push ecx; mov dword ptr [esp], edx5_2_004544B1
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_0048D548 push ecx; mov dword ptr [esp], edx5_2_0048D54A
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_0045A524 push ecx; mov dword ptr [esp], edx5_2_0045A525
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_00429520 push ecx; mov dword ptr [esp], edx5_2_00429522
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_004595B8 push ecx; mov dword ptr [esp], edx5_2_004595B9
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_00498608 push ecx; mov dword ptr [esp], edx5_2_00498609
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_0041A6D8 push ecx; mov dword ptr [esp], ecx5_2_0041A6DB
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_00497750 push ecx; mov dword ptr [esp], edx5_2_00497751
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_00498760 push ecx; mov dword ptr [esp], edx5_2_00498761
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-L144U.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-GJVJG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-8NHGK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-H6OTH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-6LRB8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-5JDB3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-6TH30.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-PN0K5.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-CFM6J.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-51I1F.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-GUSEB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-DITGO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-90CC6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-ANGPN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-23IFS.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-O89NV.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-TJ4FP.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-NSTA9.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-0FCKT.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-8TVRG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-1KGRU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-CGC8A.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-OI1OH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-444JM.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-3QJCD.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-2G6RS.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-9IF5E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-J9C5K.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-1KV1T.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-828CN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-O72HK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-SV5LI.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\driver\is-I9CMN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-KL16B.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-POGC5.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-UV9S2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-LOTOK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-6BADM.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-DQ7E3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-HB3IT.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-KABB2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-784PS.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-MVP0S.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-COTNB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-4KOV0.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-RU7LS.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-RPN0I.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-0VBUH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-HH8S6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Users\user\AppData\Local\Temp\is-LK17V.tmp\botva2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-NU1I6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-TLF4O.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-9NK0J.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-2FF34.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-4C3VH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-F8PMF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-NPL4I.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-4FV5C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-17PTA.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-M60AN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-0BHLO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-M9O4R.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-KE0KN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-03V3U.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-N149V.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-SUPD6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-UKQ25.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-1QVHO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-6MAGC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-C3ID6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-OU5IA.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Users\user\AppData\Local\Temp\is-LK17V.tmp\idp.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-7LCED.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-1L277.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-93RRB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-P86LN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-ICEC6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\driver\is-TFO18.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-H21RJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-QQLHQ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-9I0L2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-2L1AC.tmpJump to dropped file
Source: C:\Windows\SysWOW64\wget.exeFile created: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-OFKEI.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-3G1TG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-OGLK3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-8VQF8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-S95E9.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-96140.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-JKD7E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-147A0.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-0HCVR.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-0JAKV.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-HGG02.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-PAE5B.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-5M6SE.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-7J14T.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\driver\is-37BUS.tmpJump to dropped file
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeFile created: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-O5QOR.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-KMV4G.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-GHBQA.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-0J1QU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-JUHGV.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\driver\is-MCLEV.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-DP93Q.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-DISHG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Users\user\AppData\Local\Temp\is-LK17V.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-1RKVN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-JBMKO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-17LO4.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Program Files\Voicemod Desktop\is-3QOI3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\Users\user\AppData\Local\Temp\Setup Log 2021-03-23 #001.txtJump to behavior
Source: C:\Windows\System32\cmd.exeFile created: C:\Program Files\Voicemod Desktop\driver\uninstalldriver.log
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoicemodJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voicemod\Voicemod.lnkJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net stop audiosrv /y
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run VoicemodJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run VoicemodJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: 8_2_006310CC IsIconic,GetWindowLongW,GetWindowLongW,GetActiveWindow,SetActiveWindow,8_2_006310CC
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: 8_2_005A5C70 IsIconic,GetWindowLongW,GetWindowLongW,GetActiveWindow,MessageBoxW,SetActiveWindow,8_2_005A5C70
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F883BF20 SetupDiGetClassDevsA,SetupDiEnumDeviceInterfaces,SetupDiGetDeviceInterfaceAlias,SetupDiGetDeviceInterfaceAlias,SetupDiEnumDeviceInterfaces,GlobalAlloc,SetupDiDestroyDeviceInfoList,SetupDiEnumDeviceInterfaces,SetupDiGetDeviceInterfaceAlias,SetupDiGetDeviceInterfaceAlias,SetupDiGetDeviceInterfaceAlias,SetupDiGetDeviceInterfaceDetailW,memset,GetVersionExA,_wcsnicmp,SetupDiGetDeviceRegistryPropertyW,_wcsnicmp,SetupDiOpenDeviceInterfaceRegKey,RegQueryValueExW,RegCloseKey,iswctype,iswctype,iswctype,memmove,SetupDiEnumDeviceInterfaces,SetupDiDestroyDeviceInfoList,30_2_00007FF7F883BF20
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-L144U.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-GJVJG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-8NHGK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-H6OTH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-6LRB8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-5JDB3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-6TH30.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-PN0K5.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-CFM6J.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-51I1F.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-GUSEB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-DITGO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-90CC6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-ANGPN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-23IFS.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-O89NV.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-0FCKT.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-TJ4FP.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-NSTA9.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-8TVRG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-1KGRU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-CGC8A.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-OI1OH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-444JM.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-3QJCD.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-2G6RS.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-9IF5E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-J9C5K.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-O72HK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-828CN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-1KV1T.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-SV5LI.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\driver\is-I9CMN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-UV9S2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-KL16B.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-POGC5.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-LOTOK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-6BADM.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-HB3IT.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-KABB2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-DQ7E3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-784PS.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-MVP0S.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-COTNB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-4KOV0.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-RU7LS.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-RPN0I.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-HH8S6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-0VBUH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-LK17V.tmp\botva2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-NU1I6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-TLF4O.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-9NK0J.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-2FF34.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-4C3VH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-NPL4I.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-F8PMF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-17PTA.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-4FV5C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-M60AN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-0BHLO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-M9O4R.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-KE0KN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-03V3U.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-UKQ25.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-N149V.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-SUPD6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-1QVHO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-6MAGC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-C3ID6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-OU5IA.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-7LCED.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-1L277.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-93RRB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-ICEC6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-P86LN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\driver\is-TFO18.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-H21RJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-QQLHQ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-9I0L2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-2L1AC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-OFKEI.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-3G1TG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-OGLK3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-8VQF8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-S95E9.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-96140.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-JKD7E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-147A0.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-0HCVR.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-0JAKV.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-HGG02.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-PAE5B.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-5M6SE.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-7J14T.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-O5QOR.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-KMV4G.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-GHBQA.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-0J1QU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-JUHGV.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\driver\is-MCLEV.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-DP93Q.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-DISHG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-LK17V.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-1RKVN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-JBMKO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-17LO4.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpDropped PE file which has not been started: C:\Program Files\Voicemod Desktop\is-3QOI3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_8-25868
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeAPI coverage: 5.8 %
Source: C:\Windows\System32\svchost.exe TID: 5344Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\System32\conhost.exe TID: 1392Thread sleep count: 36 > 30
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\net1.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_0040B268 FindFirstFileW,FindClose,5_2_0040B268
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_0040AC9C GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,5_2_0040AC9C
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: 8_2_0040CBFC FindFirstFileW,FindClose,8_2_0040CBFC
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: 8_2_005EAC28 FindFirstFileW,GetLastError,8_2_005EAC28
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: 8_2_006432DC FindFirstFileW,SetFileAttributesW,FindNextFileW,FindClose,8_2_006432DC
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: 8_2_0040C630 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,8_2_0040C630
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_004A162C GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,5_2_004A162C
Source: VoicemodSetup_2.8.0.4.exe, 00000005.00000002.693464822.00000000023E0000.00000002.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000002.656623433.00000000025C0000.00000002.00000001.sdmp, svchost.exe, 0000000A.00000002.1360004889.000002138C340000.00000002.00000001.sdmp, tasklist.exe, 00000013.00000002.307290787.00000217A2270000.00000002.00000001.sdmp, tasklist.exe, 00000016.00000002.313486848.0000021B141A0000.00000002.00000001.sdmp, svchost.exe, 00000025.00000002.466279881.0000018960A60000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpBinary or memory string: _7jZsQFsYlqTynoyHgfScG7LDtxt
Source: svchost.exe, 00000006.00000002.602569936.000001E936062000.00000004.00000001.sdmpBinary or memory string: @Hyper-V RAW
Source: svchost.exe, 00000006.00000002.602557795.000001E93604C000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
Source: svchost.exe, 00000007.00000002.1356995212.000001A538202000.00000004.00000001.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcDsSvcfhsvcWPDBusEnumsvsvcwlansvcEmbeddedModeirmonSensorServicevmicvssNgcSvcsysmainDevQueryBrokerStorSvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionNcbServiceNetmanDeviceAssociationServiceTabletInputServicePcaSvcIPxlatCfgSvcCscServiceUmRdpService
Source: VoicemodSetup_2.8.0.4.exe, 00000005.00000002.693464822.00000000023E0000.00000002.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000002.656623433.00000000025C0000.00000002.00000001.sdmp, svchost.exe, 0000000A.00000002.1360004889.000002138C340000.00000002.00000001.sdmp, tasklist.exe, 00000013.00000002.307290787.00000217A2270000.00000002.00000001.sdmp, tasklist.exe, 00000016.00000002.313486848.0000021B141A0000.00000002.00000001.sdmp, svchost.exe, 00000025.00000002.466279881.0000018960A60000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: VoicemodSetup_2.8.0.4.exe, 00000005.00000002.693464822.00000000023E0000.00000002.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000002.656623433.00000000025C0000.00000002.00000001.sdmp, svchost.exe, 0000000A.00000002.1360004889.000002138C340000.00000002.00000001.sdmp, tasklist.exe, 00000013.00000002.307290787.00000217A2270000.00000002.00000001.sdmp, tasklist.exe, 00000016.00000002.313486848.0000021B141A0000.00000002.00000001.sdmp, svchost.exe, 00000025.00000002.466279881.0000018960A60000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.650940839.00000000009FE000.00000004.00000001.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}xeq
Source: svchost.exe, 00000006.00000002.601898228.000001E930829000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW`C
Source: svchost.exe, 00000007.00000002.1357109321.000001A538228000.00000004.00000001.sdmp, svchost.exe, 0000000A.00000002.1357537294.000002138B63E000.00000004.00000001.sdmp, svchost.exe, 0000000B.00000002.933306472.000002209842A000.00000004.00000001.sdmp, curl.exe, 0000000F.00000003.298457740.000001BE33ECF000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: VoicemodSetup_2.8.0.4.exe, 00000005.00000002.693464822.00000000023E0000.00000002.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000002.656623433.00000000025C0000.00000002.00000001.sdmp, svchost.exe, 0000000A.00000002.1360004889.000002138C340000.00000002.00000001.sdmp, tasklist.exe, 00000013.00000002.307290787.00000217A2270000.00000002.00000001.sdmp, tasklist.exe, 00000016.00000002.313486848.0000021B141A0000.00000002.00000001.sdmp, svchost.exe, 00000025.00000002.466279881.0000018960A60000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F884ADF8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,30_2_00007FF7F884ADF8
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F88345E0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GlobalAlloc,memset,CoInitialize,FormatMessageA,strncpy,LocalFree,GetCurrentThreadId,GetModuleHandleA,GetProcAddress,GetCurrentProcess,30_2_00007FF7F88345E0
Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F884A594 SetUnhandledExceptionFilter,_set_new_mode,30_2_00007FF7F884A594
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F884ADF8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,30_2_00007FF7F884ADF8
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F884AF98 SetUnhandledExceptionFilter,30_2_00007FF7F884AF98
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F884A740 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,30_2_00007FF7F884A740
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: 8_2_00630904 ShellExecuteExW,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,8_2_00630904
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net stop audiosrv /y
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net stop AudioEndpointBuilder /y
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop audiosrv /y
Source: C:\Windows\System32\net.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: 8_2_005A56F8 InitializeSecurityDescriptor,SetSecurityDescriptorDacl,8_2_005A56F8
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: 8_2_005A489C AllocateAndInitializeSid,GetVersion,GetModuleHandleW,CheckTokenMembership,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,EqualSid,CloseHandle,FreeSid,8_2_005A489C
Source: svchost.exe, 00000009.00000002.1358931427.00000177B9790000.00000002.00000001.sdmpBinary or memory string: Program Manager
Source: svchost.exe, 00000009.00000002.1358931427.00000177B9790000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: svchost.exe, 00000009.00000002.1358931427.00000177B9790000.00000002.00000001.sdmpBinary or memory string: Progman
Source: svchost.exe, 00000009.00000002.1358931427.00000177B9790000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_00405AC0 cpuid 5_2_00405AC0
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,5_2_0040B3B8
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: GetLocaleInfoW,5_2_0041E154
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: GetLocaleInfoW,5_2_0041E1A0
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,5_2_0040A840
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: GetLocaleInfoW,5_2_004A0F30
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: GetUserDefaultUILanguage,GetLocaleInfoW,8_2_0040CD4C
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,8_2_0040C1D4
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: GetLocaleInfoW,8_2_005EE9D4
Source: C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exeCode function: 30_2_00007FF7F883BF20 SetupDiGetClassDevsA,SetupDiEnumDeviceInterfaces,SetupDiGetDeviceInterfaceAlias,SetupDiGetDeviceInterfaceAlias,SetupDiEnumDeviceInterfaces,GlobalAlloc,SetupDiDestroyDeviceInfoList,SetupDiEnumDeviceInterfaces,SetupDiGetDeviceInterfaceAlias,SetupDiGetDeviceInterfaceAlias,SetupDiGetDeviceInterfaceAlias,SetupDiGetDeviceInterfaceDetailW,memset,GetVersionExA,_wcsnicmp,SetupDiGetDeviceRegistryPropertyW,_wcsnicmp,SetupDiOpenDeviceInterfaceRegKey,RegQueryValueExW,RegCloseKey,iswctype,iswctype,iswctype,memmove,SetupDiEnumDeviceInterfaces,SetupDiDestroyDeviceInfoList,30_2_00007FF7F883BF20
Source: C:\Windows\SysWOW64\wget.exeQueries volume information: C:\Users\user\Desktop\download VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-LK17V.tmp\bg-top.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-LK17V.tmp\bg-inner.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-LK17V.tmp\bg-inner.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-LK17V.tmp\bg-bottom.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-LK17V.tmp\buttons.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmpCode function: 8_2_0060DBC8 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeW,GetLastError,CreateFileW,SetNamedPipeHandleState,CreateProcessW,CloseHandle,CloseHandle,8_2_0060DBC8
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_0041C4F8 GetLocalTime,5_2_0041C4F8
Source: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exeCode function: 5_2_004A7114 GetModuleHandleW,GetVersion,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetProcessDEPPolicy,5_2_004A7114
Source: C:\Windows\SysWOW64\wget.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Lowering of HIPS / PFW / Operating System Security Settings:

barindex
Changes security center settings (notifications, updates, antivirus, firewall)Show sources
Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval
Source: svchost.exe, 0000000E.00000002.1357777455.0000017E28A3D000.00000004.00000001.sdmpBinary or memory string: (@V%ProgramFiles%\Windows Defender\MsMpeng.exe
Source: svchost.exe, 0000000E.00000002.1357949331.0000017E28B02000.00000004.00000001.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: svchost.exe, 0000000E.00000002.1357646919.0000017E28A13000.00000004.00000001.sdmpBinary or memory string: \MsMpeng.exe
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : FirewallProduct
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiSpywareProduct

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management Instrumentation11DLL Side-Loading1Exploitation for Privilege Escalation1Disable or Modify Tools1Input Capture11System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
Default AccountsScripting1Windows Service11DLL Side-Loading1Deobfuscate/Decode Files or Information1LSASS MemoryFile and Directory Discovery2Remote Desktop ProtocolInput Capture11Exfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsNative API2Registry Run Keys / Startup Folder11Access Token Manipulation1Scripting1Security Account ManagerSystem Information Discovery57SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsCommand and Scripting Interpreter2Logon Script (Mac)Windows Service11Obfuscated Files or Information2NTDSQuery Registry2Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsService Execution1Network Logon ScriptProcess Injection13DLL Side-Loading1LSA SecretsSecurity Software Discovery51SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRegistry Run Keys / Startup Folder11Masquerading13Cached Domain CredentialsVirtualization/Sandbox Evasion3VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsVirtualization/Sandbox Evasion3DCSyncProcess Discovery3Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobAccess Token Manipulation1Proc FilesystemApplication Window Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection13/etc/passwd and /etc/shadowSystem Owner/User Discovery2Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingRemote System Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 373949 URL: https://www.voicemod.net/do... Startdate: 23/03/2021 Architecture: WINDOWS Score: 39 8 VoicemodSetup_2.8.0.4.exe 2 2->8         started        12 svchost.exe 2->12         started        15 cmd.exe 2 2->15         started        17 8 other processes 2->17 dnsIp3 72 2.8.0.4 FranceTelecom-OrangeFR France 8->72 70 C:\Users\user\...\VoicemodSetup_2.8.0.4.tmp, PE32 8->70 dropped 19 VoicemodSetup_2.8.0.4.tmp 38 227 8->19         started        86 Changes security center settings (notifications, updates, antivirus, firewall) 12->86 22 MpCmdRun.exe 12->22         started        24 wget.exe 2 15->24         started        27 conhost.exe 15->27         started        74 95.100.54.203 AKAMAI-ASUS European Union 17->74 76 127.0.0.1 unknown unknown 17->76 78 192.168.2.1 unknown unknown 17->78 file4 signatures5 process6 dnsIp7 60 C:\Users\user\AppData\Local\Temp\...\idp.dll, PE32 19->60 dropped 62 C:\Users\user\AppData\Local\...\botva2.dll, PE32 19->62 dropped 64 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 19->64 dropped 68 107 other files (none is malicious) 19->68 dropped 29 cmd.exe 19->29         started        31 curl.exe 19->31         started        34 cmd.exe 19->34         started        38 2 other processes 19->38 36 conhost.exe 22->36         started        80 8.8.8.8 GOOGLEUS United States 24->80 82 104.22.65.102 CLOUDFLARENETUS United States 24->82 66 C:\Users\user\...\VoicemodSetup_2.8.0.4.exe, PE32 24->66 dropped file8 process9 dnsIp10 40 net.exe 29->40         started        42 conhost.exe 29->42         started        44 net.exe 29->44         started        84 18.132.143.45 AMAZON-02US United States 31->84 46 conhost.exe 31->46         started        48 conhost.exe 34->48         started        50 tasklist.exe 34->50         started        52 conhost.exe 38->52         started        54 tasklist.exe 38->54         started        56 conhost.exe 38->56         started        process11 process12 58 net1.exe 40->58         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://www.voicemod.net/downloadVoicemod.php0%VirustotalBrowse
https://www.voicemod.net/downloadVoicemod.php0%Avira URL Cloudsafe

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\Voicemod Desktop\driver\is-37BUS.tmp0%MetadefenderBrowse
C:\Program Files\Voicemod Desktop\driver\is-37BUS.tmp3%ReversingLabs
C:\Program Files\Voicemod Desktop\driver\is-I9CMN.tmp0%MetadefenderBrowse
C:\Program Files\Voicemod Desktop\driver\is-I9CMN.tmp0%ReversingLabs
C:\Program Files\Voicemod Desktop\driver\is-MCLEV.tmp0%ReversingLabs
C:\Program Files\Voicemod Desktop\driver\is-TFO18.tmp0%MetadefenderBrowse
C:\Program Files\Voicemod Desktop\driver\is-TFO18.tmp0%ReversingLabs
C:\Program Files\Voicemod Desktop\is-03V3U.tmp2%ReversingLabs
C:\Program Files\Voicemod Desktop\is-0BHLO.tmp0%ReversingLabs
C:\Program Files\Voicemod Desktop\is-0FCKT.tmp2%ReversingLabs
C:\Program Files\Voicemod Desktop\is-0HCVR.tmp0%MetadefenderBrowse
C:\Program Files\Voicemod Desktop\is-0HCVR.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://internet-up.ably-realtime.com/is-the-internet-up.txteCannot0%Avira URL Cloudsafe
https://discord.gg/voicemodevm.$store.dispatch(0%Avira URL Cloudsafe
https://iris-int-api.voicemod.dev/api/v1/auth0%Avira URL Cloudsafe
http://r3.i.lencr.org/00%URL Reputationsafe
http://r3.i.lencr.org/00%URL Reputationsafe
http://r3.i.lencr.org/00%URL Reputationsafe
http://r3.o.lencr.org00%URL Reputationsafe
http://r3.o.lencr.org00%URL Reputationsafe
http://r3.o.lencr.org00%URL Reputationsafe
http://www.graphical-installer.com/0%Avira URL Cloudsafe
http://r3.o.lencr.on0%Avira URL Cloudsafe
http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
http://www.innosetup.com/0%URL Reputationsafe
http://www.innosetup.com/0%URL Reputationsafe
http://www.innosetup.com/0%URL Reputationsafe
https://internet-up.ably-realtime.com/is-the-internet-up.txt0%Avira URL Cloudsafe
http://cps.letsencrypt.org00%URL Reputationsafe
http://cps.letsencrypt.org00%URL Reputationsafe
http://cps.letsencrypt.org00%URL Reputationsafe
https://%s.xboxlive.com0%URL Reputationsafe
https://%s.xboxlive.com0%URL Reputationsafe
https://%s.xboxlive.com0%URL Reputationsafe
http://james.newtonking.com/projects/json0%URL Reputationsafe
http://james.newtonking.com/projects/json0%URL Reputationsafe
http://james.newtonking.com/projects/json0%URL Reputationsafe
http://www.dk-soft.org/0%URL Reputationsafe
http://www.dk-soft.org/0%URL Reputationsafe
http://www.dk-soft.org/0%URL Reputationsafe
http://www.voicemod.net.http://www.voicemod.net.http://www.voicemod.net0%Avira URL Cloudsafe
https://dynamic.t0%URL Reputationsafe
https://dynamic.t0%URL Reputationsafe
https://dynamic.t0%URL Reputationsafe
http://crl4.digicert.coU0%Avira URL Cloudsafe
http://www.remobjects.com/ps0%URL Reputationsafe
http://www.remobjects.com/ps0%URL Reputationsafe
http://www.remobjects.com/ps0%URL Reputationsafe
http://mitrichsoftware.wordpress.comB0%Avira URL Cloudsafe
http://schemas.xmlsoap0%Avira URL Cloudsafe
http://ocsp.digicert.c&Q0%Avira URL Cloudsafe
https://%s.dnet.xboxlive.com0%URL Reputationsafe
https://%s.dnet.xboxlive.com0%URL Reputationsafe
https://%s.dnet.xboxlive.com0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://github.com/statianzo/Fleckis-03V3U.tmp.8.drfalse
    		high
    https://github.com/aspnet/HttpAbstractions/tree/91db78cf926939821bc96e8e60616cf5dde0b489is-QQLHQ.tmp.8.drfalse
      		high
      https://dev.ditu.live.com/REST/v1/Routes/svchost.exe, 0000000C.00000002.313074368.000002961CA3D000.00000004.00000001.sdmpfalse
        		high
        https://dev.virtualearth.net/REST/v1/Routes/Drivingsvchost.exe, 0000000C.00000003.312531286.000002961CA60000.00000004.00000001.sdmpfalse
          		high
          https://twitter.com/intent/tweet?text=VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpfalse
            		high
            https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashxsvchost.exe, 0000000C.00000002.313074368.000002961CA3D000.00000004.00000001.sdmpfalse
              		high
              http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUVoicemodSetup_2.8.0.4.exe, 00000005.00000000.281664877.0000000000401000.00000020.00020000.sdmpfalse
                		high
                https://t0.tiles.ditu.live.com/tiles/gensvchost.exe, 0000000C.00000003.312503364.000002961CA49000.00000004.00000001.sdmpfalse
                  		high
                  https://help.ably.io/error/is-3QJCD.tmp.8.drfalse
                    		high
                    https://internet-up.ably-realtime.com/is-the-internet-up.txteCannotis-3QJCD.tmp.8.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://dev.virtualearth.net/REST/v1/Routes/Walkingsvchost.exe, 0000000C.00000003.312531286.000002961CA60000.00000004.00000001.sdmpfalse
                      		high
                      https://discord.gg/voicemodevm.$store.dispatch(VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://nlog-project.org/is-M60AN.tmp.8.drfalse
                        		high
                        https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=svchost.exe, 0000000C.00000003.312585853.000002961CA40000.00000004.00000001.sdmpfalse
                          		high
                          https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbfis-1L277.tmp.8.drfalse
                            		high
                            https://download.voicemod.net/static/icons-rebrand/VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpfalse
                              		high
                              https://iris-int-api.voicemod.dev/api/v1/authVoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://wsw.voicemod.net/api.windows/v2/windowsb2c/gotosurvey/uninstall/VoicemodSetup_2.8.0.4.exe, 00000005.00000003.687171442.0000000000B63000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.650194519.0000000003619000.00000004.00000001.sdmpfalse
                                		high
                                https://dev.ditu.live.com/mapcontrol/logging.ashxsvchost.exe, 0000000C.00000003.312531286.000002961CA60000.00000004.00000001.sdmpfalse
                                  		high
                                  http://r3.i.lencr.org/0curl.exe, 0000000F.00000003.298432583.000001BE33F1A000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  https://dev.ditu.live.com/REST/v1/Imagery/Copyright/svchost.exe, 0000000C.00000003.312560290.000002961CA5A000.00000004.00000001.sdmpfalse
                                    		high
                                    https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=svchost.exe, 0000000C.00000003.290726622.000002961CA32000.00000004.00000001.sdmpfalse
                                      		high
                                      https://dev.virtualearth.net/REST/v1/Transit/Schedules/svchost.exe, 0000000C.00000003.312585853.000002961CA40000.00000004.00000001.sdmpfalse
                                        		high
                                        https://www.voicemod.net/downloadVoicemod.phpwget.exe, 00000002.00000002.252548505.00000000001D0000.00000004.00000020.sdmpfalse
                                          		high
                                          http://www.voicemod.netVoicemodSetup_2.8.0.4.exe, 00000005.00000003.687282777.0000000000BE3000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.650490655.0000000002594000.00000004.00000001.sdmpfalse
                                            		high
                                            https://www.voicemod.net/voicemod-windows-sample-rate/VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpfalse
                                              		high
                                              http://r3.o.lencr.org0curl.exe, 0000000F.00000003.298348965.000001BE33F2C000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.graphical-installer.com/VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000000.285919151.0000000000401000.00000020.00020000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://appexmapsappupdate.blob.core.windows.netsvchost.exe, 0000000C.00000003.312531286.000002961CA60000.00000004.00000001.sdmpfalse
                                                		high
                                                http://bitbucket.org/mitrich_k/inno-download-pluginVoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589555081.0000000004F70000.00000004.00000001.sdmp, idp.dll.8.drfalse
                                                  		high
                                                  http://r3.o.lencr.oncurl.exe, 0000000F.00000003.298432583.000001BE33F1A000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.bingmapsportal.comsvchost.exe, 0000000C.00000002.313013366.000002961CA13000.00000004.00000001.sdmpfalse
                                                    		high
                                                    https://github.com/dotnet/corefx/tree/02b11eeee1fbc5f3ef43a1452fe07efd25fa17158is-6TH30.tmp.8.drfalse
                                                      		high
                                                      https://help.ably.io/error/40171is-3QJCD.tmp.8.drfalse
                                                        		high
                                                        https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/svchost.exe, 0000000C.00000002.313074368.000002961CA3D000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://cps.root-x1.letsencrypt.org0curl.exe, 0000000F.00000003.298432583.000001BE33F1A000.00000004.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://bit.ly/2J5jwtiVoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://aka.ms/vs/16/release/VC_redist.x64.exeVoicemodSetup_2.8.0.4.exe, 00000005.00000003.687171442.0000000000B63000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.650194519.0000000003619000.00000004.00000001.sdmpfalse
                                                              		high
                                                              https://www.voicemod.net/support/?source=connection_problemsVoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://www.innosetup.com/VoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000000.285919151.0000000000401000.00000020.00020000.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashxsvchost.exe, 0000000C.00000003.312531286.000002961CA60000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  http://bit.ly/2PO8Qj0VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    https://internet-up.ably-realtime.com/is-the-internet-up.txtis-3QJCD.tmp.8.drfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://wsw.voicemod.net/api.windows/v2/webutils/getAnonymousId/?initialUuid=VoicemodSetup_2.8.0.4.exe, 00000005.00000003.687171442.0000000000B63000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.650194519.0000000003619000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      https://s2s.mparticle.com/v2/eventsVoicemodSetup_2.8.0.4.exe, 00000005.00000003.687171442.0000000000B63000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.650194519.0000000003619000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=svchost.exe, 0000000C.00000003.312585853.000002961CA40000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          http://cps.letsencrypt.org0curl.exe, 0000000F.00000003.298432583.000001BE33F1A000.00000004.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://www.voicemod.net/downloadVoicemod.phpT7wget.exe, 00000002.00000002.252677743.0000000001090000.00000004.00000040.sdmpfalse
                                                                            		high
                                                                            https://dev.virtualearth.net/REST/v1/Routes/svchost.exe, 0000000C.00000002.313074368.000002961CA3D000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              https://www.voicemod.net/downloadVoicemod.phpX7wget.exe, 00000002.00000002.252677743.0000000001090000.00000004.00000040.sdmpfalse
                                                                                		high
                                                                                https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=svchost.exe, 0000000C.00000003.312585853.000002961CA40000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineVoicemodSetup_2.8.0.4.exefalse
                                                                                    		high
                                                                                    https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?svchost.exe, 0000000C.00000003.312585853.000002961CA40000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.313137827.000002961CA5C000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      https://s2s.mparticle.com/v21Segment.LoggerHandlers:VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8is-1L277.tmp.8.drfalse
                                                                                          		high
                                                                                          https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=svchost.exe, 0000000C.00000002.313074368.000002961CA3D000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.313013366.000002961CA13000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            https://%s.xboxlive.comsvchost.exe, 0000000A.00000002.1357537294.000002138B63E000.00000004.00000001.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            		low
                                                                                            https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=svchost.exe, 0000000C.00000003.312503364.000002961CA49000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=svchost.exe, 0000000C.00000003.290726622.000002961CA32000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://dev.virtualearth.net/mapcontrol/logging.ashxsvchost.exe, 0000000C.00000003.312531286.000002961CA60000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://james.newtonking.com/projects/jsonis-3QJCD.tmp.8.drfalse
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  http://www.newtonsoft.com/jsonschemais-3QJCD.tmp.8.drfalse
                                                                                                    		high
                                                                                                    https://download.voicemod.net/b2c/netframeworks/NetFramework472.exeVoicemodSetup_2.8.0.4.exe, 00000005.00000003.687171442.0000000000B63000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.650194519.0000000003619000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.dk-soft.org/VoicemodSetup_2.8.0.4.exe, 00000005.00000003.687141506.0000000000B25000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.286963749.00000000034E0000.00000004.00000001.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      • URL Reputation: safe
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://www.voicemod.net.http://www.voicemod.net.http://www.voicemod.netVoicemodSetup_2.8.0.4.exe, 00000005.00000003.282427644.0000000002600000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.286963749.00000000034E0000.00000004.00000001.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=svchost.exe, 0000000C.00000002.313137827.000002961CA5C000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        https://github.com/aspnet/Hosting/tree/0724e6cde1149ee1a19bfec9c13a2c9327b71213is-2G6RS.tmp.8.drfalse
                                                                                                          		high
                                                                                                          https://aka.ms/vs/16/release/VC_redist.x86.exeVoicemodSetup_2.8.0.4.exe, 00000005.00000003.687171442.0000000000B63000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.650194519.0000000003619000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.voicemod.net/b2c/v2/VoicemodSetup_2.8.0.4.exeX7wget.exe, 00000002.00000002.252682013.0000000001095000.00000004.00000040.sdmpfalse
                                                                                                              		high
                                                                                                              http://bit.ly/2PO8Qj0SFREEVoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                https://dynamic.tsvchost.exe, 0000000C.00000003.312503364.000002961CA49000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.312560290.000002961CA5A000.00000004.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://dev.virtualearth.net/REST/v1/Routes/Transitsvchost.exe, 0000000C.00000003.312531286.000002961CA60000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://wsw.voicemod.net/api.windows/v2/webutils/getAnonymousId/?initialUuid=d06ed635-68f6-4e9a-955ccurl.exe, 0000000F.00000002.298629897.000001BE33EC0000.00000004.00000020.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://crl4.digicert.coUwget.exe, 00000002.00000003.252286440.0000000002B84000.00000004.00000001.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://t0.ssl.ak.tiles.virtualearth.net/tiles/gensvchost.exe, 0000000C.00000002.313061524.000002961CA3B000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=svchost.exe, 0000000C.00000002.313137827.000002961CA5C000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.remobjects.com/psVoicemodSetup_2.8.0.4.exe, 00000005.00000003.282735374.0000000002740000.00000004.00000001.sdmp, VoicemodSetup_2.8.0.4.tmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://www.voicemod.net/privacy/VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://bit.ly/2PO8Qj0RFREEVoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://www.voicemod.net/b2c/v2/VoicemodSetup_2.8.0.4.exewget.exe, 00000002.00000003.252341350.0000000002BC8000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.voicemod.net/voicemod-windows-terms-of-use/VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://activity.windows.comsvchost.exe, 0000000A.00000002.1357537294.000002138B63E000.00000004.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://dev.ditu.live.com/REST/v1/Locationssvchost.exe, 0000000C.00000003.312531286.000002961CA60000.00000004.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://mitrichsoftware.wordpress.comBVoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589555081.0000000004F70000.00000004.00000001.sdmp, idp.dll.8.drfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://www.voicemod.net/privacy/nhttps://www.voicemod.net/voicemod-windows-terms-of-use/VoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.voicemod.net/redirect.phpVoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoapsvchost.exe, 00000006.00000003.600973843.000001E9308AE000.00000004.00000001.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        https://twitter.com/intent/tweet?text=5InputVoicemodSetup_2.8.0.4.tmp, 00000008.00000003.589585367.0000000004FBC000.00000004.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://ocsp.digicert.c&Qwget.exe, 00000002.00000003.252341350.0000000002BC8000.00000004.00000001.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		low
                                                                                                                                          https://%s.dnet.xboxlive.comsvchost.exe, 0000000A.00000002.1357537294.000002138B63E000.00000004.00000001.sdmpfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		low
                                                                                                                                          https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=svchost.exe, 0000000C.00000003.312560290.000002961CA5A000.00000004.00000001.sdmpfalse
                                                                                                                                            		high

                                                                                                                                            Contacted IPs

                                                                                                                                            • No. of IPs < 25%
                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                            • 75% < No. of IPs

                                                                                                                                            Public

                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                            8.8.8.8
                                                                                                                                            		unknownUnited States
                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                            18.132.143.45
                                                                                                                                            		unknownUnited States
                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                            2.8.0.4
                                                                                                                                            		unknownFrance
                                                                                                                                            		3215FranceTelecom-OrangeFRfalse
                                                                                                                                            95.100.54.203
                                                                                                                                            		unknownEuropean Union
                                                                                                                                            		16625AKAMAI-ASUSfalse
                                                                                                                                            104.22.65.102
                                                                                                                                            		unknownUnited States
                                                                                                                                            		13335CLOUDFLARENETUSfalse

                                                                                                                                            Private

                                                                                                                                            IP
                                                                                                                                            192.168.2.1
                                                                                                                                            127.0.0.1

                                                                                                                                            General Information

                                                                                                                                            Joe Sandbox Version:31.0.0 Emerald
                                                                                                                                            Analysis ID:373949
                                                                                                                                            Start date:23.03.2021
                                                                                                                                            Start time:13:51:52
                                                                                                                                            Joe Sandbox Product:CloudBasic
                                                                                                                                            Overall analysis duration:0h 17m 20s
                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                            Report type:full
                                                                                                                                            Cookbook file name:urldownload.jbs
                                                                                                                                            Sample URL:https://www.voicemod.net/downloadVoicemod.php
                                                                                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                            Number of analysed new started processes analysed:40
                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                            Technologies:
                                                                                                                                            • HCA enabled
                                                                                                                                            • EGA enabled
                                                                                                                                            • HDC enabled
                                                                                                                                            • AMSI enabled
                                                                                                                                            Analysis Mode:default
                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                            Detection:SUS
                                                                                                                                            Classification:sus39.evad.win@52/211@0/7
                                                                                                                                            EGA Information:
                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                            HDC Information:
                                                                                                                                            • Successful, ratio: 30.7% (good quality ratio 26.4%)
                                                                                                                                            • Quality average: 66.6%
                                                                                                                                            • Quality standard deviation: 34.4%
                                                                                                                                            HCA Information:Failed
                                                                                                                                            Cookbook Comments:
                                                                                                                                            • Adjust boot time
                                                                                                                                            • Enable AMSI
                                                                                                                                            Warnings:
                                                                                                                                            Show All
                                                                                                                                            • Exclude process from analysis (whitelisted): taskhostw.exe, audiodg.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, backgroundTaskHost.exe
                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                            Simulations

                                                                                                                                            Behavior and APIs

                                                                                                                                            TimeTypeDescription
                                                                                                                                            13:53:06API Interceptor3x Sleep call for process: svchost.exe modified
                                                                                                                                            13:54:25API Interceptor1x Sleep call for process: MpCmdRun.exe modified
                                                                                                                                            13:54:34AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Voicemod "C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"
                                                                                                                                            13:54:43AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Voicemod "C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"

                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                            IPs

                                                                                                                                            No context

                                                                                                                                            Domains

                                                                                                                                            No context

                                                                                                                                            ASN

                                                                                                                                            No context

                                                                                                                                            JA3 Fingerprints

                                                                                                                                            No context

                                                                                                                                            Dropped Files

                                                                                                                                            No context

                                                                                                                                            Created / dropped Files

                                                                                                                                            C:\Program Files\Voicemod Desktop\Resources\DefaultSounds\44100\is-GKA2Q.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):132
                                                                                                                                            Entropy (8bit):6.015799895791654
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Ey01tlNmbEREH/WakBhHl12kDHaI2saVNj4Z5NuwEM4y:bwRE2hHvdDHqsaVR4Z5NuvM4y
                                                                                                                                            MD5:D0B135A7AFBC8738115955D1D3989600
                                                                                                                                            SHA1:254742BA1E4DB09A48B97E7BB02074B1B49C50DB
                                                                                                                                            SHA-256:6CF61BE36F04A4770C406EF405AF3AF1421A591598AF66B90D5465A72C4DB6E3
                                                                                                                                            SHA-512:2A66023DB878B643FF362860830AA23F9DBB8E1720F8E737636284D1874B2500480A727F21B525880AE69E123408137E7E54163E44A532643DB00E698B31444F
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: RIFF|...WAVEfmt ........D....X......dataX.....A.....C......b......x.....O.~.(.8....o.....{...B".&@).+.,f-.,.+_)Z&w".... .....
                                                                                                                                            C:\Program Files\Voicemod Desktop\Resources\DefaultSounds\48000\is-9PF58.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 48000 Hz
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):140
                                                                                                                                            Entropy (8bit):6.040104015043219
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:eb1mlSkH1lBEREFtIbKRCxlD+382DxVzIq+hP+a/j1HCyTcWUAjECUE1Wn:eQlSkH1lyREWFJI82DTzI+a/lvZeZn
                                                                                                                                            MD5:0A5FEA5B0BB86177D677B25574EF0818
                                                                                                                                            SHA1:2CFA1E1D703AE5CE65F85A7FAFDCFCF7549F1AFF
                                                                                                                                            SHA-256:58CD4155FE2D9D24B35A78D820E8840AE0F7AA6BEA7F6DAF8F7A88758D9DC553
                                                                                                                                            SHA-512:61291B0FDB6DFA53C5D95115A8BD1CA0F0AE7B3DB1CD875F06307B0C5ECA80827327F1F2128B03DA4ECF9D99FF0CCC6BC95AF5002B1344A82B853656C4AAE63B
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: RIFF....WAVEfmt .............w......data`...../.r.....V.._..........f.p.........n.............g.9.. m$.'-*.,.-f-.,.+.).&t#p...........
                                                                                                                                            C:\Program Files\Voicemod Desktop\Resources\DefaultSounds\NAudio\is-B27ML.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):9876
                                                                                                                                            Entropy (8bit):7.904705564344183
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:dlFiuUIdYDQqQ9p9hbWnWolsh0Vn3Iwq+m0CoGnxsBKN3ZYTepje8:EShL9pynT3IEm0Co6xswNZY6pn
                                                                                                                                            MD5:7CB6D0965066C8A5A8D22C13687191A9
                                                                                                                                            SHA1:358A069E177E08FDAB3AFD58DAF78AA354E9237C
                                                                                                                                            SHA-256:AD0393DE011F68587E6CFD1B57C8999473E36D6A4D6919CD2CA04E636B677826
                                                                                                                                            SHA-512:32AA2F21DDB91DCDED3E81A6881B40DD1671A7495F04C5925C66ECC6450BEC75BCFB175CD13998EB469AE0C24963A53948D41F4696894C21E71C61274A3057F0
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: %., V(-Oikl8zS.R7.ZouR.4..LrT.]..?.aCr6G..7AACgB-8kfKsV*.N&..kzSccSbZouR.H..LlUe.G.Mq!............e=.$HD<dkl862..fZt]E|.IVpMlUz2dp./".6s.h.V7"v_l.zDW{CvFD-...Z. bf%.(..!k;%'Ll.e2@.NK'.. .E_u.X.{..$...?G.1}%0....B.. .4]..3qM,Ue.%.B...z..pxo..dZJ..._3g.ClGH.|zrr.s.j{.0k&..V.dH..THZ.{.*..|oQ.d&...e$....GH.H.2..ej.F.~f..}.C.6QX..s...^.....R.7..'3e.ClGH.Hy2..e..B.3....wt.A..%.L.Kzz).uqSTA.gB..B..[\:7.ck.8zC#2G.+s..R..mFdX<7dpWaiCr........ft.O?.V.....G..V..O.PJu.XN1fq.=Y Cpw^l8FrREUM.y..?.'....^...kk.8zWccCV.<I..=.%............[..(l.$ZoOtJj&KsF.D).m..yJe!.4[o}RN.w.}...1pV!aC...[.>.x.....d...o7........Z........._....<>.y.X...._.>.x..e.6..a.o.>....k.Z..D......_..i....;.X..:.<..|.x..1.v..8.o....p.i.Z........_..#....`.X....|..D.x..b.+.fKwVj=.....r...s$K.o`.8..}eO.&.......Mp.F..doOtJjfIs."..}9$..G1+r.N..s.a..d...xN....q....w.m.]...d]GB.:nd.>k.f.;8.c..../<..../....k#.$7EuE7E.E~&.."G.g4.....f.....bZOu.Nyfq..I.#y.G|.Ro.TH..].RB.?j;tf.d...,>.]...:..........0...S<.38.&+. ..R..&>..{
                                                                                                                                            C:\Program Files\Voicemod Desktop\Resources\DefaultSounds\is-V23J6.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):363654
                                                                                                                                            Entropy (8bit):5.670138777127283
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:NJDVlfGKVTGCmwLf7LcySCsc7VKihkV2vGtjZoqy8MS/WLIWO+c:3fVaCmwPQc7VW2vcnM7
                                                                                                                                            MD5:12E55AAC37F87EDEF2170B2A31705192
                                                                                                                                            SHA1:1B4046D7EAB6E099A5A4A66FF21C9037F7C8C41A
                                                                                                                                            SHA-256:ABA6A119EB33020018085234D6BAE8A10D4109E8C1AE8475DEBE496112443DAE
                                                                                                                                            SHA-512:649842727FC69DCE74E1FE2E606C1D7B21B4DC9F3616452B40D67E9A85E2C4A0B0D25BBE68C7EE3BF19B3EB38E7B266CF0AA43391DD51D019E2AC72ED846AEE9
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: RIFF~...WAVEJUNK\...............................................................................................bextZ...................................................................................................................................................................................................................................................................Pro Tools.......................auQFNJQkg8Rk....................2021-02-1718:54:30............+4..............*..~.._O..a.,...............................................................................................................................................................................................................................fmt (.......D...................................minf....0.%.U...........elm1..........................................................................................................................................................................................................
                                                                                                                                            C:\Program Files\Voicemod Desktop\driver\is-37BUS.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):153032
                                                                                                                                            Entropy (8bit):6.30001405172427
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:BJjPqDhLB86VjnZLc2zRXGNG09i+zWism0Tsxvg+2YcTMgn3ap:XjP6S6pnZYCSG8Ymwsxvy/6
                                                                                                                                            MD5:CE0E059D4365C22F6F8CC1CE04FF5418
                                                                                                                                            SHA1:09EFF27E69A3E4D3CC8BEF9E93FE6AE7E20447C8
                                                                                                                                            SHA-256:663E5B184648639CBCF353DDAEEC6688ABE323DBCCF8DE8FC8D2683F5E1A99CB
                                                                                                                                            SHA-512:C8C9FF1FCB172BDBF90D598B2CF0C5F0DAB31132B8633540A162EC0C299861D64F36BB805DA7DCA5B4A4AC96C74FC420303235CBC780F09A2C2AAD5B7DE724FF
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................................................................z..........Rich...................PE..d...n..[..........".................,..........@....................................k.....`.................................................$...T....`.......@..\....8.......p..,... ...p...............................................X............................text...4........................... ..`.rdata...m.......n..................@..@.data........0......................@....pdata..\....@....... ..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                            C:\Program Files\Voicemod Desktop\driver\is-8K6JF.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1419
                                                                                                                                            Entropy (8bit):5.065709004820863
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:a4jRBtoII2RcvglireXZYTBZbQxRvBDDOilS4xjvBDDOOrgrIOEBxboyAKEIX:7toRJWrXZYIxRJxltxjJrw0Ag
                                                                                                                                            MD5:A6261C36B1EB262F18C98E520966C329
                                                                                                                                            SHA1:BE1F1A0BDCC2F26BC41599B257F2B4C95A1A87A1
                                                                                                                                            SHA-256:D0CDBDB5BE2BE15F77861B6E08AA553D9E8580C224EF0F63E55064F415FC16F0
                                                                                                                                            SHA-512:06DA998B9778148E15065B67EA6FFADD6DF7BABF6B1B435368E6C7B6E91D3506D3C3498140CD8B950E207D97C78A899E567B4FBF462D07F7AD473A878EA45FEC
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: @echo off....set LOGFILE=uninstalldriver.log..set /A "index=0"..set /A "count=15"....:loop..REM START BY FINDING THE OEM INF FILE..setlocal EnableDelayedExpansion..SET OEM_FILE=..set oemdata="voicemodcon.exe dp_enum"..FOR /F "eol=. tokens=*" %%a IN ( '%oemdata%' ) DO (.. set line=%%a.. set ourline=!line:Voicemod=!.. if not !line!==!ourline! (.. SET OEM_FILE=!prev_line!.. ).. SET prev_line=%%a..)..echo Installed OEM file found as: !OEM_FILE! >>%LOGFILE%..setlocal DisableDelayedExpansion....IF "%OEM_FILE%" == "" (.. echo Could not locate OEM file installed. No INF to remove. >>%LOGFILE%.. goto :success..)....REM REMOVE THE DEVICE..voicemodcon.exe remove *VMDriver..if NOT %errorlevel% == 0 (.. echo Can not remove Virtual device, error %errorlevel% >>%LOGFILE%.. exit /b %errorlevel%..)..echo Virtual device successfully uninstalled from the system >>%LOGFILE%....voicemodcon.exe dp_delete %OEM_FILE%..if NOT %errorlevel% == 0 (.. echo Can not delete the in
                                                                                                                                            C:\Program Files\Voicemod Desktop\driver\is-I9CMN.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):211472
                                                                                                                                            Entropy (8bit):5.852225136153371
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:20oq7iBRYSvSnGKkV3r/kUx9yESWVIyF4DLUxtX1XW2:20pSWTE7/kUxlXxB1B
                                                                                                                                            MD5:AFC1465481D73483AF98D1E78419FF02
                                                                                                                                            SHA1:7FDEA1D99110007A5E560EA7B43BA0DEC735F908
                                                                                                                                            SHA-256:98EA0AA12CF1A2B0B7337BCDB6FEF41CA35F83248E29B6072FB15F3C180232B4
                                                                                                                                            SHA-512:6B4C9142298A91F65338CE68EDD66ACEB1A3E7A5EF4D87969064CF49828CFBF8BFB3E0A226FD13BDDB933D49D7ACA9FD0A9F6CD048505CF5BA2ABD4B871B93EC
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................*..................................:...5......5............5......Rich....................PE..d....N._.........."......r..........@z.........@....................................'.....`..................................................:..x............................p..........................................8............................................text....q.......r.................. ..`.rdata..............v..............@..@.data...` ...P.......2..............@....pdata...............@..............@..@_RDATA...............X..............@..@.rsrc................Z..............@..@.reloc.......p......................@..B................................................................................................................................................................................................
                                                                                                                                            C:\Program Files\Voicemod Desktop\driver\is-K00DV.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4665
                                                                                                                                            Entropy (8bit):5.543048080369521
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:Mq4dTjH+HG52dquPPl4yjr2KQ5MFgWCrI1v:Mq4tKHG5pWPl4yjr2K284I1v
                                                                                                                                            MD5:B9B68DDAD77911E85697AF02B6E311B5
                                                                                                                                            SHA1:999C26F4E20FD29ABB0404C9B5BFAD4FB2664D2D
                                                                                                                                            SHA-256:F853D5B0A5DD5CBE1DA2FFAAE285080019F9E60CF4E4AB7D9810F5BE40F362F1
                                                                                                                                            SHA-512:40E0307E787C8498FFC0922D190973B1634621BBEFC2A89FEAAD1B4D68797F9E55C1CF55E5112A0A8D13EE37FA2ED18A33248C95E4298471E2F7CB3F6359C874
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: [Version]..Signature="$CHICAGO$"..Class=MEDIA..Provider=%VOICEMOD%..ClassGUID={4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 09/25/2020,2020.09.25.0..CatalogFile=vmdrv.cat....[SourceDisksNames]..222="Voicemod Driver Disk","",222....[SourceDisksFiles]..vmdrv.sys=222....;;This syntax is only recognized on Windows XP and above- it is needed to install 64-bit drivers on..;;Windows Server 2003 Service Pack 1 and above.....[Manufacturer]..%MfgName%=VoicemodDeviceSection,NTAMD64,NTIA64....;; For Windows Server 2003 Service Pack 1 and above, a 64-bit OS will not install a driver..;; unless the Manufacturer and Models Sections explicitly show it is a driver for that platform..;; But the individual model section decorations (or lack thereof) work as they always have...;; All of the model sections referred to are undecorated or NT-decorated, hence work on all platforms....[VoicemodDeviceSection]..%VOICEMOD_Driver.DeviceDesc%=VOICEMOD_Driver,*VMDriver....;; This section enables installing
                                                                                                                                            C:\Program Files\Voicemod Desktop\driver\is-MCLEV.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):48136
                                                                                                                                            Entropy (8bit):6.436544604348145
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:BzQVK9V2/1j3gGNo+W20t0P/ERwr2kXjNUf2h6p33JWlJB:BsVKK3g+pWztScRwpZUf5t+JB
                                                                                                                                            MD5:0E625B7A7C3F75524E307B160F8DB337
                                                                                                                                            SHA1:5088C71A740EF7C4156DCAA31E543052FE226E1C
                                                                                                                                            SHA-256:D884CA8CC4EF1826CA3AB03EB3C2D8F356BA25F2D20DB0A7D9FC251C565BE7F3
                                                                                                                                            SHA-512:0AD805D11413DCC9D3C549B94A3644FC9C9CAA23F0A661C9AEF41C1E6F8D91DE784817668FF4F34B3F50D738AA8097B2A0EE38DE078ED97F5C17635533E9E165
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........F.O...O...O...'...O...'...O...O...O...'...O...'...O..?>...O..?>Y..O..?>...O..Rich.O..........................PE..d.....m_.........."......L...*......@..........@.....................................x....`A....................................................<.......`....`..@....z...B......|....9..8............................:...............0..H............................text...)........................... ..h.rdata.......0......................@..H.data...$....P.......,..............@....pdata..@....`.......4..............@..HPAGE.........p...0...:.............. ..`INIT.................j.............. ..b.rsrc...`............r..............@..B.reloc..|............x..............@..B................................................................................................................................................................................
                                                                                                                                            C:\Program Files\Voicemod Desktop\driver\is-OGQU8.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):230
                                                                                                                                            Entropy (8bit):4.48509312892077
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:hEq/gWufl1rZPW0d4S7w/gWufl1rZPWIxg86188v0jW7D:Cq4JNdx9dnU4JNdxbX5jWf
                                                                                                                                            MD5:E6BDF4EDACA31D8F5F5D8FAB141E1BF4
                                                                                                                                            SHA1:B67C41D0170C246A2B01DD2E6B280C147E98419E
                                                                                                                                            SHA-256:9387039A0BE348BE9D99989C6F60DED8760C76C5316692DC880B486859AE792D
                                                                                                                                            SHA-512:F3B62C78982E7C7AB0D9C04DB18642F43E289CDA8BACF454DF5749B1371D444BB44F57F65931F39A8075C491CB88E3C96B83A3C3A271EB67A9F427C649787C8D
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: @echo off....net stop audiosrv /y..net stop AudioEndpointBuilder /y..call uninstalldriver.bat..net start audiosrv..net stop audiosrv /y..net stop AudioEndpointBuilder /y..voicemodcon install vmdrv.inf *VMDriver..net start audiosrv
                                                                                                                                            C:\Program Files\Voicemod Desktop\driver\is-T54JD.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10670
                                                                                                                                            Entropy (8bit):7.231879249638515
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:gODjg1yuCJCApnp5UEwQl/WGhYCUoqVT/gqnajKs8ByAkF:cCr1pzlnh3/q1IlGs8Byb
                                                                                                                                            MD5:46BB11132E5800C97B9D2C1DF6E6FE88
                                                                                                                                            SHA1:83A6CB8F90CE3A805609EAA3472EE480AC30A8B2
                                                                                                                                            SHA-256:6BFCC755FFEDAEFBD2AA94988DBFC2492A185EC1621CCB2DB9194D1F83DF5CCF
                                                                                                                                            SHA-512:FD3DE31CF8025E933C8A4966938AB4B59FB9ADCA41B009C0EF0129BF5297BF4A64E5D4BDE662F2AEC62CCB3C05BC10C309196C73355CBD409AB4B1F6BA86AD08
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: 0.)...*.H........).0.)....1.0...`.H.e......0.....+.....7......0...0...+.....7......:;..q.E...x.....200928072902Z0...+.....7.....0..?0.......C...Us.H...an.*..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........v.m.d.r.v...s.y.s...0.... W..-.,..T...rU...._.D.....~1.!..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........v.m.d.r.v...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... W..-.,..T...rU...._.D.....~1.!..0......&..........O.fM-1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........v.m.d.r.v...i.n.f...0... .S...\..............}....@.b.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........v.m.d.r.v...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .S...\..............}....@.b..{0..w0....+.....7......0.....S.u.
                                                                                                                                            C:\Program Files\Voicemod Desktop\driver\is-TFO18.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14280
                                                                                                                                            Entropy (8bit):6.297803026088888
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:S5hp3Epg6ybShKTB68ghscpx3FGgmZM8Bd1ieSnsuasnZHiNeV:SS/zhKTwThpTtmZJcPnhim
                                                                                                                                            MD5:68011879FEF2DE307BEDF76F2BBAF3C8
                                                                                                                                            SHA1:A471802C6F6CB92A94464E1723596484AF88A333
                                                                                                                                            SHA-256:A977D8674F841281192FB30A5175C9FD35FDA0FDBB4104954706A5046A39ABC2
                                                                                                                                            SHA-512:F3DF4C05F7F850E9B0F0AF60AAD0A555D011318EC2B6D83BD0BABF432AD26A42221B48AF5DCEEA898359CC82F826B701842ABF7292B88A476BC35D37228BF8C6
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....m.[.........."...0.................. .....@..... .......................`............`...@......@............... ...............................@..............................l................................................................ ..H............text........ ...................... ..`.rsrc........@......................@..@........................................H........ ...............-...............................................0..!.......(....r...p(.....&..~......(....&*..(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*.~....*..(....*Vs....(....t.........*...BSJB............v4.0.30319......l.......#~..........#Strings........p...#US.|.......#GUID.......H...#Blob...........W=.........3..................................................................................1.......................p.....................d.......
                                                                                                                                            C:\Program Files\Voicemod Desktop\driver\uninstalldriver.log
                                                                                                                                            Process:C:\Windows\System32\cmd.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):99
                                                                                                                                            Entropy (8bit):4.357771178488567
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:q8BF3w1FwvpdE5zM7WqOBLxyy8gdv:q8BF3+Fad6M7WqOBL/dv
                                                                                                                                            MD5:83AE47F13547A419F2082B17E536018A
                                                                                                                                            SHA1:FFE0073EB1744E726952C721A656E55E9FD5F602
                                                                                                                                            SHA-256:A1C974F0C4224D903E5EC718FCBAAE5C21065E7DAB7AB996C1F4CDD03CCD2BBB
                                                                                                                                            SHA-512:F8B32491DAAA1594F81D099F901C85DDDCFA617C4F1C6C54F11F4A62EC56954A0C74B68C81FBD5265D0D44B97A78120F39895A051F1DAF75FDB41F3CCB4362D6
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: Installed OEM file found as: ..Could not locate OEM file installed. No INF to remove. ..Success ..
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-03V3U.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):83088
                                                                                                                                            Entropy (8bit):7.251887937703857
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:ohk6tKfYMT5co1Qgnb2Az8jt/0GJDRJJlAtRAQRd6ZF:4bcwMeo1pbn8jt/fhjJKtRZr67
                                                                                                                                            MD5:532E1919F0A23BBB8B634B8CADAA664A
                                                                                                                                            SHA1:8E56B5C54784AB4ED038C606EBDDDE4C3A17DA16
                                                                                                                                            SHA-256:03C4B766A844CA448ACEC5BB2284910EBB531C33C47339758F123D11DBE0205B
                                                                                                                                            SHA-512:ED8D316A77F2B96845744ABB92C9961ABCEF6B8AFC01038575696A63F64E9C679555149E99B095194DDBAC4BC5FD9FCB146C5C48DBF3973D7FB0C9301B928AF2
                                                                                                                                            Malicious:false
                                                                                                                                            Yara Hits:
                                                                                                                                            • Rule: SUSP_NET_NAME_ConfuserEx, Description: Detects ConfuserEx packed file, Source: C:\Program Files\Voicemod Desktop\is-03V3U.tmp, Author: Arnim Rupp
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...%............." ..0.............................. ...............................F....`...@......@............... ...............................`..h............(..................................................................................H...........lH.b'#sQ.... ......................@....text...P........................... ..`.rsrc...h....`......."..............@..@..."jwP...iAy..E\....p.."..^..Z.....h.h+....(..=-....+.3y...*`...!.?../y.u<X...+..X|.}.......P.P2w......e.8..b.p.Fi.~#.: ....:..^l.....*4...5G.=z..q>.}..%.._.d2?......:9....,..X.{.m.....a...,..>..I].u......<8kq.^.?4.....|..iR..d9Ha.P.<..#.w.*...+.....J.rF.-.^,....8L..T.....@[\......./..+.`A...N..!#.l.O.("SE....e...UQ.|...c`...}....}b.r...N......S:.b...g*mW...O.0o`.....0G..._.k$m...cU|..R.h;..<..[..E../.,P.D8{..|...,.r...\TmaDa....%[..'..D.F[:#.....C.9k.t.j.t...|
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-0BHLO.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14848
                                                                                                                                            Entropy (8bit):4.908285436836514
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:dwCWsRDAO9UWsnnsX0TrYcC33Vd8fOi5vsY1t79LiTCXkqnfyuDQjX:dqsO6unskTcbls7n7zXIuDQjX
                                                                                                                                            MD5:D2AAE953BAC26399D1B5429B11482C8D
                                                                                                                                            SHA1:8E2CAC3573BB91529D01C07C5FE14D00409EE46A
                                                                                                                                            SHA-256:B398B42DD01E8C5E1C88CC9B73D81165FE0DE610D225E66D56AEA7F160CEBEB7
                                                                                                                                            SHA-512:6FF38852A54DCDC7A45CA2AF67DBFCCB7D24FF8A953549BED2E8A28DDCE9BDBB37E3278956B4A1C848E753F22DBE83D15C4C8E14E55394583D1CA5D22A769C89
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a$............" ..0..0..........&O... ...`....... ....................................@..................................N..O....`..P............................M..T............................................ ............... ..H............text...,/... ...0.................. ..`.rsrc...P....`.......2..............@..@.reloc...............8..............@..B.................O......H.......H/...............................................................0..A........u....,..u....*.u....,..u........(....-.(.....o....*.*r...ps....z....0..(........u......u......-..,....(....,...Q.*..Q.*.0............Q..(....Q....&.....*..................:.(......}....*..{....*F(.....{....o....*..(....*....0..c........{....-.rq..ps....z.{.....(....,...{....s....z.(....-.r...ps....z.{.....(.......o....}......}.....*..0..J........s......s.....s........(%....o....s........,..o.
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-0FCKT.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):20438672
                                                                                                                                            Entropy (8bit):6.485453032015043
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:393216:VMMiLKo9w55K6QaRXFKqUxgr4h4AfzRs:VMMMKo9w5s6QaRXFKqUxgr4h4AfzRs
                                                                                                                                            MD5:F1A7AF1281C3AF19D569800DB6EC27C2
                                                                                                                                            SHA1:DBEE9F639C51F42BCDBA50E5E32017A450AD8149
                                                                                                                                            SHA-256:7FB93ED25B7F8E4AD2D13C0409BD3CD8587144D8518B3DED2DE7FB2025D1E732
                                                                                                                                            SHA-512:B32EA1ABF07518462C834B48CCD5D5A94FADF2B5FF057F98C8E5EA95729ABC820B917A0B175685516A70666435208A34672E44D0A1BD7153F203565CC7AD240B
                                                                                                                                            Malicious:false
                                                                                                                                            Yara Hits:
                                                                                                                                            • Rule: SUSP_NET_NAME_ConfuserEx, Description: Detects ConfuserEx packed file, Source: C:\Program Files\Voicemod Desktop\is-0FCKT.tmp, Author: Arnim Rupp
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ..0...7..............@........... ....................... 8.......8...`...@......@............... ................................8...............7..............................................................................@..H...........R.\.{ct>..... ......................@....text....7..@....7................. ..`.rsrc.........8.......7.............@..@%.;s.n}'...Lti..rr.x..1........q..lD":<.xz...Q...5&...MtQ.>.k.].J.[N..t/..+....R.L=L....&O.>'..j..+....,....V..U?.<(.6...Z.%X.........y.!.sY$M$.7L.......f..'./.z.....]..:.k...l.d.y@Bm,.............:.:...=u.?d.:%...z.......)>.b........1}....*x(j....3....+F...U@ ......[.oi<I`..<s..}.I.?........4...}..XD._..).G[.[N?/...:..YH..8.K.t.*iUq...d._7...,g...@...<-U._..8..^.A.:%....}H..5o...U..quD.{........p2.V......{.]h..]`.. .....x..l~h..gW..kv.c..]:h....!u.Lr....a&
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-0HCVR.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):20544
                                                                                                                                            Entropy (8bit):6.39336708356651
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:0aEsyjAb8TG/ZvozRjz6r5c3JABzWSPTWC4c4HRN7+eRl3t3MmW:0b/Q4JApaB+eKJ
                                                                                                                                            MD5:D8E064AD8F2419F204723CF7CAA7AB0B
                                                                                                                                            SHA1:F19F20D758DAE8563FC4914C737E06F1292F58E2
                                                                                                                                            SHA-256:32CCDB2AB4348F195D247F920D1432C0CBB1CC5FD548FEC8EE562C438AA48849
                                                                                                                                            SHA-512:B2ED620BC914433435E655F7A1C956735F959C3E8C60A182D96AB0A59A54C81FFA0C52214D88C6E48CA82E198AD7E9FCB603D6DC017EC64399FCF40D3178C341
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............." ..0.. ...........>... ...@....... ....................................@.................................k>..O....@...............,..@$...`......\=..T............................................ ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......*..............@..B.................>......H.......T#.......................<.......................................0..........(...+..,...o...........o....*v.-..*.r...po....%-.&.*.o....*"..(....*Z..s ...%.}....%.}....*n.-..*.o....-..o....(...+*.*j.-.r%..ps....z~.....( ...*j.-.r%..ps....z~.....(!...*....0..'........("...,..*.~.....o#...........Xo$...*.*..0..&........("...,..*.~.....o#...........o%...*.*.r?..p.....*f.(&.....}.....('...}....*.*...0..&........{......,...;.....*..}.....s(...}.....{.....{....o)....{....u...
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-0J1QU.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5425152
                                                                                                                                            Entropy (8bit):6.382612746624141
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:2FqVP2tu+u/mjMWSPew+sG5DwsX+Kkd0CFr2ArMqs/vCJNXHDOlBAVMCsikqsvBg:Vetu+u/mBS2YeE9S0ClWIEHVeEMuZB
                                                                                                                                            MD5:650F0CA837D2888F5A95B28F97E66EB4
                                                                                                                                            SHA1:45E431B7710A7127AAE84518043F7367000C3590
                                                                                                                                            SHA-256:BA84A1212FA74523C33D4314481FACEDB0CCF7155F75C579CD4F7239DD15CCE1
                                                                                                                                            SHA-512:E4638C083539622D7F48C22A9F15673C705FAAE700945E6B7A7C970B522D6E93B2B3C9AE16CCAA0F071606788CD2330BE0799C7E60D7BEFCB921D9884F4059D9
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....\.........." ......9.........l.6......................................@T...........`.........................................H.K.....`M.......S.8.... Q..9............S......K......................oK.(... }J..............fM..............................text.....9.......9................. ..`.rdata........9.......9.............@..@.data.........N.......M.............@....pdata...9... Q..:....O.............@..@.00cfg.......`S.......R.............@..@.gfids.......pS.......R.............@..@.tls..........S......"R.............@....rsrc...8.....S......$R.............@..@.reloc.......S......*R.............@..B................................................................................................................................................................................................................................................................
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-0JAKV.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):184832
                                                                                                                                            Entropy (8bit):5.782811892983185
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:RBJjiZi/XR43K75s0n2VDbNt0hhPW+a8E+IMGphOYkgcyabl6KP8cM:lNh7r21v+Ir+I1P5cdZ6KP8cM
                                                                                                                                            MD5:2E268316CD22B6C4CBB0C100BF33FAE5
                                                                                                                                            SHA1:4EBA1285B4EDECBE19E364E3A727EFBDB2D50FBB
                                                                                                                                            SHA-256:674264FB49BBDC6A4BF8AE0800A763FA69C88BD69331B3A914D6C8A2CADEA3A7
                                                                                                                                            SHA-512:AD3FE7E7DD7E06965A025C692D0A1D293C2C12FAFA6A04B02237A4DDAEF8BF2CABE61DB6F6DEDFBEBB99538953006E2F7971AFDA6544A6C187D0C6F56E2AC6D3
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......\.........." ..0.................. ........... .......................@............`.................................T...O.......X.................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...X...........................@..@.reloc....... ......................@..B........................H.......................,W..p............................................0..,.......~....s .......o!......r...pso.....r...po"...&.o#...o$....o%....o&...&...r/..po"...&.o'...o(....+A.o)...t.....,...+..r9..po"...&%o*....o%....r?..po"...&o+....o%....o....-....,..o......,*.........os........o,...o"...&.rG..po"...&.o&...&.rQ..po"...&.o-....o%....r_..po....&....o!....(......op...Q.o/...*......_.M........0..n.......~....s ...%..rc..pso....%r...po"...&.o#...o$....o%...%o&...&%rQ..po"
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-0VBUH.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14712
                                                                                                                                            Entropy (8bit):6.5741296890372825
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:B+ZeWlfJaMf8zWcKZWBIWv14UgLaDyuHnhWgN7aMWd37jjT6iBTqnajCABz:MMyJaMf8zWcKZWNc4HRN7q3TTXZlOABz
                                                                                                                                            MD5:BC2E1A4E2A3F6470DE251DBB7CD15CB6
                                                                                                                                            SHA1:812831C17B12050E27B62910C4590B3CDE53CD54
                                                                                                                                            SHA-256:13362E6DB86D31B2B2804C30BE7C0F6251D348A75D15DAE139962AEFCBD620FF
                                                                                                                                            SHA-512:9772F6ACA0BAF88A18C4F8E614F2AE201E2686772286EC6F3E089180AD2A9A29C752391C092A8843173CFCD4D7A42E1D8406C95C15EBC642FFA877F887DD27A8
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l..........." ..0..............+... ...@....... ..............................E.....@..................................*..O....@..,...............x#...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...,....@......................@..@.reloc.......`......................@..B.................*......H.......P ......................<)......................................BSJB............v4.0.30319......l.......#~..H...`...#Strings............#US.........#GUID.......0...#Blob......................3......................................I.........T.............................U.w.....w.....w.....w...7.w.....w.....w...t.w.....w...o...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.7...+.M...+.....+.
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-147A0.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15360
                                                                                                                                            Entropy (8bit):5.336492713104374
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:yytOS5SA4GcnpKSnAQ8Rbhi2M5rRBjqui2FyF+7Mc:pweSARcnpfn7ICS2Q
                                                                                                                                            MD5:561EFE0138724711494B17135D5BCEE4
                                                                                                                                            SHA1:C24DA46D49D4D50F2270A622E147F47D84A5A53B
                                                                                                                                            SHA-256:79C94A0B195A16757F9CA0AE268D3B35159B652EEDF94A37417B3618C412CED0
                                                                                                                                            SHA-512:98DCC6036BFD554C6778A3E323DE99FBF15AFD4C43EE067752FBFB1D135524347BA1419AC41383022985D09722313C5CAF5A5E9095E4DA553D742F9A28F3CD15
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+............" ..0..2..........2Q... ...`....... ...............................S....`..................................P..O....`..8............................O..T............................................ ............... ..H............text...81... ...2.................. ..`.rsrc...8....`.......4..............@..@.reloc...............:..............@..B.................Q......H.......D-..."..................HO.......................................~....*.......*..0.......................*..3.(.......(....,.s....%..(....(....o....%.o....*..(....o.....+j.o......-.....33.o....o........o....o.....3F.o.....o....(....,3..+'..3#.o....o.....3..o.....o....(....,....o....-....,..o......*.......M.v......."..s1...*....0...........r...p.o....%-.&.+.o......(........,..(.........( ...,......(!...,..r...p(....(..............r!..p("...-..r+..p("...-.+....(#...+...
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-17LO4.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):869752
                                                                                                                                            Entropy (8bit):5.794973232034774
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:PT3yDshQsCuZeVuoyPXW0kByeahuV9pvMtBijuvJAjT893RK:tCajffWhByeahuV9pIBijuvJAjT893RK
                                                                                                                                            MD5:9A3A4D037A1624669A2ACF4EA0385492
                                                                                                                                            SHA1:7F6B09EB08AA9E59F93D216C522E2064D8707BBF
                                                                                                                                            SHA-256:43F9FE1CF13A13AA797B69166A073FCD0F675C43EE7F5104DDD7766C38D99E1D
                                                                                                                                            SHA-512:2177E289911A9C5D9950E3743987BA31197F892C320B050B20C0C418332F2B0D1DEB0957D982988C5110697843BE52C65BFD468C8E3FF6FE6290BCBA67AFC619
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0............" ..0.............n3... ...@....... ....................................`..................................3..O....@..............."..x#...`......$2..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B................M3......H............1...................1........................................(....*..(....*.(.........*....}.....(......{.....X.h...}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{8....3...{7......(....,...{7...*..{9.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..o....aX...X...o....2.....cY.....cY....cY..{......{...._..+%.{8....3..{7....o....,..{7...*.{9.....-....(....*.0..H.........{.
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-17PTA.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):148760
                                                                                                                                            Entropy (8bit):6.210842446609808
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:Rxi8ae06y7Q0kSutmvEmFk0pBa/+h8k/6kY2F8xB0dhqABtx5yoG9QE+5Bv:P0vDkSutmhFpYqtDqAhjMQJf
                                                                                                                                            MD5:592A822D0136B14F8D661891FF17C33B
                                                                                                                                            SHA1:F05CE2A5891B62C968D30FAD13D37FBEB42A4389
                                                                                                                                            SHA-256:41B5E1A4C59ABDB1CE1467F58C3D9FD06D39DFF4FC61D500A2410FECE8037F4B
                                                                                                                                            SHA-512:6071C4D30283C9CF9C25023240FCA97B33EFBE51E2E4D1FD1D3692354E7F85963D87F38512260B37E71D7A7F5AC7A61396C8EEB1F862FEFEAAC90C53FEF9E6A6
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...U..\.........." ..0.............b.... ... ....... .......................`......@.....@.....................................O.... ..8................?...@..........8............................................ ............... ..H............text...8.... ...................... ..`.rsrc...8.... ......................@..@.reloc.......@......................@..B................C.......H........,..L...........,.................................................((...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....()...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o*....{....(a...*..(....zN........o+...s,...*.(....z.s-...*..(....zF(U....(O...s....*.(....z.(V...s....*.(....z.s/...*.(....z.s0...*..(....zN........o+...s1...*.(....zrr...p(\....c.M...(O...s2...*.(....zBr...p(Y...s2...*.(....z.s3...*.(....z.(X...s4...*.(!...z.(_...s4...*.(#...z
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-1KGRU.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5225168
                                                                                                                                            Entropy (8bit):6.060760344615486
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:K7vufRTK888BIyaM9c83fIj9I4dHu1+oJ5w1o4HiX+PdlJQeeLV5uB7WM:wGp68onBuEoIBKM
                                                                                                                                            MD5:806D33A8300E885C3C1A00C6107AF8EB
                                                                                                                                            SHA1:123FE310D1D035932B65FAC5006209C4DCD692BF
                                                                                                                                            SHA-256:9C20FB2AD86A760B0C6AEBD9301C9009891D02AE14720A93926C0B535B8AD09B
                                                                                                                                            SHA-512:67F10D63E09A19A1110C2C4F4ABF057083757045CC8E7B08E94A9D8C46142B7E2AB01CDE8783EE02A85FBB912FF9D06541F1117C1DF182762207EFBB7289C6BB
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L.Y...........!......O...........O.. ....O...... ........................P......wP...`..................................O.K.....O.(.............O.......O.......O.............................................. ............... ..H............text...4.O.. ....O................. ..`.rsrc...(.....O.......O.............@..@.reloc........O.......O.............@..B..................O.....H........$#...,..........{......P ......................................(.S;=7w...@.|..sWH........c"....f....2d...0.S..B~x.J.%8Q.K..#"...k@..O.G]....[..7:....".h6.X$.69K.^...`c...M.....3.O\...^}|.0..I.......sk.....ol....+..om.......r...p(n...(o...op...&.oq...-....,..o......or...*...........+8.......0..V.......ss........(./..ot....+*.ou....~.....o./..ov...-.~.....o./...ow....oq...-....,..o.....*..........6K......&...(....*....=...(x...(....Q.P.(y...-..oz...,...Q.*.*f.(...
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-1KV1T.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):31808
                                                                                                                                            Entropy (8bit):6.340842410818935
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:KhATzquC707zKCROqI8sNBvSWWh4KU2Borgw:KhAquC7qzKCZINNBvsU2Bo8w
                                                                                                                                            MD5:B7F13CB30356DBE3E3BF7C01E2D8C7B1
                                                                                                                                            SHA1:712900D638167A85017AB7F99119964D84E0A39F
                                                                                                                                            SHA-256:9CB78661A77FBBAE56DE368F018AC9B06E6A171DAB37E49091AC4ABC4A3D1126
                                                                                                                                            SHA-512:6DF9337D590ADB72DF002CD64005A59F60BA064B2AE2D207559F0B43C9C8978AE75B22115556F0F4E7567B7B7862B99FE069EC92B3C98752623636BEA92D1BB5
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!..........." ..0..N...........m... ........... ..............................6.....@..................................m..O.......$............X..@$...........l..T............................................ ............... ..H............text....M... ...N.................. ..`.rsrc...$............P..............@..@.reloc...............V..............@..B.................m......H.......@2...9..................8l........................................~....%-.&~......Y...s....%.....(....*..0..^........-.r...ps....z.(....&.(...+(......9...(.....;...(....(....(......s....(...+(......sJ...o.....*...0.. .......sZ......}........[...s....(....*.0.. .......s\......} .......]...s....(....*.0.. .......s^......}!......._...s....(....*.0.. .......s.......} .......!...s....(....*.0.. .......sb......}#.......c...s....(....*.0.. .......s"......}#.......$...s....(.
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-1L277.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):302216
                                                                                                                                            Entropy (8bit):6.537959551271411
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:UgQflmXU2jFqgqXf3sHwcmtpAGb2Fwz5UcEUcsoJ:nQflEf2yEXbs7cNc7J
                                                                                                                                            MD5:D8203AEDAABEAC1E606CD0E2AF397D01
                                                                                                                                            SHA1:EEF943E4369166A039DEE90F2D81504613D49CA0
                                                                                                                                            SHA-256:2F05A2C489C2D30A6CCA346D4CE184323D70EB4F5AFA6BED34D5800274444E57
                                                                                                                                            SHA-512:CE09543CBB799DB65C71EA9D050CEF99D702D9AF0CC4C7E346F97F616B091D0AB9A211197CAF7FD5A53AF1BA6CE913B2B121499D36CD43B499FD201376F4F3D6
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=.Z.........." ..0................. ........... ............................... ....@.....................................O....................^...>..............8............................................ ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc...............\..............@..B........................H.......................d...(.............................................(....*j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2r5..p.(....*2rq..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rK..p.(....*2r...p.(....*2r...p.(....*2r.
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-1QVHO.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):42496
                                                                                                                                            Entropy (8bit):5.7027563742014635
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:/mm374ndpuVIBWT2LsFzsg095b9MUKkMKKzTEme2UTO2:/fkd0Vzjxs1jZzi2
                                                                                                                                            MD5:C5B6D0E3E885A3193A37E799356CA05E
                                                                                                                                            SHA1:5C9B5224F8666C94FF1C05E5C060C0F7B2CDA85B
                                                                                                                                            SHA-256:2A20A1CB4BE9219FFCE2C69901FE4695257A32391AC70BD62BCE2709F7B5FF69
                                                                                                                                            SHA-512:349A0577C69AF571BA816F93CE50D73709845C68E98D4814AF088A00AA96AD45FF16E2077AEADAC5BC8344BA88EA12D0074C4DC58AD91AC30F2F74FD5D5DD679
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}..].........." ..0................. ........... ....................................`.....................................O...................................X................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......LT...h..........................................................J...(.......(.....*..{....*"..}....*..{....*"..}....*....0............{.....+..*..{....*"..}....*..{....*"..}....*..(.......s....}.....{.....o......s....}....*..(.......s....}.....{.....o.......s....}....*..(........s....}.....{.....o.......s....}....*.0.................,.r...ps....z......,.r...ps....zs......r!..pr%..po......r1..p.o......r7..p.o...........,..r=..p.o.......j......,..rC..p..(....(....o.....
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-1RKVN.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):469368
                                                                                                                                            Entropy (8bit):6.017920603714903
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:ixsft2W3w+jOa7oUKwHnGiz61FnZxafFuhkxIySdoMooaJnKqEp9Emn:8ITKwHGiz61Ru5+yS+MopIFn
                                                                                                                                            MD5:A6E4D1875E7C8C2DD06790FBB318D1AB
                                                                                                                                            SHA1:FCA8529475E6C2128757C2A1B4E98D5576BA0AFC
                                                                                                                                            SHA-256:2606D84A6906F9C961D61D95E18FA5F92F7546C063418555621B3A19039F73FD
                                                                                                                                            SHA-512:D6A165668D04056FFAD40981AA3FF152CD1F216800BFE605238BC19381724A220C0F4A954E48E8AADEA62513386EF465C42725F0DDEE3B3009E64DB408D9C6BA
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ... ....... .......................`......j(....@.................................g...O.... ..(...............x#...@......x...T............................................ ............... ..H............text...x.... ...................... ..`.rsrc...(.... ......................@..@.reloc.......@......................@..B........................H.......8....................V............................................(~...*..(~...*..(~...*..(~...*V.(......}......}....*..{....*..{....*...0..8........s......s......o.....o....s......o.....o....s.....s....*.0............}......}......q....}......|....(....}......{....}.....|.....|.......(....,(..}.......(....}.....|....(....-..(....*..}.....|..........*..{....*..{....*f.|.....{....j.{....(....*..{....*J.|.....{....(....*..{....*v.{....,..*.|.....{....(....G*.0..R.......
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-23522.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1801266
                                                                                                                                            Entropy (8bit):6.93021628023707
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:kwPVyUklDic3GKRZglvmiSG1hdAKpa2bH5/+ll:L1hucH5/Ml
                                                                                                                                            MD5:7950F40808C588A071B9FE8A398201A6
                                                                                                                                            SHA1:679BEB65BC958F53B1F59342EF835D94B510274C
                                                                                                                                            SHA-256:8AABC7B9D7F696612EC3DF0EE34A9814D0EE8BED2A5CB1FA0DFA2236033B50D7
                                                                                                                                            SHA-512:85A63F59656BBF5F3944FDE8963134E2D16B53637B1F7AE6DFD11CBF071E38B2CDF6E51C8C847DE5B4433132F321091BEAD7A56261B9E2F96498E8DF95DC147D
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ........`...D/V...G/./..H/.3..K/:4..L/m5..M/2X..N/Tn..O/.r..P/....Q/....R/....S/....T/....U/.!..V/r"..W/.*..X/<j..Y/tn..Z/.r..[/$t..{/.z..|/|...}/4...~/Y..../0K.../.j.../^l.../e..../...../;0.../.@.../.e.../...../..../...../...../...../...../...../V..../...../...../...../F..../...../...../j..../w..../...../.!.../.?.../.S.../.\.../.p.../)v.../:~.../Q..../...../E..../...../...../f..../d..../...../....././.../.v.../^..../...../6..../.".../.-.../.2.../.y.../...../RK.../.y.../e..../z...././.../.[.../Wz.../...../...../...../\..../m..../...../Z..../l....//..../...../R..../...../...../...../...../...../.,.../~2.../K>.../.@.../eG.../.M..._.d..._....._....._....._}...._w...._:....`S....`A....`.....`. ...`."...`T(...`.?...`.C...`}F...`.M...`.O...`AS...`xT...`.X...`gk...`.....`9....`....`H....`8....`9....`Y....`H....`.e...`.i...`.r...`+....`8....`.....`.....`&H...`ZR.. `3j..!`.}.."`...#`#...$`....%`....&`....'`c!..(`.D..)`.M..*`#y..+`Nz..,`B...-`.....`.../`Z...0`.>..1`.A..2`.^..3`.m..4`.w..5`T.
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-23IFS.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):115856
                                                                                                                                            Entropy (8bit):5.631610124521223
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:nPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/hV+sUwS:nWw0SUUKBM8aOUiiGw7qa9tK/bJS
                                                                                                                                            MD5:AAA2CBF14E06E9D3586D8A4ED455DB33
                                                                                                                                            SHA1:3D216458740AD5CB05BC5F7C3491CDE44A1E5DF0
                                                                                                                                            SHA-256:1D3EF8698281E7CF7371D1554AFEF5872B39F96C26DA772210A33DA041BA1183
                                                                                                                                            SHA-512:0B14A039CA67982794A2BB69974EF04A7FBEE3686D7364F8F4DB70EA6259D29640CBB83D5B544D92FA1D3676C7619CD580FF45671A2BB4753ED8B383597C6DA8
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0..v............... ........... ..............................DF....@.................................f...O........................>.......................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc..............................@..B........................H........Q..|?..........$... ...D.........................................(....*&.l(....k*&.l(....k*..l.l(....k*..l.l(....k*&.l(....k*&.l(....k*&.l(....k*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2rG..p.(....*2r...p.(....*2r...p.(.
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-2FF34.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):58416
                                                                                                                                            Entropy (8bit):6.342742972878776
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:4C5mb2//LhDjsgXj55UJ6DgOFrgats7EdGm2yFVBU6WZZjbUp1x+z+iwB5:4CYb2/zRv5M6nrXtWZjQ1x+z+VB5
                                                                                                                                            MD5:EA5FB399EB9549F45C500A337EE35A22
                                                                                                                                            SHA1:740016A89ED287DA9AD4F84C70610D9895F4BB3F
                                                                                                                                            SHA-256:8AE5AA8987BA6E9697F6DBB03FA411FB7150420D3030A0842179E7874CC66779
                                                                                                                                            SHA-512:C4781EF5F4A0D30564691C8BDFE0EDCA258C08BF5AF9D891984244872B9AC71634EE64CA48A5E6546CE889AC8ED38C7DD043685C4B352DF4F80BD67D67B9B8C0
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._..[.........." ..0................. ........... ....................................@.................................p...O.......................0>..........8................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........I...l..............0.............................................{!...*:.(".....}!...*..0..#........u......,.(#....{!....{!...o$...*.*v ..yN )UU.Z(#....{!...o%...X*....0..M........r...p......%..{!....................-.q.............-.&.+.......o&....('...*..{(...*:.(".....}(...*.0..#........u......,.(#....{(....{(...o$...*.*v ..:. )UU.Z(#....{(...o%...X*....0..M........r-..p......%..{(....................-.q.............-.&.+.......o&....('...*..{)...*..{*...*V.("...
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-2G6RS.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15224
                                                                                                                                            Entropy (8bit):6.596631414726221
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:RaH+I0E34OcCA8zWh6LWTWv14UgLaDyuHnhWgN7aMW2aoinEqnajxFiIi:c0W4OcD8zWh6LW+c4HRN7B+ElbiIi
                                                                                                                                            MD5:4D9D797C82B0AF93625718CA9012C17A
                                                                                                                                            SHA1:910EEE42753057E3E1849391E5FD4746C1F876B3
                                                                                                                                            SHA-256:DC55B200190E101780720EA8C8D3B53F2B5653EBE6F0E0676F1B64595BA9D132
                                                                                                                                            SHA-512:3C812B52C00E8771849D991F8A518A0AF4AD3B52332C86078A3DE08077625784804FF0FD95BF568743F06CD4B26EC3B7634EB02B1AEFA2394A8DFCD21DD4C369
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O............." ..0..............-... ...@....... ....................................@..................................-..O....@..P...............x#...`......p,..T............................................ ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................-......H.......P .......................+......................................BSJB............v4.0.30319......l.......#~..l.......#Strings............#US.........#GUID...(...x...#Blob...........G..........3.............................................................._...........I.....I.....6...z.......@...............b.......................<...................i.........Z...........{......./.....+....."...........................(.............................................[.....
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-2L1AC.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):205312
                                                                                                                                            Entropy (8bit):5.9818938088972375
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:kuoaOOb45TnU2bJ1fVdey+Tj5dMIG3ogthPhdO/K9Otrz3AI3B/:kuoaOOb45TnU2bJ2aV35hAKQl3R3B
                                                                                                                                            MD5:A8CAF7F548B13FCD2D676C9C2550E352
                                                                                                                                            SHA1:0274FCA4D6FCF58F098053DE1BB921F18C7D66BE
                                                                                                                                            SHA-256:073028A525CDEB485A183A714289199E5650AADCDE6BD90FA2726339E139515A
                                                                                                                                            SHA-512:C4F9DDC0AB33C1A10522670586857004D39A13C9A8CC44FBA8F1F254FE8896B86E79A8AB5BB4843DF3FCA5BDC3ABAF35D061954B429923FAACEA4EA99F4408AD
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....(.\.........." ..0.................. ........... .......................`.......j....`...@......@............... ...............................@...............................:............................................................... ..H............text........ ...................... ..`.rsrc........@......................@..@........................................H..........8....................:.......................................0..@........-.r...ps"...z.o....,.r...ps#...zs;........o....,..o=...*.(...+*.0..@........-.r...ps"...z.o....,.r...ps#...zs@........o....,..oB...*.(...+*.0..........s.......o....,..o....*.(...+*....0..........s.........o....,..o....*.(...+*..0..........sJ......o....,..oL...*.(...+*Zs....%s....s....o....*..{....*"..}....*..{....*"..}....*..{....*"..}....*:.(%.....(....*J.(%....s&...}....*R..}.....{.....(...+*2.{...
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-3G1TG.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):576144
                                                                                                                                            Entropy (8bit):6.354860559148118
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:/O7iqQF0mQZIIQn4B+GiGQ/yQb3dqGys92qkCnmx1TMaZtCy:m7i4BH+V6SyhImx1TMaZ
                                                                                                                                            MD5:5E6125AA4A7C0CA54F73A9E6833EF404
                                                                                                                                            SHA1:303D712269EBBAAC476F8B6DB4472BD2464BD3CE
                                                                                                                                            SHA-256:2E180767F1415CB5BBED14450E1D4003CF56A9DA6AEAF91CE969A4B9D2A54314
                                                                                                                                            SHA-512:0C3A4BA92ED99755E88176229B60D9DC3C894F3B7B193DFF2C592C5706B1E3E82EBA97E3A01DD2F53D50DBC5AC5B12214253EB217863A61BDCAAAC77453FFBAE
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=.Z.........." ..0.................. ........... ...............................Q....@.....................................O.......$................>..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...$...........................@..@.reloc..............................@..B........................H........e...3..............-............................................(N...*j~....%-.&(....sO...%.....*..*...0..$.........(.....oP......&...,....oQ...,..*.*..................,!(....,..r...p.(R...(S...*..(T...*.*.(....,.r...p......%...%...(R...*..(U...*.(....,.r...p......%...%...%...(R...*...(V...*.(....,!r...p......%...%...%...%...(R...*....(W...*.~....*2r...p.(....*2r#..p.(....*2rM..p.(....*2ri..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r!..p.(....*2rK..p.(....*2ru
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-3QJCD.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):927744
                                                                                                                                            Entropy (8bit):5.729808615474438
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:87w5Yy5QehHGgmah/HECaRgyzdvd0RbYXUJSHvNGQ+zoNzMaV:87wtH0ahfEFZzz01YXU4PcQ+zoNzMaV
                                                                                                                                            MD5:F44C5F05759E3C12236BF0229B93CF26
                                                                                                                                            SHA1:FCE015373DE52DCBB7F38414344A482FEC0BD2B9
                                                                                                                                            SHA-256:EF7DFDFE65BD3C7AD47D7B5359EB2E74CBCA4E458A23EB4D8479557793C0137D
                                                                                                                                            SHA-512:9E2E9DEB1C6A470FBBE00F5050ACFB3F0CD2FF74C75CE6FB9AD3F5CBB1EE56C4E09B4C4C235D4D3D5623C095B340E386A03DB5BC417B413AEB6F15A5B689A9CD
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T._...........!..... ..........N>... ........@.. ....................................@..................................=..O....@.......................`......t=............................................... ............... ..H............text...T.... ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......&..............@..B................0>......H.......H ..,...........,.................................................{....*..{....*V.(......}......}....*...0..;........u......,/(.....{.....{....o....,.(.....{.....{....o....*.*.. .... )UU.Z(.....{....o....X )UU.Z(.....{....o....X*....0..X........r...p......%..{.............-.&.+.......o.....%..{.............-.&.+.......o.....(....*..{....*..{....*V.(......}......}....*...0..;........u......,/(.....{.....{....o....,.(.....{.....{....o....*.*.. .... )UU.Z(.....{....o....
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-3QOI3.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):82296
                                                                                                                                            Entropy (8bit):6.241839322172755
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:bSihdJgTltw7NEXdmticSpKl1IM4JlMatBz:bSihd+TMSXd2xSpU1IMKlFP
                                                                                                                                            MD5:916A2FDA1B8F177E3498435E0B3F7D40
                                                                                                                                            SHA1:B71DE9C781164148508043E3B5C8DE8E6CC77BA2
                                                                                                                                            SHA-256:ACBEF20C8A120482B61C4A570FF88E86852B564237AEC474EEC9F9040E5D7548
                                                                                                                                            SHA-512:55F78889E58B6954FE6D7EEA82871F01F694C40EB7D309D49064FB390A7C2A976B23ACDD7EB0E34F49E2E4FACE10D772168B980C0A913DF0A35D46A299EF40F5
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X..........." ..0..............2... ...@....... .............................."V....@.................................m2..O....@..................x#...`.......1..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H........m..`....................1........................................s1...}.....(2....(3...s4...}......(....*R..(.....~.....(...+*..s1...}.....(2.....o....(3...s5...}....*2.~....(...+*6.~.....(...+*2.~....(...+*..{....*.0..!........(.......o6...-..........*......*N.(...........o7...*:.{.....o8....*..s....*.0..V.......~....%-.&~..........s9...%.......{....(...+o;....+..o<....o=.....o>...-....,..o?.....*........1..J........s@...(.....oA...sp...o...+.oA...s....o...+*:.(C...
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-444JM.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14336
                                                                                                                                            Entropy (8bit):5.242507866369953
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:uhAGlJjPV0boevPGdlDHNBSUr8l/vl8Bsgv7/pgkd91kCI0WVYWnYm3LZfS7+/:uhLlN9eWdlZBS3XrgvzukIH2Io
                                                                                                                                            MD5:7721DECF5F28E1470D40B912B2253779
                                                                                                                                            SHA1:04536A984D29AD5BB1939AB83A1C5EEA501F2670
                                                                                                                                            SHA-256:CA4CCEB6A39D5B511ABB897D8BD3C1DE6921CF8A284DA73BE2F7BA79AC377B92
                                                                                                                                            SHA-512:2AA81E5A800F804ECBB206CBD2807D4A1987341DD211F8C493B6D5873E7D3D35F4DB8C27B4D67631C592861EB3FA05037EA93D02585870E6354054DF687AF076
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..0..........~O... ...`....... ....................................`.................................,O..O....`..............................PN..T............................................ ............... ..H............text..../... ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............6..............@..B................`O......H........+..`"..........................................................:..}.....(....*..{....*"..}....*..{....*"..}....*2.{....o....*..{....*"..}....*2.{....o....*..{....*2.{....o....*2.{....o....*2.{....o....*2.{....o....*2.{....o....*2.{....o....*...0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-4C3VH.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):185856
                                                                                                                                            Entropy (8bit):5.923903832607579
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:BHzaSlQlhJXg7xRVrNoKcnzpmXT7OLRiZ26:xpQPJXOxR5NoNdvRiZ
                                                                                                                                            MD5:1C353DE6D11E68353F9FFC0D0F8BBE85
                                                                                                                                            SHA1:E4C3AB9C1774CDCD937FAB3771315F9B6902CA9A
                                                                                                                                            SHA-256:98B012699B64AB7A3AD5DFD8CB93324480350EE18D87984B6E45B4AFFF03784E
                                                                                                                                            SHA-512:66AB601156F5BAF63E304F0CC25A75A0C5BBBA7A7B18AD9D8CEC004C26D6440E3A96C188F3E6D1FA7529C4D59A72A97551A823D8A34EE602D23FD8D026A83DE6
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... .......................@............`.................................W...O.......`.................... ......P...T............................................ ............... ..H............text........ ...................... ..`.rsrc...`...........................@..@.reloc....... ......................@..B........................H...........@...........................................................:.(#.....(....*..{....*"..}....*.0..D.......s$...%r...po%...&%r5..po%....(....o&...rK..po%...&%rO..po%...&o'...*"..((...*6..u....(....*..-..*.(.....o.....$.(....,..o....,..(.....o....(...+*.*.*....0...........)..(....,...;Z.(....o*...X..*"..s....*V.(#.....(......(....*..{....*"..}....*..{....*"..}....*..0..e.......s$...%rU..po%...&%r...po%....(....o%...rK..po%...&%r...po%....(....o%...rK..po%...&%rO..po%.
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-4FV5C.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):50176
                                                                                                                                            Entropy (8bit):5.955150630100358
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:5Ec0ta+ZgfmQ247Tet0k6n9pXAVePMECgCdMMWq3fOsD6hl9:5Ec05ZaTeik69pwwCltfwhl9
                                                                                                                                            MD5:C3B6084FB4A7AD53D42B6301BD19AC43
                                                                                                                                            SHA1:8B528D371629C1AA1A31D35D7A257813A90B6846
                                                                                                                                            SHA-256:60857310276B69557D2596356F78B53B74F8FF8A905BCC5AC57B84B2FDDC064D
                                                                                                                                            SHA-512:63E37C164561FBC9136244B1CF7C581FC4FA277ED5B24F9B767C126970740E358E340BA2609BC7F10523B48EAF3BB873FC4CE01094D039E43110263817C4B964
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...=._..........." ..0.............f.... ........... ....................... ......=.....`.....................................O.......p...........................,...T............................................ ............... ..H............text...l.... ...................... ..`.rsrc...p...........................@..@.reloc..............................@..B................G.......H........@................................................................(....*..(....*.0..^........o8...,T.o8...on...-E.o8...op...-8.o8...ot...-+.o8...{....%-.&.+.o.......-..o8...or......*.*.*...0...........................(....*V..........sb...(....*....0..c........-.*.oF...%-.&.+.o2.....,...o.......-.*.oV...t......o.....oF...%-.&.d+.o1...Y.X.1....o....&..o....*"..o?...*.0..2.......s{......}.....oW...t......{.......|...s....o....&*...0..e........oW...t......o.....+;s}.....
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-4KOV0.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):61288
                                                                                                                                            Entropy (8bit):5.7749001047489275
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:MP/KNlr04iilijKfWAuYoVnkYDuttJ6gWote1hYfm03:MnQ4gGKDUVnkbnIaOe
                                                                                                                                            MD5:BCEA3A6F9113DA7C477BD57190793B48
                                                                                                                                            SHA1:AAEF61367418330EF73DF23B5CD7A5A2FB396424
                                                                                                                                            SHA-256:F9D1376F30EFBC66AF818F4515AD298A865EDABFB0CB0FF6AEDD8A131B7595DC
                                                                                                                                            SHA-512:03F8E3D1465DF73C781B2079B31BE4BB6711E71FD50D5056B8C5CABFF76EB0F008851A81CF4643F26D713A1C2D82A4D5A88B9ACE8AF16BB2ACB7DA1EB30F19B3
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....w..........." ..0.................. ........... .......................@............`.................................?...O.......................h#... ......<...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................s.......H........U..............................................................0..v........s....}.....s....}.....(.....(....,.r...ps....z...<...%.....o.......i.....i.3....(,...*r#..p......%...(....s....(....z...0...........s....}.....s....}.....(.....(....,.rd..p(....z.(....,.rr..p(....z...(....(.....!.r...p......%...(.....s....(....z...(....(.....!.r...p......%...(.....s....(....z*.......C..Q.!......s....!....j.(....r...po...+%-.&~....*j.(....r...po...+%-.&~....*...0..F........(..
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-51I1F.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17272
                                                                                                                                            Entropy (8bit):6.464438429075434
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:aGI6bfu5j2pRzWOq8W4c4HRN7H3GElbiipK:aB6aEpMeBH2IK
                                                                                                                                            MD5:3004EF05D102AFA76BF3460E5A2E76B9
                                                                                                                                            SHA1:AE8D85EE777A3E0EECACAE58175E852103005398
                                                                                                                                            SHA-256:54831FA6DA2E428FD05BB82336F6882D41F49FE79F0B04D4DB2ED8D2674FE23B
                                                                                                                                            SHA-512:9DEBE1636FB1595B4DFA2BDB78B1D8AEB5D90B72635FE4592E1A4CAFCB53291BF9002830B7024E5CCD7F3E77E52322B9A364CA2AD7863E85F43EAE50AA000610
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....U..........." ..0..............4... ...@....... ....................................@.................................U4..O....@............... ..x#...`......p3..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................4......H........!..L....................2........................................~....%-.&~..........s....%.....o....*6.(.....(....*....0.. .......s.......}............s....o....*6.(.....(....*...0..3.......s.......}.....{....-.r...ps....z........s....o....*.s.........*..(....*V.(...+.(...+&.(...+&*..(....*:..{....(...+&*..(....*.0..(.......s.......}......}............s....(...+&*..(....*b.{....{.....{.....o....*...BSJB............v4.0.30319......l.......#~..X.......#Strings........
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-559R3.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6905
                                                                                                                                            Entropy (8bit):5.084333512692721
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:ctruUl3wgUDUDV+fonmUhUd4UtxrHwAf6e6Mch0Ja4krhl:srFCbkU6Dxh0E4krhl
                                                                                                                                            MD5:06E40DFADC011F07B0A8BCB910CA62EE
                                                                                                                                            SHA1:A4574E90D61339B3EEA2CFD11ED12E557F7F477F
                                                                                                                                            SHA-256:AE74231A8E6BD0ACFF9FB074427BE26A73AF20885CD23CFA6A636C9DF4333F59
                                                                                                                                            SHA-512:AE27CC72C9AFDC89A5EF8BF2569284D7CA6CFBCB30A5CD4ACE0DA11BC79A35F47C65A5F414F84F95F8696822242D3B9718DD860413C55CFDDC1CAE37D8C5350A
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: .<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->.. <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />.. </configSections>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-12.0.0.0" newVersion="12.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.ComponentModel.Annotations" publicKeyToken="b03f5f7f11d50a3a" culture="
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-5JDB3.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22584
                                                                                                                                            Entropy (8bit):6.389500965410628
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:wy/hEqZrQtck+QF1+gDMX910qzWU/UWCpc4HRN7eSXlVoPfJYz5:w+hJZUH+Vwo10wkBNoHU
                                                                                                                                            MD5:E78DF79160EF9ECB882E92EE9ACA7B3B
                                                                                                                                            SHA1:05EAFE02A6A0F2B5AF245101CECEEFF54736447A
                                                                                                                                            SHA-256:6C89704A56236F7886CFD6677DC2AAA22984D5F5312F31735360DB7C8C3B51CA
                                                                                                                                            SHA-512:8D953A88E81E44AA04827D136598D98F1445C2665E1ADC323A88AD5F6634571CD4827B57BA0F28D7CC9289E40CA8B7AA5A3366CE2F244A8B8AED86B9B4D34E79
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..*..........bH... ...`....... ....................................@..................................H..O....`...............4..8$...........F..T............................................ ............... ..H............text...h(... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B................CH......H........%.. ............D......|F........................................-.r...ps....z.o....~.....%-.&r...ps....zo.....*....0..L........-.r...ps....z.o....~......o....,..o....~....o....u....*(....%-.&~....s....*..-.r...ps....z.-.r+..ps....z..s....(....*..-.r...ps....z.o....~.....o.....*.0..:........-.r...ps....z.o....~......o....,..o....~....o....u....*.*Vr=..p.....rW..p.....*.0..T........(.....-.r...ps....z..}.....(....o....,+.(....o....,........s...........s....(....&*..{.
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-5M6SE.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60480
                                                                                                                                            Entropy (8bit):6.223999171415957
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:rjcg1jdIBknLML9ERHePs4Wb0XQuY3EO9VzBmkV:rjlIBknLML9sehHXX6ECU0
                                                                                                                                            MD5:9ADB29AA65A7CC5ADA2CF5C5E259407B
                                                                                                                                            SHA1:A049318E3AB543354B87BA88058E362A06BBA90E
                                                                                                                                            SHA-256:772AD7674284C0F62E5C90D0772283B8152AD704E612D5D46088C77D17314D1C
                                                                                                                                            SHA-512:930F1F10A781C792742B9663CCAEF5DD6A77921C63938274422D072EC9843E71C34FBDC780B950F4F625EE8C85A675900F9F0E866D1DACCB5A922C216145A4DD
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Wd............" ..0.................. ........... ....................... ............`.....................................O.......................@$..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........U..t...........H.................................................(....*..(....*.0..j...........Q.o.......uI...%-.&.+.&.o.....J...(....(.........&.......,).,...o....Q.P-..o....o....,...o....(....Q.*...........5........(....*N.,..o .....(....*.*fs!...%...s....(....o"...*...0...........o#...,..o$.........i.(....*.o%...,....(....*~.......o&...,...o'...&*.o(...,...(....,,..o)...o'...&*...(....-..o)...+..o*...o'...&*..0..Q.........+..o+.....o%...-....(....++..[o,...&..,.o-
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-6BADM.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):66424
                                                                                                                                            Entropy (8bit):6.047132037116903
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:PX9wrSVM+ZPyr7gyT8vPuEq3W13uX9/H2IDOpC8WiVkxO7Bx:PnVvesHPuEqiuX9/H2IypCRVw
                                                                                                                                            MD5:0D65948A9719AA94218B0012409C3398
                                                                                                                                            SHA1:92DEEE204350C7C029F59054B115CBED8FFDF1E6
                                                                                                                                            SHA-256:0F96A425E05DECD3484EECC05F1957EF39768DFB1CE2E4CAC9E10AC30361AA8A
                                                                                                                                            SHA-512:8438CEEB545F80709594EB32219961E5D13D830DDF7C391866E7E27431FB0658BE0A24653F47C8311AD451C365984ECF8ED9B88E963283E8A99B9FE5A637486A
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....]/..........." ..0.................. ........... .......................@....../%....@.................................Y...O.......0...............x#... ......\...T............................................ ............... ..H............text........ ...................... ..`.rsrc...0...........................@..@.reloc....... ......................@..B........................H........u...{..............8...........................................r.-.r...ps....z...o....(....*....0..@........-.r...ps....z.o....r...p..(.....-.~....*.(.....E.........(....*.0...........-.r...ps....z.-.r...ps....z.o....r...p...(....../.r...ps....z..-.~....*..(............i.Y./)(....~l...r5..pr...pr...p(....r5..ps....z....+0..o.........-3....+.+...._3..../.+........X...X...Y..2.+....=...X...Y...0....(....*..0............/.r5..ps....z.-..*.(........*f.-.r...ps....z....i(
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-6LRB8.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22904
                                                                                                                                            Entropy (8bit):6.402654664732349
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:j202yNoBgvgXMD5MFQCDpaZWqE2MIyMo+zCzWc6cWKc4HRN7RKTTXZlO/C:j3OBRXMFMFQC1Y3o+zRkBRKt
                                                                                                                                            MD5:F3616191069793A8C40045ED0FCB6309
                                                                                                                                            SHA1:8F4D447F6E5BC442953517DBF5598CD7CCD945A6
                                                                                                                                            SHA-256:FC67990FB44D03C9C61323E362AEFB749024192963D87CC99EACCCF5B468449F
                                                                                                                                            SHA-512:3819305D55BCAFB33FA867F6888C738B1464519E3915F47773C3044116706C7381F226A72AE62241418B6B1AF68FDDB5AF6A85FCBE49D63B1F6C099B592D72B8
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<............" ..0..,...........K... ...`....... ....................................@..................................K..O....`...............6..x#..........tJ..T............................................ ............... ..H............text....+... ...,.................. ..`.rsrc........`......................@..@.reloc...............4..............@..B.................K......H........(...!...................I........................................(...+*....{....o....o....}.....{....o....,..{....*(....*...0..A..........}.......}......(....}.......}.....{.........(...+..|....(....*2.{....o....*J.s....}.....(....*~r...p.....r...p.....r)..p.....*v.(......%-.&r?..ps....z}....*..{....*"..}....*..{....*"..}....*..{....*~rU..p.....ru..p.....r...p.....*....0...........o'...%( ...o....o!......("...*..0....................o....o!......("...*J..s#...(....o
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-6MAGC.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):622288
                                                                                                                                            Entropy (8bit):6.016351689107462
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:Y66gWNz9YtHPQG2puGeqVmjaVmnS4bKO62xEYIV7lTWKfdHI1mpHahS:V6gm9YyO6vVh3p6I
                                                                                                                                            MD5:BBF6C917A4E2E413B94D9F2643B45E24
                                                                                                                                            SHA1:9D8CF03893AAF9807F993F48554921AFA081859F
                                                                                                                                            SHA-256:E0E126C3B8A7BA9501D03F99D54A5CBBD174BCECB6170098AB4CC1219F27F933
                                                                                                                                            SHA-512:464C20C6C362E4EA728A60E736D70BA5F5800C4CE4DF16DC2389B1D236BBA3433E260CF4CE93C454DB1FEC88C6653DDD98E3451AF100E4BDED4B9DF95CE4E135
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L.Y...........!.....Z...........y... ........... ...............................q....`..................................x..S.......x............d...............w............................................... ............... ..H............text...4Y... ...Z.................. ..`.rsrc...x............\..............@..@.reloc...............b..............@..B.................y......H............H..........H....V..P .......................................V....D...8..5.Ugu........c(..:j.t..d.i*...V.{..[.d.U/.h.....f.@.s.OR..im..x$5..........io.^..J].z.!TK.NL.WB.@*....^...R.+....s....*..s....*"..}....*..q....*2.{....o....*...0...........{....o.......(....*.s....z..(....*..0..[.......(....o ....(....o!....(.....{"...o#...(.....{$...o%....{&...o'.....(.....o#...(.....o%....*.......6..C.......0..V.......s(......}&....(....o ...}"....(....o!...}$....{.....
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-6TH30.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):23600
                                                                                                                                            Entropy (8bit):6.744116920154898
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:/qTO1PdhW1YWxvHcWVF0GftpBj/Ic4HRN7sIB6lQg:/q6PSzD+ilIBsr
                                                                                                                                            MD5:D9E308FE5F1AC35CE823964288DA1BA5
                                                                                                                                            SHA1:B23C26AA1739D02BA4216CC5B80A47FD1251AB41
                                                                                                                                            SHA-256:1AD2DD7225D5162A0FD3A3B337A1949448520E3130A4BC8E010EC02F76097500
                                                                                                                                            SHA-512:22768D92838A0061435520FAAE7AB9A8747050776DD1ACA00FF874A51BE2119A89876C41C1B540DC60354B2741540E1CA88E8E447D81E555EE535A5B92F8EA06
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..[...........!.................1... ...@....@.. ...................................@..................................1..K....@..................0>...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H........#......................P ........................................|......<...rp....O..Ih.VvI..a,...%...(..@...7.v..v..N..x.6.._.....H^c~s_...]..Q@.,n.H(..CN..Q..<...%N`H..MV}%'x;.A.1..E..^.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0................*..0...............*...0...............*...0..........
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-784PS.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):76152
                                                                                                                                            Entropy (8bit):6.125272290560867
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:1HJj7a0NlrIJPBeVS6E6CT092chLRwdqTRESvSiBk5mfS8k8+QHBZ3:1HJHa0NlAeVdSYhIqTySXBk5n8qQHBZ3
                                                                                                                                            MD5:4106A161BDBCE068267E9054FD907A85
                                                                                                                                            SHA1:0B5679B632122A75F91F151CF88D63F672875BEE
                                                                                                                                            SHA-256:A852A628DAFD880662671395BCB2417CC86429F0F2D46BD8F357C7875862A615
                                                                                                                                            SHA-512:731F1998717AA3F156033B7C2D711F4609200C1BFDB24902ED366CEE2808675CAA8C1AA8D3687E5AE0126B136F02BF9BDDFD2CE9BDF462FB630D5D7F087D1092
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....J............" ..0.............~.... ... ....... .......................`............@.................................+...O.... ..@...............x#...@......$...T............................................ ............... ..H............text........ ...................... ..`.rsrc...@.... ......................@..@.reloc.......@......................@..B................_.......H........c..............................................................0..........s......-.r...ps"...z.-.r...ps"...z..(....,$..(....r%..p.o#...,.r)..prk..ps$...z.o.......o%....o......s....%.o....%.o....}............s&...o....*.0..q.......s......-.r...ps"...z.-.r...ps"...z.-.r...ps"...z.o.......o%....o......s!...%.o....%.o ...}............s&...o....*....0..B.......s.......}.....-.r...ps"...z.{....-.r...ps"...z........s&...o....&*...0.. .......s.......}............s&...o....*
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-7J14T.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):355328
                                                                                                                                            Entropy (8bit):5.97632681013557
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:mtY8gj5LlWwTjrG6VFNEjqpmzYyfQQG5HdE:t9LlTTjTu2pHyoW
                                                                                                                                            MD5:25B242D00C6C32E1F437EB2064EA2E29
                                                                                                                                            SHA1:3712BD78C80A237DD804EC77C64498DEFDE12E94
                                                                                                                                            SHA-256:E72ACDDF47586BC0999D598E3BD125A254BB6F4AE151C076993304F6E31FBBED
                                                                                                                                            SHA-512:F1CA54008290F67825F4AA0C8F78476D0E4EBB3B7F50C338F51C87A96B0D25457496FE6062AA57E401C444F5AA80DF8E6B97C2E681E699905F3DC39200D235D7
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....2..........." ..0..d............... ........... ..............................Q.....@.....................................O...................................,...8............................................ ............... ..H............text....c... ...d.................. ..`.rsrc................f..............@..@.reloc...............j..............@..B.......................H........z...............................................................0..a.........4j(,.......*...s?...}......{....sF...}......{....sC...}......{....s;...}......{....s9...}.....*^.{.....o...+o/...o3...*Z..s....%.}....%.}....*Z..s....%.}....%.}....*R.{....,..{....o@...*..(4...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(4.....(......(......(......(....*...YE....................+..s....*.s6...*.s#...*.s(...*s1...*....0..)........s......o.....o.....
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-7LCED.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17976
                                                                                                                                            Entropy (8bit):6.395988130419178
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:uP2mznBrRMP+VLJH6zWSvfWCCc4HRN7alJYe:SjFSWRtCwBSD
                                                                                                                                            MD5:4483C37E62EF068827B6B1CB296D506B
                                                                                                                                            SHA1:B8B72443C0E38DD3FD107D2F7FDD4AF924F8E47C
                                                                                                                                            SHA-256:5A4E55AA9C0F4E3950B5080E314C114B497878A2985CA5B496794B4E2D649A95
                                                                                                                                            SHA-512:8FBBB6D02C7605C839B7A87D02BE43083AEEF005C9C8FE0B0A7B130850726F1C788BBF6551FB6C1E04685A0BEC38D4D2E7915E1F461BF3D4AE65A4EE29878387
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....=..........." ..0..............4... ...@....... ....................................@.................................d4..O....@..............."..8$...`......\3..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................4......H.......,!.......................2.......................................~....*..*.(...+o....*..(....*..(....*.s.........*:.(......}....*..*..*.~....*..j*..{....*..*nr...p.(....r...p(....s....z.~....*..(....*..*..*.($...*.s.........*.(....*..s....*.(....*..(....*.~....*..(....*.*.s%........*BSJB............v4.0.30319......l.......#~..........#Strings........8...#US.........#GUID...$.......#Blob...........W..........3....................'.......................................
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-828CN.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):61072
                                                                                                                                            Entropy (8bit):6.1765235751081216
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:8skJzzaBYV6dMMUx7d/dC3eM0JFAU4CD0zKuDBngViOcLBhV:8skJa+tP7tFAU4CQzKuiVwBhV
                                                                                                                                            MD5:CC8EC58D65F00F81C9FD4599C0E2D74B
                                                                                                                                            SHA1:D59E6886E01F31F56F848A5AA728190F0C27AA49
                                                                                                                                            SHA-256:5E4C15EAD9A7417D1D31707EBB0DB1709C95D5F2D5D9D6D5DDCED5A96D0EBE06
                                                                                                                                            SHA-512:05A4455362EBF7F7C0B90927F6DAD4D226186CC5B30F7B003275F94EA553CD60331E886C8EBE03372BA70647DEC762932E504B3D632647C64AA381B9D3D7D508
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=.Z.........." ..0.................. ........... ....................... ............@.....................................O........................>..........(...8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........K...W............... ............................................(....*.0..e..........(....,....(....*.E........................".../...<...Q...^...s.......................#...8=...*..GR*..HS*..HS..X..XGR*..JT*..JT..X..XGR*..JT..X..XHS*..JT..X..XHS..X..XGR*..JT..X..XJT*..JT..X..XJT..X..XGR*..JT..X..XJT..X..XHS*..JT..X..XJT..X..XHS...X...XGR*..JT..X..XJT..X..XJT*..JT..X..XJT..X..XJT...X...XGR*..JT..X..XJT..X..XJT...X...XHS*..JT..X..XJT..X..XJT...X...XHS...X...XGR*..JT
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-8NHGK.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4346120
                                                                                                                                            Entropy (8bit):6.383235359931208
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:D5EfJYiVk9w6hAPqzag2At6i5K/8Ub6Lg3MEq/NHiQTtVr+5kb62QgdD6zoodr7P:l7iNPWHYE+Bnm8
                                                                                                                                            MD5:222D020BD33C90170A8296ADC1B7036A
                                                                                                                                            SHA1:612E6F443D927330B9B8AC13CC4A2A6B959CEE48
                                                                                                                                            SHA-256:4432BBD1A390874F3F0A503D45CC48D346ABC3A8C0213C289F4B615BF0EE84F3
                                                                                                                                            SHA-512:AD8C7CE7F6F353DA5E2CF816E1A69F1EC14011612E8041E4F9BB6EBED3E0FA4E4EBC069155A0C66E23811467012C201893B9B3B7A947D089CE2C749D5E8910C6
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Zn..Zn..Zn..S.E.^n....7.mn....6.[n..5...^n..Zn...n..5..._n..5...Rn..5...Kn..5...[n..5....n..5.).[n..5...[n..RichZn..................PE..d.../g.Q.........." .....l1..0........%.......................................B.......B...`A........................................p.>.x.....>.d....@B.@....@@.......B..=...PB.h...@w<.T.............................5...............5.P............................text....k1......l1................. ..`.rdata.......1......p1.............@..@.data...8"....?.......?.............@....pdata.......@@.......?.............@..@.rsrc...@....@B.......A.............@..@.reloc..h....PB.......A.............@..B........................................................................................................................................................................................................................................
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-8TVRG.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):48192
                                                                                                                                            Entropy (8bit):6.169380663324594
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:YoodqqiKSspOLEJ13avFuitiPiXGydvQmwBjwu:YvdqqiKS1QJ5a9tt6KQmwBEu
                                                                                                                                            MD5:FA43B31FAC519D4537325B2D77595C3F
                                                                                                                                            SHA1:DC3C0912D2275684A95816401F63E155FE2B5ED1
                                                                                                                                            SHA-256:CE4721EB7591C77EC23650C079C25730BC9E4F2AF440ED0CE913258151434CDA
                                                                                                                                            SHA-512:E9E050EC7BD310CE3C5C13AC7F3849DD96EE34CA68A91956B956EEF6C228A23D790736D05F07562B039A888471F823107D11384E72E172F505192964680335F4
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....]?..........." ..0.................. ........... ....................................@.....................................O.......................@$..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......4C..hd..................,.........................................(....*..(....*"..s....*&...(....*2...(.......*>..}......}....*..{....*..{....*.0...........(....%-.&.(.......(....*B.(......(......*...0.. ........-..*.%.u....,..........(....*.*..(....*6.......(1...*......(/...*......(0...**....(....*6.......(1...*......(/...*......(0...**....(....*6.......(1...*......(/...*......(0...**....(....*6.......(1...*......(/...*......(0...**....(....*6.......(1...*......(/..
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-8VQF8.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):39488
                                                                                                                                            Entropy (8bit):6.250982873974538
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:bLQBQ0Q4Q+fc5wQ2Z5bDgzyguhZJhOU/7GTDMxOWgAB8jXfrtfEZ1rG+7jGzWa/R:oi0Q55wQ2jbDguguTOU/CMY87j2OBYh
                                                                                                                                            MD5:76C9E64046B8C8BFE24E782B2272782C
                                                                                                                                            SHA1:D4FD4EB46F81D82A6D1D33BCBDFE345F1A8D3725
                                                                                                                                            SHA-256:5AFAC60A95DD1E942F249ABD32818E448535F058985B1FFE9163BA5D9902952F
                                                                                                                                            SHA-512:E8C90AA3637E88A388D5EC1981533FCA4B752572C29DAB5E1D067787967644F6E330C96AE1124760CE1017461FB6DA9AE5578E24BC5FD0BB53F969DC110D6F11
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{..........." ..0..l..........6.... ........... ....................................@....................................O.......D............v..@$.............T............................................ ............... ..H............text...<k... ...l.................. ..`.rsrc...D............n..............@..@.reloc...............t..............@..B........................H........A...G..................l.......................................2.|....(....*"..}....*...0..K........-...(....*...o.....+..o.......(......X..o....-....u......,..o.......(....*..........2......"..(....*f..{.....b.{....X.ja}....*..0...........-..+..o.......(....*....0...........-..+..o.......(....*....0................-..+...o.......(....*2 ....js....*..{....*..{....*>..}......}....*...(.....(.....(....,...(.....(.....(....*.*6.......(....*...0..1.......(........(....(
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-90CC6.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):140288
                                                                                                                                            Entropy (8bit):6.173391144685546
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:n7vo6FTJ3vg+U7636doSxZeFnkvLUOlbunEG2tblUQnWmPX23:j/F939w6qneFuLUOvllfU
                                                                                                                                            MD5:B9EF223BC887DB6380DBEC9CDAC32F28
                                                                                                                                            SHA1:3001794A935BFC9962BB2D3C606A7124EF57BF7E
                                                                                                                                            SHA-256:683430B4C448593B1AE6DD1E5D42CE5A3241C07FC590C2FC9178C1CDF102CD36
                                                                                                                                            SHA-512:80CF143523E89E2F27E1223842FA2199D85F2EBD3C09BA4B92BE4F44A4366E2A70F586816AE4E030EF03385BA83BA0BE8D09910EFC112B8104B03A640D971B44
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....\.........." .....>..........04....................................................`.........................................p....... ...(....`.. .... ..t............p..D....................................X..............x...0............................text....=.......>.................. ..`.rdata.......P.......B..............@..@.data...h...........................@....pdata..t.... ......................@..@.00cfg.......@......................@..@.gfids.......P......................@..@.rsrc... ....`......................@..@.reloc..D....p......................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-93RRB.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):53760
                                                                                                                                            Entropy (8bit):5.550171034059513
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:CTiglqcPGmH+BSITBFo+iRdbBFS1WSbfi5qlD+P2mHvaVhXUWdYvXnx:BgvH+oETfiRnFS1WSbfi5qlsaV2WGvx
                                                                                                                                            MD5:261858D431A1329FCC4BE5A3C3401608
                                                                                                                                            SHA1:E4A0FB2D517BB308F7290F67CAF1BA7A42538087
                                                                                                                                            SHA-256:35A9DE38E105EA98629D825F50FAC10DF50BE65ACA837A2760DA714E69722FB1
                                                                                                                                            SHA-512:AC3DAEB6FF5E6FC3DEDE59C20C2AD08202C9DA1CA3FDD8231F57AD4471B61046002747B000D96F82B820EDCC52BFEB8AF98FAA751D6A9AA431C9ADB42A695A43
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...).H`...........!..................... ........... .......................@............@.....................................S............................ ....................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........U..............................................................2.r...p(....*..{....-.rK..p.s....z.{....o....*..{....-.rK..p.s....z.{.....o....*..{....-.rS..p.s....z.{....o....*..{....-.rg..p.s....z.{....o....*..{....-.r{..p.s....z.{....o....*..{....-.r...p.s....z.{....o....*..{....-.r...p.s....z.{....o....*..{....-.r...p.s....z.{.....o....*..{....-.r...p.s....z.{....o....*..{....-.r...p.s....z.{....o....*..{....-.r...p.s....z.{....o....*..{....-.r...p.s....z.{....o..
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-96140.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):37880
                                                                                                                                            Entropy (8bit):6.203827438697827
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:i6dZhZNABMOepekF5F23FOermz8iZXptwbtZvsfZ8TYMvg/eLZAXxkjmgVZQZNCc:zZ2B6prFKFO+m1ptwbLZ/Nsk0xZtL5n9
                                                                                                                                            MD5:5F6AB2A948F6A158F0EF1ABB57335CF2
                                                                                                                                            SHA1:6064E5E58B00A0EF6F0A0B82839CFA8491CD10BC
                                                                                                                                            SHA-256:5755F724A06AA30BDB2A22E632E2D6FEC85932A1465137FE68DE50552B9E2FAB
                                                                                                                                            SHA-512:19058BCACB80366ECBE1A27B6CA7671A2D844B396A1D40B10CF0C25953298AF94DF845952E5524FC3462EB1F40C9E86A2FE3EA5BC0C1434E9BD49450CBEE831A
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...>.Y..........." ..0..d..........:.... ........... ....................................@....................................O....... ............p...#.............T............................................ ............... ..H............text...@b... ...d.................. ..`.rsrc... ............f..............@..@.reloc...............n..............@..B........................H........:..tC...........~..@...X.......................................f.(......}.....s....(....*..{....*"..}....*..{....*..{....*Z.-.r...ps....z..}....*..(....*...0..`........(.....-.r...ps....z.{....,...o....s ...}.....{....,...{....s....}.....{....,...{....s....}....*j.{....-..s....}.....{....*j.{....-..s!...}.....{....*j.{....-..s....}.....{....*....0..q..........{....%-.&.........+.("...s#...........($.....0..+...(%...,6..(&...s'.......+...{......o(...o)......X......(&.
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-9I0L2.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):45944
                                                                                                                                            Entropy (8bit):6.277604374888833
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:9Qj3K4+aBKEshPm9+Pwk08nUbkwHJGBDx:9W3K4+k33+PbUowHJGBDx
                                                                                                                                            MD5:877A2436FB99D0CA59C56E38ABF5959F
                                                                                                                                            SHA1:028568BC166509C3CF2BFB5826224BE23255E4CD
                                                                                                                                            SHA-256:E98B0F67476A4040CE6C227E107285C790E538A171269EC6FBAE031B3D7B0E7E
                                                                                                                                            SHA-512:CFB42550FD2AC8EE15632BC867743F7379269A64D16D9F141E1A876084050233A432448410BD14F3FF8C892AA6939DE5AD55AFCD48E65A61B1BD9D20BBF757D7
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....L..........." ..0.................. ........... ..............................R5....@.................................[...O.......................x#..........H...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......l=..\e...........................................................(....z2.(....s>...*:........o?...*..(@...*.0..H........(A.....}......}......}.....sB...}.....s@...}.....sC...}.....sD...}....*..{....*"..}....*....0..k........{..........(E....(....,..(7.....{.....oF...s......{....,..o......{.....X}.....{.....oG...&.....,..(H.....*.........V_......2.{....oI...*....0..Y........{..........(E....{.....oJ...&.{....oK..........,..(H.....(....,..{....-..(1....,..(....*.......
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-9IF5E.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5958288
                                                                                                                                            Entropy (8bit):7.10214435052139
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:rxuijZPjoltkM2WZHJB2E4DUetE1Sg+q+FAPrdudcpo42JKsDxi3EjDox9ToCQ9w:Ao7S+fKSxq8+0g2HDE3EjErToZOvb
                                                                                                                                            MD5:E51E91EF892C0CC1D761D3B9A3E9BE0B
                                                                                                                                            SHA1:8B4823117FFFD561C7A93B186D5EAC894ED7F4E9
                                                                                                                                            SHA-256:B35E78E2139F2F7C9601B4948E1FDDEE82FA6AC30505CF97BBD0E4B0F5732592
                                                                                                                                            SHA-512:1F722C847264D41924FCEA9A807CA00D5A301AD73294450EF786EAF570D6CA230FABC59BB1BCD3C38BD225428BE173666DD77CB2D8A9CEDC61525EB8818870A5
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......zQ..>0.>0.>0.eX.!0.eX...0.eX..?0.A..00.A.#0.A...0..l..<0.eX...0.eX.+0.>0..0.B...0.B.?0.B..?0.>0g.?0.B.?0.Rich>0.........................PE..d...F.H`.........." ......&...........................................................[...`...........................................U.....x.U.......................Z..........F..`.S.T.....................S.(.....S.8............0&.`............................text...,.&.......&................. ..`.rdata..../..0&.../...&.............@..@.data.........U.......U.............@....pdata...............rV.............@..@_RDATA...............zW.............@..@.rsrc.................Z.............@..@.reloc...F.......H....Z.............@..B................................................................................................................................................................
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-9NK0J.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1140736
                                                                                                                                            Entropy (8bit):6.370824042523569
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24576:D+zDYxEeN8m+2OGeWu+m+2OGeWum+2OGeWum+2OGeWumc0FAV2w/TGiYdXQ0pQ83:KZm+2OGeWu+m+2OGeWum+2OGeWum+2OA
                                                                                                                                            MD5:8AD78EDF83F099EA593F9615A8B092CF
                                                                                                                                            SHA1:464CCEF792B90DD476107084C8D2D6D9F96A0478
                                                                                                                                            SHA-256:8420A77C869B69FC9D44043FFEB173A7D56A22539D116A506746BD015DB64294
                                                                                                                                            SHA-512:734641F92ED149066375D2EA300AA9446AA5058120B940FD1000B8F0F6E663F8454012A1E32D08CE357724F92DAAA1D8B7CF829EDE005458EF069A8F34FA25C8
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........J$.+J..+J..+J..S..+J.N...+J..y..+J..uI..+J..uO..+J..uN..+J..uK..+J..+J..+J..+K..*J."uO..+J."uJ..+J..u...+J..+..+J."uH..+J.Rich.+J.........................PE..d....(.\.........." .................U....................................................`.........................................`]..8....c..........x.... ..\g......................T...........................................................p...H............text............................... ..`.nep.....N.......P.................. ..`.rdata..(...........................@..@.data...8w.......`...|..............@....pdata..\g... ...h..................@..@.gfids..,............D..............@..@.rsrc...x............F..............@..@.reloc...............L..............@..B................................................................................................................................
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-A2KVS.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):737157
                                                                                                                                            Entropy (8bit):6.275109785888174
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:l4yBDej/GHcSgEalEJxd0NvmdXWq1a8zwAj6TAVu1KTIv3hx5c1YC7x1+QSryIsB:7BDej/vsNkgf1G2/tb
                                                                                                                                            MD5:CC741473D2D075FDC2BE804EEC407A12
                                                                                                                                            SHA1:22A96140286FDB004540A2051B93432AA133843D
                                                                                                                                            SHA-256:6107C1BFDBF2CF351D5281073422B836D7A547E81345BFF502FD31335D7FCBB3
                                                                                                                                            SHA-512:31977768847821379ACA3A49A30D6DC25A31621D96B618C4A9FC71BF7EB7F9999DB87603190140FBAEC8BEB103CD8FF793D5144CBC68A7EC7815DB64AA530437
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ...................5W....5_....5.....5jP...5}[...5Zk...5,u...5....5<....5._...5le...5.k...5an...5Wr...5.u...5Q~...5.....5.....5]....5.....5.....5.....5.....5.....5.....5h....5n....5.....5]....5.....5R/...5.2...5.7...5.F...5.J...5pT...5.[...5.d...5.j...5.q...5gt...5.....5T....5g....5.....5.....5v....5<K...5.[...5.n...5.v...5_....5.....5.....5.....5VA...6.b...6.c..0Cvd..1C<f..2C.i..3C)l..4C.m..5Cfn..6Csq..7C.t..8C.v..9COy..:C.{..;CH...CC...DC...EC....FC8...HCs...JC....KCL...LC....MCE...._t...._.#..._.0..._>1..8c.1..9c.2..:c.4..;c.7..<c.:..=c(<..>c.=...d.A...d.F...d.F...dlH...d.I...d.J...dVK..dd.K..ed....fd#...gdw...xiL...yiQ...zi....{i....|i....}i....~iY....i.....i.....ic....i."...i.)...iq+...i./...i.3...i.6...i.:...i2E...imI...i.K...i.S...i.\...i.]...i._...i.`...i.d...i.d...i.f...i.h...i.j...i.l...i.m...i.o...i.p...i$r...i.s...i(w...i.x...i.....i+....i=....iR....i.....i.....it....i....iT....i....i.....i.....iY....i>....i1....i.....iX....i-....i.....i....i.....i.....iV....i6....i..
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-ANGPN.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):20544
                                                                                                                                            Entropy (8bit):6.438105462302127
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:9fIkmL7o0McTlMGKozKjzNYy1+JlpzWqvwWCnc4HRN7yhlImVTBzBW:9IkmLE/BsJlZKByNVpBW
                                                                                                                                            MD5:38A2AE77291920D18B43E5979A11C1C4
                                                                                                                                            SHA1:CC6819B82A96AE53769E344D5175179438A75073
                                                                                                                                            SHA-256:B94BF1C9A3EFA5BF276932BAB931CF5E81F99C6E882FDBA380C38436DC2D2643
                                                                                                                                            SHA-512:C76D98B8830C56F78B22CFE30F4D7240836C276581E2D4BC04448A435239A013C7ACDCC152699DBC09C24DBEFF0323DB5845DE3939B8480D0C95E148585D0EFF
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...si............" ..0.."..........r@... ...`....... ...............................n....@..................................@..O....`...............,..@$...........?..T............................................ ............... ..H............text...x ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B................S@......H....... $..`....................>......................................:.s....o....&.*V.s....%.o....o....&.*"..(...+*2.~....(....*^.(......%-.&~....}....*2.(....(....*.0...........( ...s!...("....(...+.......s$...(...+.......s&...(...+o.....+<.o.......((...t$....{....o)...o*.....(+......(,...t$...o-....o....-....,..o.....*.........>.H.......F.r...p~....o/...*>..s....%.}....*f..((...t$....{.....o0...*..{....*"..}....*2.(....s....*..(1...*f.(1.....}.....(2...}....*.*...0......
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-C3ID6.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2531328
                                                                                                                                            Entropy (8bit):5.813372049705993
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:s4/4hyBYKMD+SNfXCwJtezvOd0HSC3souk1b3:1MD+SNfCWtw
                                                                                                                                            MD5:AFB010D6AA754FE0522AFC22CD561053
                                                                                                                                            SHA1:81A5338EB3956488F739B473BF03F65F9B7FF3E6
                                                                                                                                            SHA-256:A64531CBDA6E442CD3F3E351D73D4086BCE009FB979EF90B28F6FA45122F5C8F
                                                                                                                                            SHA-512:AB1D2C41578DC8ADA8634F40E7E737F301ABFF16F794A320A8139D0BC4890D6C66DB4E3F40FD58345E40363BFF4AC2640937C8EF326AA5EE3402A3D2735ACB19
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....S\...........!.....p&.. ........&.. ....&...@.. ........................&......5'.....................................D.&.W.....&.`.....................&...................................................... ............... ..H............text....d&.. ...p&................. ..`.rsrc...`.....&.......&.............@..@.reloc........&.......&.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-CFM6J.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):83304
                                                                                                                                            Entropy (8bit):5.548697712504058
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:1sVV084QK/YnqskkON9XNEgfpXaXr0iMJgBGILkDzVZl0+88niFF2G5m5UwoPtJp:1xDInkkON9XNEgfpXaXr0iMJgBGILkDM
                                                                                                                                            MD5:51EECD0861CE90E5622A87CF9AB0E304
                                                                                                                                            SHA1:653C257A78CEFB098517066EAF8E67ECAE0E93FB
                                                                                                                                            SHA-256:B28E14873544392596CF8E34B9BBBA6F682E9C18D96379D40856CB4F1BB50A6A
                                                                                                                                            SHA-512:5E27873598B291294E17E702D14C5B3CBEC959DA7C407635695D69D0B15361080C50F27BFD1BBF8E73A34202A2BC6B10C01E2C4F082E5FBAC9EDB4581E2A35DF
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l..........." ..0..............7... ...@....... ....................................`.................................k7..O....@..x............"..h#...`......t6..T............................................ ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`....... ..............@..B.................7......H.......,`.......................5.......................................0..........s....%r...pr...po....%r...pr...po....%r ..pr,..po....%r...pr...po....%rG..prU..po....%r...pr...po....%re..prs..po....%r...prs..po....%r...pr...po....%r...pr...po....%r ..pr(..po....%r...pr...po....%r...pr...po....%r...pr...po....%r...pr...po....%rr..pr...po....%r...pr...po....%rN..prd..po....%r...pr...po....%r...pr...po....%r...pr...po....%r~..pr...po....%r...pr1..po....%r...pr...po....%rm..pr
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-CGC8A.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):881152
                                                                                                                                            Entropy (8bit):5.924354321034631
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:pYokeHxu9YVgGKOUSJ6mfnu5GU1+3iKmnxj7sQ:eaXJ6mfnWGUeid7
                                                                                                                                            MD5:F48FCA997D3648D4A62DC30D9A28EB1D
                                                                                                                                            SHA1:145E2CD4CFFC7A4EC33AFA065EBAB610EB153AEC
                                                                                                                                            SHA-256:782EE209C55B138BF6659EA10E4C720F59E70395245519E97349CB5CE7A8282D
                                                                                                                                            SHA-512:92883CC71A8CBA679D114B39A129418B4D4621AD8875D5CAB09DEC84EB43ED7059D99704A7C022377BD1B2E838331F5EE55B534F6B3FD5556F769A3B4D1BABF3
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...]}3..........." ..0..h............... ........... ....................................`.....................................O.......................................T............................................ ............... ..H............text...0f... ...h.................. ..`.rsrc................j..............@..@.reloc...............p..............@..B.......................H............d..................<.........................................{=...*..{>...*V.(?.....}=.....}>...*...0..;........u......,/(@....{=....{=...oA...,.(B....{>....{>...oC...*.*. .. )UU.Z(@....{=...oD...X )UU.Z(B....{>...oE...X*.0...........r...p......%..{=....................-.q.............-.&.+.......oF....%..{>....................-.q.............-.&.+.......oF....(G...*..{H...*..{I...*V.(?.....}H.....}I...*...0..;........u......,/(@....{H....{H...oA...,.(B....{I..
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-COTNB.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):26624
                                                                                                                                            Entropy (8bit):5.838759953073056
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:gm4S9ibpeqJMPqvdiov7ACXrnDdUELTlSlV8115pQzmPAm/4Wa9:g3pe4MPqN7zDyk57V/Na9
                                                                                                                                            MD5:B8EE3DE827C9828BFC4CE2D1232110A5
                                                                                                                                            SHA1:0A017AAB404C48F9F11B3E7E0A29E0C558E8CCCC
                                                                                                                                            SHA-256:6B007D59CB09C077E94BC32EE74B3FF03AF07422DD50B40D2CF39573140022FC
                                                                                                                                            SHA-512:13DDA00459D9FA07D8123A5B100D9EC1B046E470D978E37A769308424C3986BFDCEE5515CD32FD7B14B8EEE3E9AB4DED1F0AE5939522926BF7A82DAEB914123B
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....(.\.........." ..0..`............... ........... ..............................P.....`...@......@............... ...............................................................~............................................................... ..H............text...._... ...`.................. ..`.rsrc................b..............@..@........................................H.......42...H...........{..@...D~........................................(*...*.0..d.......r...p"...As+....s,...%.o-...%.o......o/...r...p.(0....o1...(2....o3......,..o4.....,..o4......(5...*......$.$H..........BR.......0..U........r3..po6....rS..po6....r...po6....r...po6....r...po6....r...po6....r...po6.....(7...*..(8...*F.|......(9......*..{....*"..}....*..{....*.0..O........{....,.r...ps:...z.,1.o;....\...(<...(=...,.r...p.\...(<...(>...s:...z..}....*..{....*..0..O........{....,.
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-DISHG.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):35904
                                                                                                                                            Entropy (8bit):6.325752549932404
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:C3KRGekDsRYiT3eLEDszDKYhpdU+Vt9klH/nBxQ:XRG3IOY3eLEj2pdUWkN/nBxQ
                                                                                                                                            MD5:1BE5FFCA9BD7F3E8761574783605C7A8
                                                                                                                                            SHA1:10715AF2097136185EFB665817213374AE865C3F
                                                                                                                                            SHA-256:69E686E91DEEA8B0671FAA31C3AE00B43A99CD124CB0B524BBDD261F81A4507E
                                                                                                                                            SHA-512:645F85DF8A8B05E2EBE69D53B3C1DDC852C22EB8557118633A46D0189BC714DA156CCDA453A4C9BF9E0FA1225CF971A65BBAFC77A47D650A336D81AC99CC8A34
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9.=..........." ..0..^..........z|... ........... ....................................@.................................(|..O.......l............h..@$..........({..T............................................ ............... ..H............text....\... ...^.................. ..`.rsrc...l............`..............@..@.reloc...............f..............@..B................\|......H........6...C...................z........................................(....*..(....*.0..6........-.r...ps....z..(....-.(....&......s........,.(......*...........+......&...(....*...0..o........s....}.....(.....(....-.r...prI..ps....z.( ......(s...}.....(....(!...-..(....s"...z..}............s#...}....*..{....,.rS..ps$...z.|....(%...-..(.....|....(&...*6..s'...}....*~.|....(%...-..(.....|....(&...*6..s'...}....*z.|.....|.....|.....{....(...+*>..}......}....*..(....( ...(s.
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-DITGO.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):45944
                                                                                                                                            Entropy (8bit):6.208809961697658
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:I0Nb6qNYa6o//SenaEyZRo3WtMhJROszwe/qpq8Pr6S:I0UuYc/yuWtMhJnzw6qpHOS
                                                                                                                                            MD5:BB4D31A3F1970E1D649DCFB5D1E8EF9A
                                                                                                                                            SHA1:95EED2ED63686891197B482EBED0A28F22AD476A
                                                                                                                                            SHA-256:565264E1207C4D18C04A2D1A58D2D28B75D7C9E073C554AD2387FFAC6D16C227
                                                                                                                                            SHA-512:15D98DA4F2FB96E88B204DD1DD93DA1497126C0AD8D53004FD7C9E672E56957836A4F31D73DB761972CD0A68DAE08C4F27E42809BAF9693004B5723B3F522EC4
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....!............" ..0.................. ........... ....................................`.....................................O.......................x#.............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......8N..,R..........d.......D.........................................*..0..1.......(....,..%-.&.*..(.....o!......&...,...o"...,..*.*....................(....,.r...p......%...%...(#...*..($...*.(....,.r...p......%...%...%...(#...*...(%...*.(....,!r...p......%...%...%...%...(#...*....(&...*..,&(....,..r...pr...p.(#...('...*..((...*.*.(....,.r...p......%...%...(#...*...()...*.(....,.r...p......%...%...%...(#...*....(*...*.(....,"r...p......%...%...%...%....(#...*......(+...
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-DP93Q.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12800
                                                                                                                                            Entropy (8bit):5.29030048478792
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:UoO+8wgx+LuWMP9rhEx4xzUH95Gx0fDXn7fDFcsQQin9R3r/vAGVW3:HOqgM8JkSYHQ0rXjDFcHTm3
                                                                                                                                            MD5:3376E355531CE50F02E632053AAEFE9B
                                                                                                                                            SHA1:5F3A8633A2139FAD6E6624E65CA7EA677B484A1C
                                                                                                                                            SHA-256:79E71585B1756758EDB4300D4CFE4FC2784C6AF0166793D099D2FA73D7C73D4D
                                                                                                                                            SHA-512:2F54C1FC5838C6E0549F045E7893B0635927DFE57C65A901F5EE7672FDB2B49C5BE3A4134E15F1192147806CBB4D469B3E8E2867AC927370D60989DE7DEB0C76
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..*..........bH... ...`....... ....................................`..................................H..O....`..............................tG..8............................................ ............... ..H............text...h(... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............0..............@..B................AH......H.......$(..P...........................................................r~....-..*~....o....(.......*..*..(....*:.(......}....*..*.s....z......(....*....0..........+..o....&.o........o................3...+e....(.....+Y....(.....+M.....u........,...o....,...o.......o.....r...p.o.........(.....o.......s....z.*....0..Y........(.......(.....+......(....o....&.o....,..o......3..o....-..*.o.....o....(........o ....*....0..G........(......o....-..o!...,$.,...(".........%...o#...($..
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-DQ7E3.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2644108
                                                                                                                                            Entropy (8bit):6.392150225253697
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:M/bMELtKnwSaPuqrUJlORnUjzV8VkLwN1:MjMzVPeVCM
                                                                                                                                            MD5:CF6FD3CC555EBF2E65979C62867292BE
                                                                                                                                            SHA1:4851181A1B95A642E8998D4856A3C4D467D156F0
                                                                                                                                            SHA-256:DB8FBADF04F952E4EE359F756E7F755C3C56FD2EDC3C3680D7365C6A6AA12334
                                                                                                                                            SHA-512:1280CF1716909F5056C5D91FD491D888CDCB94D9D7CDA41F1F25813797F416966B757F905B350B41EF5BFFCDB11D76A175E47D42E4D8FD38D6BB565C2003E2E6
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......]..................$..b........$.......$...@.......................... ).......(...@......@................... &.......%..5...P&.p............<(......................................@&.....................P.%.L.....&......................text.....$.......$................. ..`.itext...&....$..(....$............. ..`.data...TZ....$..\....$.............@....bss.....q...P%..........................idata...5....%..6...6%.............@....didata.......&......l%.............@....edata....... &......v%.............@..@.tls....D....0&..........................rdata..]....@&......x%.............@..@.rsrc...p....P&......z%.............@..@..............'.......&.............@..@........................................................
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-F57UF.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10326688
                                                                                                                                            Entropy (8bit):6.269143753308119
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:196608:g7UPty2ACLA2cliXUxR0jHz93Whl96p6VJQ:V12CLAZliXUxR0jHz93Whl96p6VJQ
                                                                                                                                            MD5:65C6337820FBE9BF2498A9395E3B20F2
                                                                                                                                            SHA1:5CC62646E6C73B4BE276D08719BC5E257AF972BB
                                                                                                                                            SHA-256:33DA1CDDA18EAEA52011D40AE9A610CAC9F6466156E9803891EE77294607AEE4
                                                                                                                                            SHA-512:4800F03577A46A98A4BD786DC37A380F4169540E243FDB7835E3146FBA0D0E1D07A7E3EC8CD23566FEB00D204D582D678698AE61DB156339FE56229DE0B267C9
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .-...l)......|).......)..P....)..0....).......).......).. ....).. ....).......*.......*....../*......B*..`...U*......h*..P...{*.......*.......*.......*.......*..P....*.......*.......+.......+......&+..P...9+......L+......_+......r+.......+.......+..0....+.......+..P!...+...!...+..."...+..`"...,..."...,...#..#,..0V..:,..px..J,......Z,..P...{,..@....,..P....,...u&..,....&..,....&..,....&..-....&.&-....&.=-....&.T-..P.&.k-....&..-....(..-..0.(..-....)..-...Y*.....@#+.!.....+.D.....,.[... .,.y....,.......,......,......E-.......-......./../....0.//..`.0.F/....0.b/....0.r/....0../....0../....0../..@.1../..P.1../...e1../...h1../.. .1..0....1.'0....2.<0...{2.Q0..p.2.g0....2..0..p.2..0....2..0....2..0..p.2..0....2..0...Z3..1...Z3..1..p[3.C1..P.3.X1..P.3.m1..P)4..1...I4..1...I4..1...J4..1..0e4..1..@.4..1....4..2...4..2....5.12...P5.F2..0Q5.^2...Q5.s2..
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-F8PMF.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):38776
                                                                                                                                            Entropy (8bit):6.2179888581449445
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:BYPfq/YvtCSMI7bPWcMOKRgHW7dtVjBB+vvi:GHq/YvpPWcLKhXVjBMS
                                                                                                                                            MD5:32344C4A2ADF49250DC6E641AEEF0467
                                                                                                                                            SHA1:F1D0325B897AFC15C7BDA9BA3464628244521694
                                                                                                                                            SHA-256:76C199FAC18976B62780C83BD82205DF54C716D97AA2F70A4E3B46B63F68AE7F
                                                                                                                                            SHA-512:085AFDC4C3B58462C005E68A0C5F5C1F9699F5904D4ADD1678366A5EA3AD440F2CEA88209739E243A39475EAFDEEDCE1BC838923A1E2BBC676B089625780F8D9
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..j............... ........... ...................................@.................................;...O.......t............t..x#..........8...T............................................ ............... ..H............text....i... ...j.................. ..`.rsrc...t............l..............@..@.reloc...............r..............@..B................o.......H.......L?..lH..........................................................2.o....s....*2.o....sM...*..-.r...ps....z.-.r...ps....z..(...+*..-.r...ps....z.-.r...ps....z.-...o....&*...o....(....o....*..0...........-.r...ps....z.-.r...ps....z.,..o....-...o....&*.o.....3"....o.............o....s....o....*.o.....G......+.....o.............o.......X...o....2....s ...o....*...0...........-.r...ps....z.-.r...ps....z.o......,.....+/..~!...("...*....o.............o....s....("...*.o.....G.
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-GHBQA.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):25168
                                                                                                                                            Entropy (8bit):6.3627509599315815
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:uj7BTKOTXn+wwH+dM7ACEUIMBPGXel+Zr3m7zWiGLWcc4HRN7cMJglx5f:uj9uhdedM7WMB+Lr3mCxBf
                                                                                                                                            MD5:FB08199BC94EF1829EBC1A5105917594
                                                                                                                                            SHA1:8538C7CB6F211DDDCFA2E50D843C83AF55FD7847
                                                                                                                                            SHA-256:9C4D59F5C74C6C2C3BF69FB1E5707B04EAB14B3311C89B974142FDEC88BC44B8
                                                                                                                                            SHA-512:E589D56CEBD4E5E104DBF8C760FAED7444158FBF41659CE739A63093FAF5CEC6AEC4983587D6F89E78400CF22E322217D81A638DC3CD7FE90BFC74A5AF9E4A15
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../?............" ..0..4...........R... ...`....... ...............................e....@..................................Q..O....`...............>..P$...........P..T............................................ ............... ..H............text....2... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............<..............@..B.................Q......H.......x(...'..................DP......................................j.-.r...ps....z.(...+(...+*..-.r...ps....z.-.r...ps....z.......%..(...+.(...+*..(.....#.......@(....(..... ....(.....s....}....*..{....*"..}....*..{....*"..}....*..{....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*....0...........(.....-.r...ps....z.-.r...ps....z..}......o ...}......{....o....~....%-.&~..........s!...%.....(...+(...+}......{....o....o$...,..{....o....r#..p(%...(...++..}....
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-GJVJG.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):109914112
                                                                                                                                            Entropy (8bit):6.6613981795901775
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1572864:ncMJN3MclRBD5qBp7zMHzDvAajtA3Mi6KLYn:ncMEzex
                                                                                                                                            MD5:FD4B739F87A99837E8A41ED49B46345D
                                                                                                                                            SHA1:01755B82ABF214812EFC7C5C045852109B1D142F
                                                                                                                                            SHA-256:695CBDA063948E26110D2E26D499F41DAB1EFCD370BE6BF93BFC9DBC2D678128
                                                                                                                                            SHA-512:55EE9EC8931DA9247C78E813257568029614A425F74CD62810DB068C362414B6EF3FC7672148273B6BA4882D8C3338C1DC68B6C94EDA3C3F35C23A903F9812F0
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....\.........." .....L\...0.......W......................................@............`...........................................;.......;.4............`Z...6..........`.. ...<.;......................o;.(...Pi#.............X.;..!..h.;.@....................text....J\......L\................. ..`.rdata.......`\......P\.............@..@.data........@?..z..."?.............@....pdata....6..`Z...6...C.............@..@.00cfg.......`........z.............@..@.gfids.......p........z.............@..@.rodata.P.............z.............@..@.tls....1.............z.............@...CPADinfo8.............z.............@...prot..................z.............@..@.rsrc.................z.............@..@.reloc.. ....`.......V~.............@..B........................................................................................................................................
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-GUSEB.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):799744
                                                                                                                                            Entropy (8bit):5.919811694140243
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:gPxxbVMrKUhdAnhC+Sv/f6aPeXmryU29p2k9osf1eFlf/n7ok:3hv+8LKmsPosfEFtj
                                                                                                                                            MD5:44FC26AE3F77101EACF851F53AA1E64C
                                                                                                                                            SHA1:F129F58AA70CF1EA7741BE1C7848062E515D6773
                                                                                                                                            SHA-256:FB884DB0B44F47DC451D9729FECAF6AA9DE61E757AA4EF76381CA7006D55CBB6
                                                                                                                                            SHA-512:F690665B01EB4E292CE8E03169593FCBB44110253FC4A14510FF3081C41BD13A0538A9A805113F07A9FC11536B552B59C5548C25BA18C08E9738A3E7CBE0D8B8
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....\.........." .........$............................................................`.........................................S.......a...(............ ...S..................t...........................(....................................................text............................... ..`.rdata....... ......................@..@.data........ ......................@....pdata...S... ...T..................@..@.00cfg..............................@..@.crthunk@...........................@..@.gfids..............................@..@.oldntma............................@....tls................................@...CPADinfo8...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-H21RJ.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):25232
                                                                                                                                            Entropy (8bit):6.672539084038871
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:VyPa16oAL4D+wW9IWmDIW4IWYDMFm0GftpBjMIraQHRN7VlmTpF0:VWs6oqDjADKeDYViG+LN
                                                                                                                                            MD5:23EE4302E85013A1EB4324C414D561D5
                                                                                                                                            SHA1:D1664731719E85AAD7A2273685D77FEB0204EC98
                                                                                                                                            SHA-256:E905D102585B22C6DF04F219AF5CBDBFA7BC165979E9788B62DF6DCC165E10F4
                                                                                                                                            SHA-512:6B223CE7F580A40A8864A762E3D5CCCF1D34A554847787551E8A5D4D05D7F7A5F116F2DE8A1C793F327A64D23570228C6E3648A541DD52F93D58F8F243591E32
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0.............b2... ...@....... ...............................H....@..................................2..O....@...............$...>...`......x1............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................B2......H........!..T....................0......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2r[..p.(....*B.....(.........*.BSJB............v4.0.30319......l...4...#~..........#Strings....t.......#US.@.......
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-H6OTH.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22904
                                                                                                                                            Entropy (8bit):6.275240198358171
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:l+MB5Y53KF5Jilg6FJMzzWcaoWXc4HRN7XwTTXZlOYl:ldLEowpMEdBAX
                                                                                                                                            MD5:14A7A2B79865DE5C273B13583BF49763
                                                                                                                                            SHA1:34B5D578BD1C1FB0FD29ADBAF8E270909A803CFB
                                                                                                                                            SHA-256:E15127AFF5576B0C5C84B8E716BF3AB7C5C0E5F17764B6FAD45E88E781810284
                                                                                                                                            SHA-512:FA3E7550887133551094548D4E089B219F9DCD4FF07D3C9298CA85B1BE8ED3004A7643E03D1293D1A378345D40ED86FF7B44036B2B7B1D2D42A7DEB7BAADDAD2
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...XI5..........." ..0..,..........rJ... ...`....... ...............................f....@..................................J..O....`..(............6..x#...........I..T............................................ ............... ..H............text...x*... ...,.................. ..`.rsrc...(....`......................@..@.reloc...............4..............@..B................QJ......H.......,$..d$...................H......................................~r...p.....r...p.....r)..p.....*.0..@........(....o.....+..o........(......(....o3...&.o....-....,..o......*........(4......n.~.....-.r?..p+.rK..po3...*..-.rU..ps....z.~.....o3...~.....o3...*..0..3.......s<......}.....{....-.r}..ps....z....=...s....o0...*n.-.r...ps....z.~.....o3...*n.-.r...ps....z.~.....o3...*n.-.r...ps....z.~.....o3...*..-.r...ps....z.~....~.....(....o3...*n.~.....-.r?..p+.rK..po3...*n.~
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-HB3IT.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):43584
                                                                                                                                            Entropy (8bit):6.17781231838619
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:gNpHjW3XHbfZtbdWkbdWWbR3MNKRjsGVh0UBsr:QpHjSHbfZtbdWkbdWYSNsom0UBsr
                                                                                                                                            MD5:D195309528F364DFACD3BAE393EA08B8
                                                                                                                                            SHA1:763721AA95EB354FE7CB88AC5EADBF6D854BC5CB
                                                                                                                                            SHA-256:123766D210B9793CE76C2779FA87B3C8FE122A526FAA6D46841CF7CF6E5495FF
                                                                                                                                            SHA-512:332578FC59E8C518A0E45957D20A9A491B7D6D7567C1655C2F2FA5535450D2D9238B7937BA26B1EB271335E0DD605CB64768AC875EB0901692D021ACB1E344D1
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....`..........." ..0..|............... ........... ..............................*w....@.................................Z...O.......D...............@$..........p...T............................................ ............... ..H............text....z... ...|.................. ..`.rsrc...D............~..............@..@.reloc..............................@..B........................H.......x:..0Z..............H...........................................0...........-.r...ps....z......(.........(....(....(..........(.........(....(....(..........(.........(....(....(..........(.........(....(....(..........(.........(....(....(.....*6.~.....(...+*..-.r...ps....z.-.r...ps....z.(....&...s....(...+&.*&...(...+*6.~.....(...+*..-.r...ps....z.-.r...ps....z.(....&...s....(...+&.*&...(...+*F......(....(....*..(....o....,..o.........(....( ...*.*..0..R........(..
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-HGG02.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):41336
                                                                                                                                            Entropy (8bit):6.205278569786679
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:MIzPnhumTmOiRp8kwIsm9y7zDuntboCUGBUUH/UG/XBUUbTY4LUn63rdEgi5s+hF:M0PnhvTmOGw/gYU3rC1thtMU0MgBli
                                                                                                                                            MD5:AD750925D50354E9F024DE4CBF89D99D
                                                                                                                                            SHA1:5F59101AEAA143D2D13A2A5B70728304B201BD50
                                                                                                                                            SHA-256:733157ECFE5A2752DD50D5F4FDF688B2E1D016DA020D6969C20C5FDE050CF2C9
                                                                                                                                            SHA-512:A1A5B2D8C72CF794454FB781F09CE68B279B83CF57326FC3F12C0F4417D638A5ADE287477AB93A15440D804D0784983D61BD9538F77E11DC5D07E563E89561F3
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K%............" ..0..t............... ........... ....................................@.................................1...O....................~..x#..........(...T............................................ ............... ..H............text....r... ...t.................. ..`.rsrc................v..............@..@.reloc...............|..............@..B................e.......H........>...P...........................................................~2...%-.&~1.....Y...s....%.2...o....*..0..%.......sZ......}3....(.......[...s....o....*Br...p(...+(....*Br...p(...+(....*Br3..p(...+(....*Br3..p(...+(....*....0..M.......~.....o......,<..+2.r_..p...rc..p(....r_..p..X...rc..p(....o ......X....i2..*.rg..p.....(!...("...o#...s$........*...0...........(%.....}......}......}.......}.......}.......1:...}......{...........}......+..{.....s.......X...{....2.*.~
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-HH8S6.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):48176
                                                                                                                                            Entropy (8bit):6.458269365822686
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:xlJ1Hi1Nx6XVuDw4nqRs68JNgN0xmJ5EkHioS7Fz+i3Bpbu:ZDwq668/gN0xmJacioS7Fz+GBo
                                                                                                                                            MD5:066A9401C103E215ACCFDE47E773DE20
                                                                                                                                            SHA1:9632667AACB996FD9C360451419BF2774CEA3436
                                                                                                                                            SHA-256:CEE2549E788831A5CF08EFE42D2691A41D300EA74150257BA94CE22B9AD54009
                                                                                                                                            SHA-512:3223EA6E89863639C61D3FAC47CA7BC71CC4146F9B793343B2CFD242FF741CBBFADD0581362A5786B8BAC8939936C8C5805AB1BE0D1CD573F18FB32EF171FCAD
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......[.........." ..0..t.............. ........... ..............................D(....@.....................................O.......`............~..0>..............8............................................ ............... ..H............text....s... ...t.................. ..`.rsrc...`............v..............@..@.reloc...............|..............@..B.......................H........?...L..........,...p.............................................(....*j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2r5..p.(....*2r_..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rS..p.(....*2r...p.(....*2r...p.(....*2r.
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-ICEC6.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19520
                                                                                                                                            Entropy (8bit):6.39262558975941
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:KKL+sWRltgJDFwKsLNYoADzWif/WCBc4HRN7ylI5eGaL:Ks+ZODmKwNYoAb3BLny
                                                                                                                                            MD5:EFB942EDF1D49CCD20F900B0749D73CF
                                                                                                                                            SHA1:02640AD2D0578BFB0ADE2522BE39142857AFB15D
                                                                                                                                            SHA-256:50256A3A6BBECFDFCCE566A1B20AFBCCA45674641636F5C658B9446B582416EC
                                                                                                                                            SHA-512:27E2EA03A2ED6CFFCB01A156E7EDFC7A699EC4EEF4A96D2353B57F53EE2B10620DCFA876AB8B58F38BDF7594F20B6026DA166A2629449423C3D231516F9BCBE9
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............<... ...@....... ..............................,9....@..................................;..O....@...............(..@$...`.......:..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B.................;......H........$......................L:......................................>..(.....Z(....*.0..V..........}.....(......{....%-.&r...ps....z}......{....u....}.......(....}.......Y.....}....*...0..:........{...........,".|..............(...+..............(......*...0..[........{.......+C.......{ ..........,*.......| .............(...+...........3..*..X....i2..(!...*..0../........{....%-.&.........+.o"...%.....-.&.{....o#...*..0..Y........{....- .{....%-.&.{.....o$...+..o%...,0.{..
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-J9C5K.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):414720
                                                                                                                                            Entropy (8bit):5.906769911995882
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:0l59QMLV6yu76jThLN2hWazE0a1nGEG2hJ7yvby/Ec8:S9QPZ6jTdNs/
                                                                                                                                            MD5:07809155502CA460862D6C3CD554200D
                                                                                                                                            SHA1:A648D3DCEAA0DAB29BDEB3B08CFCC05B816DD28A
                                                                                                                                            SHA-256:4AFA1EF0F2DF936FE2FF026D73B9630CFF0D567CB66E3E09ED94783C0D3A054E
                                                                                                                                            SHA-512:6314679BAB44AC165E77689EE8265F3687B8E7636A0B0FC688FC1B4581BA376C612E8D117DC50E8AE447A36E161167FA4B7D3365E9B92CC7D80F56A8B57D0E08
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\Uw]...........!.....J...........i... ........@.. ....................................@..................................i..W....................................h............................................... ............... ..H............text....I... ...J.................. ..`.rsrc................L..............@..@.reloc...............R..............@..B.................i......H.......4....`..........TK..`............................................(}...*..0..'.......~'........(....t......'.....(...+...3.*..0..'.......~'........(....t......'.....(...+...3.*..0..'.......~(........(....t......(.....(...+...3.*..0..'.......~(........(....t......(.....(...+...3.*..0..'.......~)........(....t......).....(...+...3.*..0..'.......~)........(....t......).....(...+...3.*.2~.....(....*...:........(....*..0..........(.... ....`(......&..~#...,!~....,.~....o...
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-JBMKO.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):88576
                                                                                                                                            Entropy (8bit):5.963780772452768
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:+ue37hNT6B4hno1LauL2K87jxIFYIx3ffRkNc+NxNrFaB:SNT6BbLJ2+nBfZkNjN7rF0
                                                                                                                                            MD5:A3571D57212D66885F7E19CA16C76D19
                                                                                                                                            SHA1:32017244672E20E5E99D35AA05907F835F1246AE
                                                                                                                                            SHA-256:4890F2BED66F98C4EDEF6174A9500A3B13D5A5419204003507468B45E946582D
                                                                                                                                            SHA-512:317BB735044B78603F8B2EC750ED98E240BA3EECA8F36FEFE47AF06B15975F402B6F5852BA8C5B8B345475AB3BDD9DC3FAEF17669A17FD028F0B9B1655DD67F5
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..P..........Nn... ........... ....................................`..................................m..O...................................$m..T............................................ ............... ..H............text...TN... ...P.................. ..`.rsrc................R..............@..@.reloc...............X..............@..B.................n......H........|.......................l........................................{....*:.(+.....}....*..0.................-..+...(...+......(....*..0..F.......s.......}......}......}.......}.......}.......}............s-...o....*..s....*..~....%-.&~..........s-...%.....o....*..~....%-.&~..........s-...%.....o....*..{....*"..}....*..{....*....0..&........{..........(.....{........,..(/.....*...................0..%........{..........(......}.......,..(/....*...................&...{...
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-JKD7E.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1625088
                                                                                                                                            Entropy (8bit):6.529811892106442
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:H+PCM/q8roxO/scjdY7mrGsyCuB5SDdrzYC:H+JZEwB
                                                                                                                                            MD5:A0D07D0E354C7760497EF7EA6227B937
                                                                                                                                            SHA1:10CFC3FF37B8B492A2130D1CDA2CCFA8788A9650
                                                                                                                                            SHA-256:F39FC4D52B3E9E1A8D30FB8E2FFD320C1B54A5D5C5AD2444E57F0B3642CDC05E
                                                                                                                                            SHA-512:908C234CB616EDC87A76D9153A6DA8F2A1013C477602EC2068DC598592CD1355569F42989B1F4B29AB43F9DDE3912DBFD9BFB01EAEDBF6960277D629F75E24EB
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O..7...d...d...d.i.d...d.i.d...d.i.d(..d0..e...d0..e...d0..e...d..=d...d...d...d...e...d...e...d...d...d...e...dRich...d........PE..d......\.........." .....~...J............................................... ............`.........................................@6..81..xg..<.......<.......@...............$.......p...........................p................................................text....}.......~.................. ..`.rdata..............................@..@.data....M.......6...h..............@....pdata..@...........................@..@.gfids..............................@..@.rsrc...<...........................@..@.reloc..$...........................@..B........................................................................................................................................................................................................
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-JUHGV.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):25664
                                                                                                                                            Entropy (8bit):6.321742244690199
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:IUUSzG5Eiqu07TKQ2Eqjy9gZ7cFq+33XBhzWcvGWCPc4HRN7gwslHa83//:IUUUG5Ezu0vKDEZjHnRnIBU
                                                                                                                                            MD5:3FC2AA5A1717ACCF911040B215BCE29E
                                                                                                                                            SHA1:4B70D0392884C1DFD5EC66242EF58F7F804F58E8
                                                                                                                                            SHA-256:8D0BBBD3DA37805186B4958E9EB8C7DA038A759176E26EAE64DBDEA75E535AD2
                                                                                                                                            SHA-512:C74240A310AD5F236A805B40C8C407F0BF501BA6664E259FFF610DEA0D0148628DF01EA96DD1D03A7C6CB01C7F59D374CB9B2E613A0B93813CC590AEAF0E2D4B
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...pZ............" ..0..6..........NT... ...`....... ....................................@..................................S..O....`...............@..@$...........R..T............................................ ............... ..H............text...T4... ...6.................. ..`.rsrc........`.......8..............@..@.reloc...............>..............@..B................/T......H........+..,#...........N......xR........................................{....*"..}....*..(....*..~....%-.&~..........s....%.....(...+*.0..4........-.r...ps....z......(.....(......-..........*......*...~....%-.&~......-...s....%.....(....*.0..(........-.r...ps....zs......,...o........(....*:..o.....(....*...~....%-.&~..........s....%.....(....*..0..1........-.r...ps....z.,.s......,...o.....o.......(....&*....0.....................(...+*v......(...........(.........**....(...
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-KABB2.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):838144
                                                                                                                                            Entropy (8bit):6.026027954509716
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:1LNPjDtPnj13/PvaDh3sc1ZE2haZ9kyxWHSIquooUsQ:1LNPjDtPnj13/PvY3sc8ZxWHBooUsQ
                                                                                                                                            MD5:B70274014C925937F0F2E79DE6A17615
                                                                                                                                            SHA1:F0C7F4D5F977C99A3205EE5C1C8C838BA4A81BCE
                                                                                                                                            SHA-256:08F1F52716216FDBF4E918C88BEDD87C13D06D914E4F39673F2528237638107C
                                                                                                                                            SHA-512:7CB67D07C136F48231DA2A2FDCB7F93E8A63A391D09CEB56C12287B93A58E3FE9117313DA4578F2225B178ADB2BB5E0BF8D75D076C79BE7823CCD42389F5DFDF
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O............" ..0.................. ........... ....................... ......W.....`.................................@...O...................................x...T............................................ ............... ..H............text... .... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................t.......H.......h...............H..............................................."..(....*..(....*"..(....*..(....*..(....*..(....*.(....*"..(....*...0..B.......~..........(a...~....,.~.....ob......+...(......oc......,..(d....*........../7......"..(....*6.(.....(....*..0..........(.......oe...&.*.(....of...*2(.....ob...*....0..?.......~..........(a...~....,.~.....ob...+...(.....og...&...,..(d....*.........,4.......0..?.......~..........(a...~....,.~....oh......+...(....oi......,..(d..
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-KC69A.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):287384
                                                                                                                                            Entropy (8bit):4.549852703698328
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:nb1Od3D/b8dRmq0oul2c7/MHsV1kLAKzBb0ZvyPUQ+hw/:nb1+3DGmTo22A3iAKzBUQ+S
                                                                                                                                            MD5:7511021A587AAC7403B761017E7D65A9
                                                                                                                                            SHA1:49038CDCB26B4DCC37F017787265180478E894B5
                                                                                                                                            SHA-256:8C3EF771FA409881AC7CBAEFD0C8FFAAC0E998E0B6AA03F31DA954FA89C78A46
                                                                                                                                            SHA-512:F278A657113EF5A20EA741E86FBF3C413D097D5921512434C9367F053CB29A39D33718DEBDFCCAF973F80CC3DB8AF28CEA5FC436A93D4AD0F9C244B9CB256E2F
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: .........mqFi~..7.3.492.22.......................................................1...............0.......... ....6.........................................................................*....................... ....U......$.........a......%......%... ..%......$.........Q......)......)... .......$.........a......-......-... ..U......$.........a......1......1... ..9......D.........U......5......5... .........$.........a......9......9... .........$.........a......=......=... .......$.........a......A......A... .......$.........a......E......E... .........$.........Y......I......I... .......$.........a......M......M...(......!..... ...........................Y..............(......1..... .............................A..@.................................................................................................................................................................................................................................................................................
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-KE0KN.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):36416
                                                                                                                                            Entropy (8bit):6.181858754180119
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:HOBVTHyqXeGfbUnEsxaWYUeIBuiglpTcZZzBqyVO:HOvdXNN4aLUrBuiwi/zBqyVO
                                                                                                                                            MD5:30F911D2FF61105F7B5680006A9E4DEF
                                                                                                                                            SHA1:12285FFDA48A642F3B06B06CE73F79341475C006
                                                                                                                                            SHA-256:42BBC209A1A39F3BAB6652478DE1BC7DD240146E3B668D34253425EB663BCC4F
                                                                                                                                            SHA-512:BCC6E1B979A370D1E11083327776364620E7055CF21D05F56F5867839DE77C5C3823BD1ADF123865533263FE7766A6FDE6E66A55535C705A9097662E1181D463
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6............." ..0..^...........|... ........... ..............................bT....@.................................t|..O.......8............j..@$...........{..T............................................ ............... ..H............text....\... ...^.................. ..`.rsrc...8............`..............@..@.reloc...............h..............@..B.................|......H........9...>...........x.......{........................................('...*..('...*2.|....((...*"..}....*...0..K........-...(....*...o.....+..o.......(......X..o)...-....u......,..o*......(....*..........2......"..(....*f..{.....b.{....X.ja}....*..0...........-..+..o+......(....*....0...........-..+..o+......(....*....0................-..+...o,......(....*2 ....js....*V..}.....(-.....}....*..{....*"..}....*..0...........(.......(....*..{....*..0..E.........(/...-.(0...&.
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-KL16B.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):513536
                                                                                                                                            Entropy (8bit):6.025227663105768
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:YnfnRe200wJT4WQ+NOStYVlJHMGwH7fu:ODIrQ+NOS2HMGwHT
                                                                                                                                            MD5:047BCA47D9D12191811FB2E87CDED3AA
                                                                                                                                            SHA1:AFDC5D27FB919D1D813E6A07466F889DBC8C6677
                                                                                                                                            SHA-256:BC4BACC3B8B28D898F1671B79F216CCA439F95EB60CD32D3E3ECAFBECAC42780
                                                                                                                                            SHA-512:99505644D42E4C60C977E4144165EA9DEA8F1301E6456AA809E046ECC84A3813A190CE65169A6FFEF5A36AD3541EC91002615A02933F8DEB642AA3F8F3B11F2F
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Q............" ..0.................. ........... .......................@............@.................................1...O............................ ......d...T............................................ ............... ..H............text...\.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................e.......H........i...[............................................................{<...*..{=...*V.(>.....}<.....}=...*...0..;........u(.....,/(?....{<....{<...o@...,.(A....{=....{=...oB...*.*. ... )UU.Z(?....{<...oC...X )UU.Z(A....{=...oD...X*.0..X........r...p......%..{<........+...-.&.+...+...oE....%..{=........,...-.&.+...,...oE....(F...*r...(....(G.....}......}....*JrG..p.......(H...*2.,...s....z*..{....*N.,...i./...s......*N.,...i./...l......*....0..............+....,..*..X....
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-KMV4G.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):32120
                                                                                                                                            Entropy (8bit):6.2478121426070095
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:T3IDcGf5H2ZZ6X8P1Z4MPbguVJNMU0Ecd1z2jzJNStRm2ioTTNzMSbWlzWX+VkWY:bIDcUH2ZRXPsaS3JiANzzbWzIBNnD
                                                                                                                                            MD5:2CC772C2E93D19E28098E17A6A6EB03D
                                                                                                                                            SHA1:790B8F91CF0688B92152112305B9C076CCB7D889
                                                                                                                                            SHA-256:276C50519E010FAB6CAD092F192E470D07E44C633399A4BBE9303D9C9AED0A98
                                                                                                                                            SHA-512:980EAC653EAF674310B9CE543BFC967DECA56B3ED47B917E4916E7A7EED13584E05DEAA5639C2F3EB6E0671C2795E6948D1A22ADCA1D8AAECBE77696AA2088A3
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....{..........." ..0..P...........o... ........... ..............................Qz....@..................................o..O....................Z..x#...........n..T............................................ ............... ..H............text....O... ...P.................. ..`.rsrc................R..............@..@.reloc...............X..............@..B.................o......H........(...E...................n......................................f..}.....(.....r...p(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..(....*:.(......}....*r...{.....{....%-.&.+.oZ...X*..*...0..A.........(....,.r...ps....z.{....,..{.......o....-..{....%-.&.*.o[...*.*....0..s.........(....,.r...ps....z.-).{...., .{.....o....,.....{.....X..}....*.{....-.
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-L144U.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):615936
                                                                                                                                            Entropy (8bit):6.0635112133926095
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:Ojf7oE4CA0e9shhGj85m/9YRM+dmyKYVqizvNfiXs:iO9IHmybq6i
                                                                                                                                            MD5:A0E5F46941452AC9C49C8F12B209ED0F
                                                                                                                                            SHA1:42D260BBB2644E5B67695E9AF5509FD7D307294D
                                                                                                                                            SHA-256:2E11BC177FC01DEA085FEF26CDE314EDEA059975B597827AEEC0B19BABCAB4AD
                                                                                                                                            SHA-512:D8296337F533115FAE262E87E8B64D6FA0E6B1D7E7F2E288618F6D7684A11643299D2E9449A66C3ADC966C18254B02DD17E6329B1C2B595255086BD1919C7BBA
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....M._.........." ..0..^...........|... ........... ....................................`..................................{..O....................................z............................................... ............... ..H............text....\... ...^.................. ..`.rsrc................`..............@..@.reloc...............d..............@..B.................{......H............a............................................................(%...**.u.......*..*.r...p*....0...........(%.....(......(......(.......(.......(.......(.......(.......(.......(.......(.......(.......(.......( ......("......($......(&......((......(*......(,......(.......(0......(2...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}..
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-LOTOK.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):24952
                                                                                                                                            Entropy (8bit):6.190902286578023
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:TcsdCQ+/LO9M9mUy+UssKiGN5wKGG7LxRN9sczWid4WbWixHRN7Q0uw7lGsTd:TndCQgV9mUy+/LimAxicyTCG
                                                                                                                                            MD5:274F43F079DB665D1BBBABBF1A1BE712
                                                                                                                                            SHA1:208E2E7B3C3B915770B095C4AC0FBA6F80281FE9
                                                                                                                                            SHA-256:C25BBD7BA62A28424A83CB71470D0A9CBC98538D5601162013B0867E10C52769
                                                                                                                                            SHA-512:F7A4294B292FA35574467ED07CB2F797BF74BB30829355078748DBACE668C63F6EFC9092ABAC56A3AE9B97942634A81001F6324BFD1CF003A3BCE61CF9402D95
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....%..........." ..0..4...........R... ...`....... ..............................".....`.................................SR..O....`...............>..x#..........\Q..T............................................ ............... ..H............text....2... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............<..............@..B.................R......H........*...&...................P.......................................0..I.............r...p...........r...p.....r...p.....r...p.....r...p.....s.........*:.(......(....*.~....*.~....*.......*.~....*.~....*.......*~.(....,...(...+(.........(....*..(....,..,....(1...(....*..(....*..(....,..(.....2...(...+(.........(....*..(....,!.(.....2..,....(1...(....*..(....*..(....,..(.....2...(...+(.........(....*..(....,!.(.....2..,....(1...(....*..(....*..(....,..(.....2...(...+(....
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-M60AN.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):43008
                                                                                                                                            Entropy (8bit):5.767339638518941
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:cmvOuwGhG3cx68HmuN5NEV2NzungMqBK+MHN98sOYFUsTLMB1z47FrH0P3:cuE3cxRHpEwNzZBKbnMB54tU/
                                                                                                                                            MD5:EC154043DD58F7834EEB093BC4D0D7D3
                                                                                                                                            SHA1:052F320731F3F35DD10DE4149B27F0C8437A21D2
                                                                                                                                            SHA-256:4442104E5A3620B5E927B50C02325D4A2F873851CE73BD063B7E17F2A344BC2F
                                                                                                                                            SHA-512:2CAC794852CB182004FC01F7061563DC8512C60591E67249E7AA9F4FB4282DC71142AE36A371DAAD32FBA719A119055886EC8A63C31DACF0FC8EAAF7551D0513
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....A............" ..0................. ........... ..............................S.....`.....................................O.......................................T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......@E...s..................,.......................................6.o#...(....&*...0..O.......($........(%...(&...o'...o(........(%...(&...o'...()....o*....(+...(,...&(-...*..(....($........(%...(&...o'...o(........(%...(&...o'...()....*.($........(%...(&...o'...o(....(....&.(,...*.($........(%...(&...o'...o(....(....&.(/...(0...*...0..(.......s.......}1....o1............s2...(.....*&...(....*...0..(.......s.......}2....o1............s2...(.....*.0..(.......s.......}3..
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-M9O4R.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1750016
                                                                                                                                            Entropy (8bit):6.327861785609943
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:hGVdt3pp57yLfFkPPlDexecak3PLOiSqcDnKwJ++e6P4ZcVQC9AAorQKtO2kT62T:hGN
                                                                                                                                            MD5:CF23CC10046F463BA2F929B3491BE3CC
                                                                                                                                            SHA1:1763511C3103F191D046AE8A25B344755D042FF5
                                                                                                                                            SHA-256:E1C1C19DA47F763B207569EAAEC7AB26203720FEA2546178CF30630292DE22CB
                                                                                                                                            SHA-512:A6C190E8B9A2FB59174ABEF52CBFCDBAA4618019450E860EC1B490643EE26AB33C9352CCB376EDCC52EA1D659AC5B8FA8FA9560A25F616DFE098B7455118EE55
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7...s..s..s..z...u..m...q..H...q..H...k..H...x..H...w...(S.v..s..q..s..............r...g.r..s...r.....r..Richs..........PE..d....(.\.........." ................VI.......................................0......]2....`.........................................p....5..,N..........X....p...i...............!......p...........................0................0..............x...H............text............................... ..`.nep................................ ..`.rdata..^D...0...F..................@..@.data...h............b..............@....pdata...i...p...j... ..............@..@.gfids..,...........................@..@.rsrc...X...........................@..@.reloc...!......."..................@..B................................................................................................................................................
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-MVP0S.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):330752
                                                                                                                                            Entropy (8bit):5.817936874798756
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:upkr2dY/aBcjJOBHOBIQBajMtWvoJiLE1+XgRKz89G/4ZSb0Funwh6DsN2PIpCrX:upkr2dY/aBcjJOBHOBIQBajMtWvoJiLX
                                                                                                                                            MD5:7684D620EFF7F6E94B0C2313AC5A93F7
                                                                                                                                            SHA1:CE010A06DAC5CCA2D717EA942F08F36DC610A2DC
                                                                                                                                            SHA-256:4FE6DC8020B0A822C5D3F00A7EF424C469D91AD801022BF2D59FD693D3B58FEF
                                                                                                                                            SHA-512:D99EDDA9D0D472C34C9F2463E6AE700C9ADEA64C6CDC671F69249B98C86D23BC9869930992FD293EE2F31520FF69B1B6FB38D3A4770FDAC808E41ED8A1B0642E
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...(.H`.........." ................."... .....@..... ....................................@...@......@............... ......................h"..S....@..p....................`....................................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B."..............H................................................................................0..............{r...9........{r...o....**...0..............{s...9........{s...o....**...0..............{t...9........{t...o....**...0..............{u...9........{u...o....**...0..............{v...9........{v...o....**...0..............{w...9........{w...o....**...0..............{x...9........{x...o....**...0..............{y...9........{y...o....**...0..............{z...9........{z...o....
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-N149V.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):79872
                                                                                                                                            Entropy (8bit):6.013999510296779
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:0QEJucQZ2jKBL3l9rHhB+BDrkJZMpFFJP9TApG4ld3Y:jEJQsjKbNH3ZMpD0pBdo
                                                                                                                                            MD5:ED06E5595F283CCE8EC5A7860154A67A
                                                                                                                                            SHA1:6F3733804D47FDD483754D5C63B7FF5B7AC23E93
                                                                                                                                            SHA-256:F15FD34E3D08FD9DF5C6AF573914392FDE4757E700F44D3A9BE99A269F6E1812
                                                                                                                                            SHA-512:5A59640BC2618C8BE3AE5FCB52A4B66AF12ED9868EA5C2D532B4EB8082B90F762C5B1FA89F766C0D440EE451BFA03886B3BFDB54809C19F610E14851D32CB28A
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'............" ..0..............G... ...`....... ....................................`.................................jG..O....`...............................F..T............................................ ............... ..H............text....,... ...................... ..`.rsrc........`.......0..............@..@.reloc...............6..............@..B.................G......H......................................................................0..Z..........o.... BCV.j..r...ps....z....o....i(........o....i(......(.....?...}.......(......(....*...0.............((...,X..o....i.X....+6..(......Y(....o....i..+..{......%.X.......Y%.../...X....(....2.......+b...((.......+J.,..((...,..{........o....i.X...X.+..{.........{........1..{...........X.....(....2...%..}.......>........,-..(.....c2".(.....?......{.......(....(.......,....+...........-..(.....
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-N79BS.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):864626
                                                                                                                                            Entropy (8bit):6.681385087704162
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:riyBDej/GHcSgEalEJxd0NvmdXWq1aSDQYaZMjXksICkoEkSCeYqnHgs4jTlpv3d:vBDej/v3fqj0o+Lgs4jTVg5u/oFRFMT
                                                                                                                                            MD5:065140DE55434F35F9C5C10764C29EE4
                                                                                                                                            SHA1:4BB734F61C04BFC68F7E15F128A2853A5F7649EA
                                                                                                                                            SHA-256:EF2C632CA52B27D464D6D3D8CD1B5B31B62B1102845682C680CD2BB102C5FCA0
                                                                                                                                            SHA-512:552E5F79A41E78AFD191394CB4CC5A8AB0EAD3A0EC1706066E85B4AA3F2A80FF0674DC8F9232A3F123C8C60A9E63D63BC84B79F7C357FF7C7A85B6C98EBE55EE
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ...................5p....5x....5.....5.P...5.[...5sk...5Eu...5.....5U....5._...5.e...5.k...5zn...5pr...5 u...5j~...5)....5....5v....5.....5,....5.....5.....5.....5.....5.....5.....5.....5v....5.....5k/...5.3...5.7...5.F...5.J...5.T...5.\...5.d...5.j...5.q...5.t...5.....5m....5.....5.....5)....5.....5UK...5.[...5 n...5.v...5x....5.....5.....5.....5oA...6.c...6.c..0C.e..1C.i..2C.p..3C.v..4C.y..5C.z..6C....7C...8C....9Co...:C....;Cf...CC....DC!...EC....FC4...HC....JCF...KC....LC@...MC....._....._.*..._.E..._.F..8c.F..9c.J..:c.N..;c.Q..<c.T..=c.U..>cZW...d0[...d._...d.`...d.b...dgc...dZd...d.d..dd.e..ed;...fd....gd....xi....yi....zi....{i....|i'...}i`"..~i.+...i.-...i.4...i.:...i{?...ioF...i9H...i.L...i.P...i.S...i.W...i6b...i}f...i.h...i.q...i.y...i.{...i.~...i.....i.....i,....i.....i.....ig....i2....i1....i.....iF....in....i.....i3....i.....i.....i.....i.....i.....i.....i.....i.....i.....i.....iD....i.....iJ....i.....iO....i.....i.....i.....i.....iO....i.....i.....ii....i.....i.....i|.
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-NPL4I.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):50176
                                                                                                                                            Entropy (8bit):5.699602888078426
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:eOvZcZ5ltg0F1/0Gz9k+aBkUQnv8TLg0z4S9lA:eOvZcZ5J/1Rk+bF8TvhA
                                                                                                                                            MD5:23AD60351E197A0F275F2FD37006897B
                                                                                                                                            SHA1:7CEB00C938886A8752F6FCD119EECA3D326F491E
                                                                                                                                            SHA-256:3E6BC9AB18CB6A563B1245A4BE83733D5212C33CBF6384BED22D20A67D6D1CC0
                                                                                                                                            SHA-512:43353174D1EAF073D6A40337F819D44C83D8762C768B4EDF458364B1900957A8CC78E404019921866E04E98B6C979686D618A8B9D5B1C0D3D0D48DF7EB0ED596
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d............" ..0.................. ........... ....................... ............@.....................................O.......................................T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............S............................................................(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*..0..K....... .....!..........+/....+..._,...d ...a.+...d...X...2.~.........X.. ....7.*"..}....*~.~.....{......a..{.....da}....*.0../.........+&.~.....{........X.a..{.....da}......X...7.*&.{.....a*Rs....%...o....o....*2...(.......*:..}.....(....*..*..*..*~.{....o.....{....o....X.{....Y*..j*.*.*..0..\.........+R.{....-..{.......o.......X..
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-NSTA9.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):184832
                                                                                                                                            Entropy (8bit):5.785981035180959
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:oBJjiZi/XR43K75s0n2s5hbbIcnDEzIYt/hOYkJcyaHz6KP8ci:mNh7r2G/4zIsFYcdT6KP8ci
                                                                                                                                            MD5:73EC39B1C3F2676BFE0FDE1AC06DDED5
                                                                                                                                            SHA1:5ACFD02A7EFA7A19609602A5092D16E062899B23
                                                                                                                                            SHA-256:21FA05442B2289E4A33B70C0AA54B636675790CC1FD39C90C0719FC342CB1FE0
                                                                                                                                            SHA-512:CF8FFE3D6D40D6BD10A52EA46372DCED8CC6765F385022E4119722D0A431A1EC288FFF04D6BD969C83DE8FFF8327515A3168E1B49549FF1CF3B8A52F0040F154
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......\.........." ..0.................. ........... .......................@......>.....`.....................................O.......<.................... ....................................................... ............... ..H............text...0.... ...................... ..`.rsrc...<...........................@..@.reloc....... ......................@..B........................H........................V..p............................................0..,.......~....s .......o!......r...pso.....r...po"...&.o#...o$....o%....o&...&...r/..po"...&.o'...o(....+A.o)...t.....,...+..r9..po"...&%o*....o%....r?..po"...&o+....o%....o....-....,..o......,*.........os........o,...o"...&.rG..po"...&.o&...&.rQ..po"...&.o-....o%....r_..po....&....o!....(......op...Q.o/...*......_.M........0..n.......~....s ...%..rc..pso....%r...po"...&.o#...o$....o%...%o&...&%rQ..po"
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-NU1I6.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):33008
                                                                                                                                            Entropy (8bit):6.634125715396813
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:KR9PEIXHrMzTGaBb05Mlw065eUGef8x72tdGanWsJWXGtF0GftpBjOzc4HRN7cJ5:KRFRXAvGSYSbBE+c+iwzBc+Kl
                                                                                                                                            MD5:0F384AFCF671483188B9019D3B7457A7
                                                                                                                                            SHA1:79A73A170BA0596D8E84A432DD2CAA2FAF831BEE
                                                                                                                                            SHA-256:2C9CAD6410E37E44FA73CCCB576F418184F1AE5A0A257E165A136BDAA941A0C6
                                                                                                                                            SHA-512:713DFEA9FCAD5DD6924C3FDEB0D279D104C85DF5C12B2CA125868FA71A6F2DB14F098473233902D5783D8276369D6F9903AB4C096FC88DAEE10A84CBA418090F
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r.\.........." ..0..8..........jW... ...`....... ....................................@..................................W..O....`...............B...>...........U..8............................................ ............... ..H............text...p7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B................KW......H........0...%...................U........................................(....*..(....z..(....z2.(....s....*2.(....s....*:........o....*.~....*~.-..(......}......}......}....*~.-..(......}......}......}....*Z..}......}......}....*J.{....%-.&.*o....*^.u....,........(....*.*~.{.....{....3..{.....{......*.*&...(....*2...(.......*....0..'........{......,..u....%-.&..(...+(....*(....*n.{....,..(....s....*.q....*..0..a.........{....o0.....,;..{....o2...(......;...3.~.......s......
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-O5QOR.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):43152
                                                                                                                                            Entropy (8bit):6.137234963318556
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:GnXppnvYs47bNql0kevR9SDQxSWIfYYL8oRT3KI3lUlBmeEZeTfyDxdQocwc1fVZ:gXDQsPurQcR3y6JOnSHDYFD9VioLQJ
                                                                                                                                            MD5:7D3D14B0417A68CCDD9C51972FF74863
                                                                                                                                            SHA1:CEACBD53B6A02E1F7337A6B0058924E1E11949BB
                                                                                                                                            SHA-256:04113C8549185519F3202790CEB23DF609644872B9C249A56D2BCF59566102C4
                                                                                                                                            SHA-512:B2D133214F21D700E1AF0C248DCC11EF66EA6DA62043FF6D5E900FE2A1665D75583E4CD218526A146F2C62E22ADF4CA2FA3B8879AE0F5A2E515E2C3A5184CE9C
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0..Z..........Bx... ........... .............................../....@..................................w..O....................j...>..........8w............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............h..............@..B................"x......H........$...............R.. $...v......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2r=..p.(....*2r}..p.(....*2r...p.(....*2r...p.(....*2r%..p.(....*2r]..p.(....*2r...p.(....*2r/..p.(....*2r...p.(...
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-O72HK.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):83088
                                                                                                                                            Entropy (8bit):7.251887937703857
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:ohk6tKfYMT5co1Qgnb2Az8jt/0GJDRJJlAtRAQRd6ZF:4bcwMeo1pbn8jt/fhjJKtRZr67
                                                                                                                                            MD5:532E1919F0A23BBB8B634B8CADAA664A
                                                                                                                                            SHA1:8E56B5C54784AB4ED038C606EBDDDE4C3A17DA16
                                                                                                                                            SHA-256:03C4B766A844CA448ACEC5BB2284910EBB531C33C47339758F123D11DBE0205B
                                                                                                                                            SHA-512:ED8D316A77F2B96845744ABB92C9961ABCEF6B8AFC01038575696A63F64E9C679555149E99B095194DDBAC4BC5FD9FCB146C5C48DBF3973D7FB0C9301B928AF2
                                                                                                                                            Malicious:false
                                                                                                                                            Yara Hits:
                                                                                                                                            • Rule: SUSP_NET_NAME_ConfuserEx, Description: Detects ConfuserEx packed file, Source: C:\Program Files\Voicemod Desktop\is-O72HK.tmp, Author: Arnim Rupp
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...%............." ..0.............................. ...............................F....`...@......@............... ...............................`..h............(..................................................................................H...........lH.b'#sQ.... ......................@....text...P........................... ..`.rsrc...h....`......."..............@..@..."jwP...iAy..E\....p.."..^..Z.....h.h+....(..=-....+.3y...*`...!.?../y.u<X...+..X|.}.......P.P2w......e.8..b.p.Fi.~#.: ....:..^l.....*4...5G.=z..q>.}..%.._.d2?......:9....,..X.{.m.....a...,..>..I].u......<8kq.^.?4.....|..iR..d9Ha.P.<..#.w.*...+.....J.rF.-.^,....8L..T.....@[\......./..+.`A...N..!#.l.O.("SE....e...UQ.|...c`...}....}b.r...N......S:.b...g*mW...O.0o`.....0G..._.k$m...cU|..R.h;..<..[..E../.,P.D8{..|...,.r...\TmaDa....%[..'..D.F[:#.....C.9k.t.j.t...|
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-O89NV.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):33656
                                                                                                                                            Entropy (8bit):6.263639588321709
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:y8UwYxt9xxRb/LVRNhxHt516r4HNZ3LMZcaK2HeZLZ+TG/8j5xZjudhZHZs0ZmZD:lUwYbfxRfVRNjHDLtsE21SiUB72p8M
                                                                                                                                            MD5:390CBC5D82129BC6F4A816A7FE0D37E7
                                                                                                                                            SHA1:92B9AD43AFCC781D72334733D4ACBF87E84F2757
                                                                                                                                            SHA-256:B260E0C06E128A95109658C0E4F4A52C8C755DF52C0BF49E4166608ECD06C472
                                                                                                                                            SHA-512:48BC5486DA80BFEA8BEDB21EEB84174D3CA155A432711750D64C71EB3CCFCE5234668B23DAED66B5671167A7D5672862813F51FB456E754EE183C436D74560D1
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..V...........t... ........... ..............................(.....@..................................t..O.......0............`..x#...........s..T............................................ ............... ..H............text....T... ...V.................. ..`.rsrc...0............X..............@..@.reloc...............^..............@..B.................t......H............E.................. s........................................{....*f.s$...}.....(%.....}....*:.{.....o&....*....0..V.......~....%-.&~......{...s....%.......{....(...+o(....+..o)....o*.....o+...-....,..o,.....*........1..J.......0..*.......s-......oE...(...+}......../...s0...(....*...0.. .......s~......}............s1...oF...*.0.. .......s.......}............s1...oF...*Z.o....o...+%-.&*oP...*F.r...psA...o....*..(%...*..(%...*2.s3...(....*:.(%.....}....*..{....*...
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-OFKEI.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4648960
                                                                                                                                            Entropy (8bit):6.1584636055571815
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:1X9sdj3fmK3gdryZfhsMZSQNXDNkweUSTi2liVEz9a3y8dK2tbUHe:pCd6KArGCMZSQtN91UH
                                                                                                                                            MD5:ED8E4BD712208A08A1D73D1A716C7FC9
                                                                                                                                            SHA1:2330C672FD8F74264EDA78AD1F564BD6ED01E882
                                                                                                                                            SHA-256:F4973D169AEB453B4B75F6405894354FD498BA1F509B792EBF6018FBC90A4E30
                                                                                                                                            SHA-512:B5885E8993F2CC0C987D0F41D9A2DB73CDD3996CFCF83535AD9AAA9C6F012E78979B939A41D6B6FFA47A9D1D7938A0E7054AD1D92D49F8C4868C01F6F892B031
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I............." ..0...F.........B.G.. ... G...... .......................`G......gG...`...................................G.O.... G......................@G.......G.T............................................ ............... ..H............text...h.F.. ....F................. ..`.rsrc........ G.......F.............@..@.reloc.......@G.......F.............@..B................$.G.....H.......8v..X.;...................G.......................................{....*..{....*V.(......}......}....*...0..;........uT.....,/(.....{.....{....o....,.(.....{.....{....o....*.*. ..p. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*.0...........r...p......%..{.....................-.q.............-.&.+.......o.....%..{.....................-.q.............-.&.+.......o.....(....*..{....*..{....*V.(......}......}....*...0..;........uW.....,/(.....{.....{....o....,.(.....{...
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-OGLK3.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):37440
                                                                                                                                            Entropy (8bit):6.081048090601344
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:23VVPCLgCcYGJiHB/lWnQV46YlER0+NUoiw+NTzW4/LWCdc4HRN7F3lvMhbAtTSw:CbPmgC4iHVYQVTFN+w+N5LBFI
                                                                                                                                            MD5:BD0CB2BC62A2485E93AA36FA6941C0CE
                                                                                                                                            SHA1:453CFC5D9A9CB9C54EC38FEF07D7BB3289484C7E
                                                                                                                                            SHA-256:4CBAFB5C80B11692638D857C0227429F56CD27DEE8FBF85B75CB1A98C8A86F84
                                                                                                                                            SHA-512:14C74166CD8F010CC6F0C496931E0AD11B9292E35FD3C899620980432C191EF4E44A44100D675B5D288BC779FE850E0727E161EE718CAA60D1FDE286BD65A8AA
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....~............" ..0..b.............. ........... ....................................@.....................................O....................n..@$..........p...T............................................ ............... ..H............text....`... ...b.................. ..`.rsrc................d..............@..@.reloc...............l..............@..B........................H.......(;..H?..........pz.......~.......................................0..j...........Q.o.......u/...%-.&.+.&.o.....0...(....(.........&.......,).,...o....Q.P-..o....o....,...o....(....Q.*...........5........(....*.0..@........-.r...ps....z..(....,.r...ps....z..(....,.r+..ps....z....(....*..-.r...ps....z..(....,.r...ps....z.-.rQ..ps....z....( ...*..-.r...ps....z......(.........(....(....*..-.r...ps....z..(....,.r...ps....z...(....*~.-.r...ps....z......(....(....*..-.r...ps.
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-OI1OH.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):133496
                                                                                                                                            Entropy (8bit):5.832353582822319
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:JM4ktG1k6d6Lkm4B42T3GJnGyu73mVcmqqQg3+zoYZJaLM:CtG5EJH22Z+zVaY
                                                                                                                                            MD5:220971F2E846BE31E127F669D979396C
                                                                                                                                            SHA1:E12B22755C8182FFE2CE81FC742A28A43F583BC6
                                                                                                                                            SHA-256:0F181DADA69A149C7F79756813C5CE0545DD5EFD93B8C6A8985323BCD5291ABE
                                                                                                                                            SHA-512:08D0A0F60E80B04631A56AB3C5F48D79C6A1437A02F8C30CBA090B2DDBA05AE561794B55106B9A079EB2DAF0873400D60589ED4D499A92BA775C57582E576B8E
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...xJ............" ..0.................. ........... .......................@.......{....@.....................................O.......................x#... ..........T............................................ ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H..........<e..............h...h.........................................{'...*..{(...*V.().....}'.....}(...*...0..;........u......,/(*....{'....{'...o+...,.(,....{(....{(...o-...*.*. .f.{ )UU.Z(*....{'...o....X )UU.Z(,....{(...o/...X*.0...........r...p......%..{'....................-.q.............-.&.+.......o0....%..{(....................-.q.............-.&.+.......o0....(1...*..{2...*..{3...*..{4...*r.().....}2.....}3.....}4...*....0..S........u......,G(*....{2....{2...o
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-OU5IA.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):45056
                                                                                                                                            Entropy (8bit):5.827848761463854
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:zjwx8j4xcaCPlqxXukpnlMyYm8EQxxlq7kaz:zWCPQxXukpnoAYxEwaz
                                                                                                                                            MD5:95E7F2457DA5B9E710DAC09740C16463
                                                                                                                                            SHA1:1E81F71D1B69951517EAE13CF5E96ACD28FAEB99
                                                                                                                                            SHA-256:544AA327EA022E6A8046F2C2FBC822714415AED716F1F0EC37CC707043CD58CB
                                                                                                                                            SHA-512:97B14EE4D1FFFA4331AE911DDEB0DD4E2B8EB5DB10F3D2DDD8A7A3B562A0110C5BE19A72B3365D4F12B5B2543A9CE323143DC4A349C0481C93CF1C56E19BB5FA
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a.+..........." ..0.............6.... ........... ....................... ......s3....`.....................................O.......................................T............................................ ............... ..H............text...<.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pN...s..................`.......................................6..('...(....*r..((.....}.......(....}....*..{....,1.{....-)........s)...}.....(*..........s+...o,...(...+*J.{.....(*...s....*...0.............s........(.....o....*.0...........o/....3?.{....,s..}.....(*..........s+...o0....{....%-.&+.o......}....*.o1....33.{....,+.{....,#.(*..........s+...o,.....{....(....*....0...........{....-.....r...p(2.....(*...s......(*...o3.....,[.(*...o4...,B.o5...o6....+ .o7...
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-P86LN.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):26176
                                                                                                                                            Entropy (8bit):6.373614376396436
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:kfCpdoVDPMbHdJs2tIY+UMg3f/baO+U07zWX1VWWC/2c4HRN7v0Hll3t3Mma:rpduwBD2peM9c62Bv0HOp
                                                                                                                                            MD5:BA5145200FCEA6B50A2223F98B468BD3
                                                                                                                                            SHA1:7AF4F0B8A4A7B75763BBC72C5C3EDF3D85FD8A50
                                                                                                                                            SHA-256:5971CA80CF7EC34845334C9734542CD4DE2548FB15192A19E6DF3272019E6317
                                                                                                                                            SHA-512:3E442028CB9208B1925D53BC3F0146FA832E1A912B8C09DACC6B5EE419C78931E4B5E256D58299A3ADB9F54B2A66F24E454BE74017FD0F0E2FBE5B7E98ADA464
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...!............." ..0..8..........FV... ...`....... ....................................@..................................U..O....`...............B..@$...........T..T............................................ ............... ..H............text...L6... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B................%V......H........*...(..........<S..@...|T........................................-.r...ps....z.-.r+..ps....z.s....%.o....o....&.*..(.....-.r9..ps....z.o....-.rG..ps....z..o....}....*f..{.....o....Q.P(.......*:.{......o....*2.{....o....*.*..0...........,..{.....o......+..{....o.....s....%.~....%-.&~......I...s....%.....(...+o!....(...+~....%-.&~......J...s#...%.....(....(...+*..{....*"..}....*..s....*..(....*..{....*..{....*r.-.r9..ps....z.(.....o%....*....0..C.......s&.....(....o'..
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-PAE5B.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):26112
                                                                                                                                            Entropy (8bit):5.348439469346999
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:UB4DTQ6l1C38rsiLheQe44/gHwbdAp5QBHkIPkbhZPnL9etPLY2nc1j322OCt:Ul3NiLheQTUHgbr4tBMvJt
                                                                                                                                            MD5:7615C5A23DDD0F7B35CC2E5CBD602075
                                                                                                                                            SHA1:8CF08282C6F76715F9A84F86F54BFF49A8D4782D
                                                                                                                                            SHA-256:1A5A839A7AD5A822F8732F65E513639FA7270A8603DBB04440FB3A7562BF3AC3
                                                                                                                                            SHA-512:07D10213C9EA9457541AF01526E3E88EC9DDEC32EDF0BFD471B06D0FBCF2303E8E4633624EB184E090F12397AD8E0408D20BE06E172F1F0CBEA6FC0790962369
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....$..........." ..0..^..........:|... ........... ....................................@..................................{..O....................................z..T............................................ ............... ..H............text...@\... ...^.................. ..`.rsrc................`..............@..@.reloc...............d..............@..B.................|......H........5...E...........................................................~....*.......*..0../.......~..........(....(....-..s....(.......,..(.....*..........$.......0..0.......~..........(....(....-...s....(.......,..(.....*.........%.......0..4.......~..........(....(....,.(....o*....(.......,..(.....*........!)........(....*Vr...p.....s.........*..{....*"..}....*..0..)........{.........(....t!.....|......(...+...3.*....0..)........{.........(....t!.....|......(...+...3.*...
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-PKIO4.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3659767
                                                                                                                                            Entropy (8bit):7.084438561729492
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:8fqIhm95VTZGMRUYI5vcu2YFww/beubBoSxPoolWaPa56Mn6mfPe/i4g9vxWNl2u:2mjVOcuMnffmg9JzyCLd2f7J/
                                                                                                                                            MD5:3F25F3CB727EC8A91891F8EC21657212
                                                                                                                                            SHA1:09F37AFFF84B2445F0AFA8CBB803D53BADA62080
                                                                                                                                            SHA-256:F8A79E0F94E8A6EF849AED1910040C7D8A4C8A61487EB67163509008C9CDB33B
                                                                                                                                            SHA-512:C931C465C0BF1480978DF9EE192BC52BE82613707BD9ED813E7857A66C55386498825FA300F028AB59D0A64A1F7B5E3936ED777E97F1AEE42F9A2EF8FB68827D
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............x.....y.."....?*.....,....\/....@8.. ..;...*.F...*.G...*.M...*.Y...*C\...*$]...*.d...*Ar...+.....+....+.....+.....+*....+ ....+D....+.....+....+.....+(....+}....+.....+.....+.....+.....+*....+.....+.$...+.&...+%3...+%3...+.@...+.L...+.M...+.V...+.\...+._...+qi...+Lp...+qs...+.w.. +R...!+...."+....#+...$+2...%+...&+...'+X...(+"...)+Q...*+=.../+....0+_...1+....2+}...3+....4+....5+|...6+....7+....8+....9+$...:+....;+....<+....=+....>+\&..?+.;..@+....A+3#..B+.n..U+....f+r...g+....h+....j+....k+....l+....m+....n+!...o+z...p+2...q+....r+b...s+F...t+....u+....v+....w+....x+....y+....z+}...{+....|+3...}+X...~+.....+.....+.....+.....+.....+.$...+#/...+.5...+::...+.?...+.F...+'K...+.[...+.m...+.r...+6s...+.....+....+t....+.....+.....+....+.....+u....+....+.....+.....+.....+w....+Q....+.....+.U...+m....+.....+.....+.$...+.G...+@....+.....+T....+.;...+.....+.....+F....+0....+.....+t....+.....+.....+.)...+ip...+.....+.....+.>...+.G...+.`...+.r...+|y...+.....,.....,.....,.....,..
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-PN0K5.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):28304
                                                                                                                                            Entropy (8bit):6.713739365832092
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:H1IwSyJfREPFp/yXOTF7ZWYYWmDNIam0GftpBjnaQHRN7uCgfl3:HFRJWPLaXuwDNViVLu
                                                                                                                                            MD5:A65596A77E2E206A84237ECE6AB21A1F
                                                                                                                                            SHA1:BAC34C8A68C12051C6F5395C5A759D7AB519A8BA
                                                                                                                                            SHA-256:72B10A7D404778FED460F3FF0204CF7E81A8A5A79C99132821928B63F6AE99CB
                                                                                                                                            SHA-512:E1FBEA6C58F246F71B4B6A754CC3BF5F0AED802BE6C9DAA35CA4EDDD0D6799E29EC3F64381F00F4F61330BAF6B641819BE4FDEFB9B869B60ACBED8994A407639
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=.Z.........." ..0..&..........6D... ...`....... ..............................A7....@..................................C..O....`..@............0...>..........hB..8............................................ ............... ..H............text...<$... ...&.................. ..`.rsrc...@....`.......(..............@..@.reloc..............................@..B.................D......H........'...............@..X....A......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*B.....(.........*..( ...*R.!...(...+%-.&(#...*^.!...($....(...+&~!...*.s&...*"..s'...*..((...*.*....0..............
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-POGC5.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):352256
                                                                                                                                            Entropy (8bit):6.002808938229727
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:/6NChstDEP7Wvp2+j2AnOObGd5TQlencSEFUGLT8Ap6zOxWpoUHxFNFaFeFOFwco:CNChAEyvp2+j2AUOlrBtRWplHxFNFaFI
                                                                                                                                            MD5:99DD5DE4174BF7FD09ED3AE2C21FE8E2
                                                                                                                                            SHA1:A237230EC3AC2C4E3211B7FFAEC7E2272440E688
                                                                                                                                            SHA-256:A1FD117D427918D22DDE8FFDE74587F70ADB80C2FC072BC5EBF9E4C9B69F2933
                                                                                                                                            SHA-512:BD3573DA0678B9A248109D2AEEB2DAB2ED8FEED774593D23F59665B02FB37008A72ABF9265DCDF27F42FB55D5445D90C0B0A319537E3821580D0E73F287DD4F7
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......\.........." ..0..V...........t... ........... ....................................`.................................pt..O.......$...........................8s............................................... ............... ..H............text....V... ...V.................. ..`.rsrc...$............X..............@..@.reloc...............^..............@..B.................t......H................................r......................................:.(:.....}....*..{....*:.(:.....}....*..{....*...0...........~;...}.....r...p}........(......~;...(<...,r.....s....}.......}............{............%......(=....%...9....%...!....%...%.........%....%.........s....(....*z.{....,......(=...o>...s?...z*..0..'........{....-..(......o........(>.....}.....*..................0..T........{....,K.{....o@....+...(A......(B.....,..o6.....(C...-...........oD.....{..
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-PVNDU.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):26441
                                                                                                                                            Entropy (8bit):4.3770909281655275
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:uPqpLq3l5rwrlHNHF/BEzO0AYaqFicmgC97MXtTHnXH4T4y0zpQBtY8beNnyZ:1Jq3w9NHEAYaciczS7KFHX+4HCnY8LZ
                                                                                                                                            MD5:3A090B13252A9DEC10CAA783FCCEC356
                                                                                                                                            SHA1:AAAAD826F71FB633F99C59BC84CD5FE4E5BFA39F
                                                                                                                                            SHA-256:60562B2ACF34D8FCBF96026032D81D2A15358808A05F7A06E81DDE4E288F01C0
                                                                                                                                            SHA-512:03D5A5DD64F0F2E53932F2DE20F13A42699F57AC556B1D02CD2BB19ACE1F8840C915247B769F4FC5D00700679B38328939A037F55B4D308FFA0B323D09C04E86
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: .VOICEMOD....Terms of Use....V02.00 20201112......General....These terms and conditions of use (hereinafter, the "Terms of Use") regulate the access to and use of the VOICEMOD application in any of its versions and any other application, service or function associated with it provided by Voicemod, S.L. (hereinafter, indistinctly, "Voicemod" or "we") that is not accompanied by its own particular conditions that replace them. These terms and conditions shall also apply generally, insofar as applicable, to services that are not accompanied by particular conditions. ....The installation and/or use of any of our applications and services implies your full and unreserved acceptance of these terms of use, as well as any other particular conditions that may accompany them. Similarly, the acceptance of these terms of use through any of the specific options enabled in platforms and applications, implies full and unreserved acceptance of them. ....Users of the VOICEMOD application and services
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-Q84K7.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5970617
                                                                                                                                            Entropy (8bit):5.473868768610552
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:M6NjTLFPZAnks/kMZdvvVq7kHZdvvVqJ3FyyWzm7U9gU54WTl2Cs1y3JQkcDJMua:JNc8wX
                                                                                                                                            MD5:4D022280BD5A3310692D2A2B174544A5
                                                                                                                                            SHA1:DC275104BBDFE4AD6FA62B127174776548CAC86F
                                                                                                                                            SHA-256:4DE33786C2955E4897049DED56323B4470BEFD9FBCBF56C259614DBB77AA8672
                                                                                                                                            SHA-512:9F47AB4AA4FAA5284A0BAF7E60AD87F6CF70303B6C6042CBD4593A2343D5E60E0460A2BD3EF6C1140162B347E66C7A3841DBA5F87DBAF6EB7E21DA1C0CB42F05
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ........~....p.....p.....p./...p.2...p-j...pC(...p.)...pE-...p.....p.....p....p....pe....p..#..p..#..p..$..p..$..p.h%..p.>&..p..(..po.(..p.B)..pld)..p..-..p.....p./1..p.S1..p..1..pr.2..p..3..ppn3..p..7..pc.7..p..8..ps88..p.F8..pK.8..p`P9..p..;..p..;..p..<..p.E<..p..?..p..A..pf.B..p..B..pi.F..pglF..p..H..p.7I..p:.I..p..J..p.(J..pa1K..pF.O..p..Q..pRVS..pf_W..p.yW..p..X..po.X..p.MY..pWUY..p.VY..p.]Y..p.]Y..pJ^Y..p.^Y..p..Y..p].Y..p..Y..pD.Y..po.Y..p..Y..p..Y..p`.Y..p..Y..q..Y..q..Y..q..Y..q..Y..q5.Y..qM.Y..q..Y..qR.Y..q..Y..qh.Y..qv.Y..qP.Y..q..Z..qH;Z..q.LZ..q.rZ..q^uZ..qS{Z..q.Z..q[.Z..q..Z..qs.Z..q\.Z..q..Z..q.Z..qb.Z..q.Z..q..Z..q..Z..q.Z..q..Z..qj.Z. q..Z.!q..Z."q1.Z.#q..Z.$q..Z.%q~.Z.&q.Z.'q..Z.(q..Z.)q..Z.*q..Z.+qh.Z.,q..Z.-q..Z..q..Z./qy.Z.0q..Z.....[..p&.W..,.<.h.8Xepp...H....6@.VtH..Z,.3...;.N....>\.J.2.vi3D.l.G#...P.w.W.u.k......}_..j~."~.H....SC..}]..l..$.U.....53ka.O.V..B..m.....#.e.m:$...G..7.k..5...d............ `X89.....=z-......U5..6hB.wT.....fr.nEjz
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-QQLHQ.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):74616
                                                                                                                                            Entropy (8bit):6.055068190568651
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:zOxjk4lYqDWOqzMV4dGcpoG0TtjO/ZqRSh0AAr1BKE:zOxjjlYqDWOqzMOQcqG0ZO/gRSxcn
                                                                                                                                            MD5:56D833CB79FA1BDE835EBA801899F55E
                                                                                                                                            SHA1:F04EEA7AC13ADF4224199D6362573B866E91EB97
                                                                                                                                            SHA-256:3FAE9FB43AD7C1CE9AC8D0FCB98CC893408F432D468CD6403C7C7D44C862DD5E
                                                                                                                                            SHA-512:1011803AD92CCF94F4118663D0A151AC7B1029752FDFFCB50EA24EB3042A86B01E2FC5D9D7C6C8D39BAA82F45167F8AA66D31D5605687B19B74354A61042A620
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x............" ..0.................. ... ....... .......................`......z>....@.....................................O.... ..................x#...@..........T............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......T.............................................................."..(....*....0..................(....-..J..(....3..(....*....J.(......(......,..(....-..*...(....3..(....,...T.(....*.....o......-..*..X....(......(......,..(....,..-....(..../..*..T........*..(....*..{....*"..}....*..{....-..~.....s....}.....{....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{...
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-R5P2N.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):688952
                                                                                                                                            Entropy (8bit):4.950261714888103
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:9KQHPn6csSLzk+/mVRsJWNsqb0iYm9t/62g+GSomoLpM:9K06Ik+/AlK0bBiIG9l9M
                                                                                                                                            MD5:9AAA9081A7199218A25C788AA3E65BE4
                                                                                                                                            SHA1:1834A6FF2B69121D01DA29EB1CB82ED29F493AE2
                                                                                                                                            SHA-256:0C3EB5FED8F9CE0166A4D75F41D60D8AF4D6082F77F230867511ECA0036F9A26
                                                                                                                                            SHA-512:2BAB85623E897A386CAC4BD764E1DB0254E80423744A077EF14FEA82992DE7F7EDEFF55CBD540A7D73BBFEC78AC31E8B136410E53C60F198D4325A5457BEB666
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ........kBZ.$..7.3.492.22.......................................................a..(......8...........(a..............P....6...................................................$.................*....................... ....U......$.........a......%......%... ..%......$.........Q......)......)... .......$.........a......-......-... ..U......$.........a......1......1... ..9......D.........U......5......5... .........$.........a......9......9... .........$.........a......=......=... .......$.........a......A......A... .......$.........a......E......E... .........$.........Y......I......I... .......$.........a......M......M...(......!..... ...........................Y..............(......1..... .............................A..@.........................................................................................................................................................................................................................................................................
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-R6681.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):337
                                                                                                                                            Entropy (8bit):4.9804956382798435
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:TMVBd1IGMfVJ7VJdfEyFRmJuAKr5KNWaFBRu9TZXOHM20h+KpmcY5W4QIm:TMHdGGsVZrmJ9LNFF7aoM20h+4mcYo44
                                                                                                                                            MD5:1B2788FED17A2FB23F603CCF2F2146DB
                                                                                                                                            SHA1:9E0B2888C030000EDCBE3109A89445DF9E2FDD4F
                                                                                                                                            SHA-256:040F4B3D50A1C3C0DAE308FFEEC4BBC35497F1189C4E379DBDA3E3359439A3BD
                                                                                                                                            SHA-512:788E2BDE5AC52B0B7EE909735F4D5A3DE6600E9DF290B0769FD6D10DB838629CD0FFD2B2E6E713CEA0900E73BFA4269CE24C24064BEC73C9B9AE9EADF8F03694
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: <?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2"/>.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <probing privatePath="lib"/>.. </assemblyBinding>.. </runtime>..</configuration>..
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-RPN0I.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):185856
                                                                                                                                            Entropy (8bit):6.12737629646961
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:w4zLF2LR0WJP5P2DQQ9hiyZ2xvQrlCKJ3b7Ax7UvkmV7d6WVlm18LJ1qG4:w4zLF5DdbsoeU0WVlK
                                                                                                                                            MD5:8D31B48735CD132547A94147A50CAF2D
                                                                                                                                            SHA1:39D1CB9D4C925D3FA9333CB24B976EFAE1943BCC
                                                                                                                                            SHA-256:B6578EE18F67B633F7EC4526395FE1061FADFED10310B424BB9F2FB0A0CDCDEB
                                                                                                                                            SHA-512:867D44798D1F0C34C5B2E2BDAD1BBF119818776B09EB4D99AB00A8BDEF3625C0B82E2D3CEB42F7A682FED6CE1269BF6BE12EBE01F807ED88616B87FE5E1F1D7D
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............b.... ........... .......................@............`.....................................O.......L.................... ......4...T............................................ ............... ..H............text...x.... ...................... ..`.rsrc...L...........................@..@.reloc....... ......................@..B................C.......H.........................................................................{&...*..{'...*V.((.....}&.....}'...*...0..;........u......,/()....{&....{&...o*...,.(+....{'....{'...o,...*.*. z... )UU.Z()....{&...o-...X )UU.Z(+....{'...o....X*.0..X........r...p......%..{&............-.&.+.......o/....%..{'............-.&.+.......o/....(0...*R.rI..p.(1.....}....*..{....*..{"...*"..}"...*..{#...*"..}#...*..{$...*"..}$...*..{%...*"..}%...*..{&...*"..}&...*...0..H.......s.......}....s..
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-RU7LS.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):20438672
                                                                                                                                            Entropy (8bit):6.485453032015043
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:393216:VMMiLKo9w55K6QaRXFKqUxgr4h4AfzRs:VMMMKo9w5s6QaRXFKqUxgr4h4AfzRs
                                                                                                                                            MD5:F1A7AF1281C3AF19D569800DB6EC27C2
                                                                                                                                            SHA1:DBEE9F639C51F42BCDBA50E5E32017A450AD8149
                                                                                                                                            SHA-256:7FB93ED25B7F8E4AD2D13C0409BD3CD8587144D8518B3DED2DE7FB2025D1E732
                                                                                                                                            SHA-512:B32EA1ABF07518462C834B48CCD5D5A94FADF2B5FF057F98C8E5EA95729ABC820B917A0B175685516A70666435208A34672E44D0A1BD7153F203565CC7AD240B
                                                                                                                                            Malicious:false
                                                                                                                                            Yara Hits:
                                                                                                                                            • Rule: SUSP_NET_NAME_ConfuserEx, Description: Detects ConfuserEx packed file, Source: C:\Program Files\Voicemod Desktop\is-RU7LS.tmp, Author: Arnim Rupp
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ..0...7..............@........... ....................... 8.......8...`...@......@............... ................................8...............7..............................................................................@..H...........R.\.{ct>..... ......................@....text....7..@....7................. ..`.rsrc.........8.......7.............@..@%.;s.n}'...Lti..rr.x..1........q..lD":<.xz...Q...5&...MtQ.>.k.].J.[N..t/..+....R.L=L....&O.>'..j..+....,....V..U?.<(.6...Z.%X.........y.!.sY$M$.7L.......f..'./.z.....]..:.k...l.d.y@Bm,.............:.:...=u.?d.:%...z.......)>.b........1}....*x(j....3....+F...U@ ......[.oi<I`..<s..}.I.?........4...}..XD._..).G[.[N?/...:..YH..8.K.t.*iUq...d._7...,g...@...<-U._..8..^.A.:%....}H..5o...U..quD.{........p2.V......{.]h..]`.. .....x..l~h..gW..kv.c..]:h....!u.Lr....a&
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-S95E9.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):675752
                                                                                                                                            Entropy (8bit):5.942794049319361
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:rktg1lrjC8rjICqbwNjR4xq7iiX19K7Df/SoOKQrIB+jfP:rggD7PIEjR4xq7iiXTK7D3So9AIB+jn
                                                                                                                                            MD5:4DF6C8781E70C3A4912B5BE796E6D337
                                                                                                                                            SHA1:CBC510520FCD85DBC1C82B02E82040702ACA9B79
                                                                                                                                            SHA-256:3598CCCAD5B535FEA6F93662107A4183BFD6167BF1D0F80260436093EDC2E3AF
                                                                                                                                            SHA-512:964D9813E4D11E1E603E0A9627885C52034B088D0B0DFA5AC0043C27DF204E621A2A654445F440AE318E15B1C5FEA5C469DA9E6A7350A787FEF9EDF6F0418E5C
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..&...........B... ...`....... ....................................`.................................hB..O....`...............0...............A..T............................................ ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................B......H.......d{.......................A........................................(....*..(....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{W....3...{V......(....,...{V...*..{X.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..o....aX...X...o....2.....cY.....cY....cY..{......{...._..+&.{W....3..{V.....o....,..{V...*.{X.....-....(....*....0..H.......
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-SJR92.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):83328
                                                                                                                                            Entropy (8bit):5.040686282025704
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:+bz4Oif2sMnL8gDpKD0rrr/4or06mGsY3csV3/EBSee0fHVvJ4TGD3zT+2xeiug5:+bz4Oif2sMHEBSx0fHVvOT6jTTeitwV8
                                                                                                                                            MD5:E350965916554E65A47305A6AB27C2BA
                                                                                                                                            SHA1:9D60E499A907811A3155E9A07F8645D6C83CB909
                                                                                                                                            SHA-256:1CAE202ADA016CF455ABF69D583524A1D37A1371AD4EFDFAC4BAED07C6402BDD
                                                                                                                                            SHA-512:C6044B769A00F887B573AD35A7F5B71F6134D2D596A54EFFA50710BE2F528ACEFEA53AE4A2847E16C1B4E56962D8B0FE24F1EA4A04BFE167514B0ABDDB4FB5A8
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: @CommonOperationsU..(function(global, binding, v8) {.'use strict';.const _queue = v8.createPrivateSymbol('[[queue]]');.const _queueTotalSize = v8.createPrivateSymbol('[[queueTotalSize]]');.const _isSettled = v8.createPrivateSymbol('isSettled');.const Boolean = global.Boolean;.const Number = global.Number;.const Number_isFinite = Number.isFinite;.const Number_isNaN = Number.isNaN;.const RangeError = global.RangeError;.const TypeError = global.TypeError;.const TypeError_prototype = TypeError.prototype;.const hasOwnProperty = v8.uncurryThis(global.Object.hasOwnProperty);.const getPrototypeOf = global.Object.getPrototypeOf.bind(global.Object);.const getOwnPropertyDescriptor =.global.Object.getOwnPropertyDescriptor.bind(global.Object);.const thenPromise = v8.uncurryThis(Promise.prototype.then);.const JSON_parse = global.JSON.parse.bind(global.JSON);.const JSON_stringify = global.JSON.stringify.bind(global.JSON);.function hasOwnPropertyNoThrow(x, property) {.return Boolean(x) && hasOwnPrope
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-SUPD6.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):58608
                                                                                                                                            Entropy (8bit):6.404279338029059
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:PCg7XR5A33pseYUbFEYav7HEOa2g+FB7X/:6grR5A33pfYUbFEYav7Q2Fn/
                                                                                                                                            MD5:39CBF714E7445370F6845757419E17AE
                                                                                                                                            SHA1:B79F777B253B6A750C7C52703E4CA4392AA46AD3
                                                                                                                                            SHA-256:2CA1B4888423391DA585E58410AECFDFDC3CC7AECB2FB9C3C2265694595E6D8D
                                                                                                                                            SHA-512:0537DD3FF9AA122A334781E6A5E68CFA84D77278BFBDEB13C2E3CA6AA282A0E51CC2AB204B3FA78D09D52AA735CFF26539125AE02C97CFE63C7A66DAFDE977EE
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r.\.........." ..0.................. ........... ....................................@................................._...O........................>.............8............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......,X...V..........4...0...d.........................................(....*j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..( ...*.*.(....,.r...p......%...%...(....*..(!...*.(....,.r...p......%...%...%...(....*...("...*.(....,!r...p......%...%...%...%...(....*....(#...*.~....*2r...p.(....*2rU..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2ri..p.(....*2r...p.(....*2r...p.(....*2r_..p.(....*2r.
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-SV5LI.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5958288
                                                                                                                                            Entropy (8bit):7.10214435052139
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:rxuijZPjoltkM2WZHJB2E4DUetE1Sg+q+FAPrdudcpo42JKsDxi3EjDox9ToCQ9w:Ao7S+fKSxq8+0g2HDE3EjErToZOvb
                                                                                                                                            MD5:E51E91EF892C0CC1D761D3B9A3E9BE0B
                                                                                                                                            SHA1:8B4823117FFFD561C7A93B186D5EAC894ED7F4E9
                                                                                                                                            SHA-256:B35E78E2139F2F7C9601B4948E1FDDEE82FA6AC30505CF97BBD0E4B0F5732592
                                                                                                                                            SHA-512:1F722C847264D41924FCEA9A807CA00D5A301AD73294450EF786EAF570D6CA230FABC59BB1BCD3C38BD225428BE173666DD77CB2D8A9CEDC61525EB8818870A5
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......zQ..>0.>0.>0.eX.!0.eX...0.eX..?0.A..00.A.#0.A...0..l..<0.eX...0.eX.+0.>0..0.B...0.B.?0.B..?0.>0g.?0.B.?0.Rich>0.........................PE..d...F.H`.........." ......&...........................................................[...`...........................................U.....x.U.......................Z..........F..`.S.T.....................S.(.....S.8............0&.`............................text...,.&.......&................. ..`.rdata..../..0&.../...&.............@..@.data.........U.......U.............@....pdata...............rV.............@..@_RDATA...............zW.............@..@.rsrc.................Z.............@..@.reloc...F.......H....Z.............@..B................................................................................................................................................................
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-TJ4FP.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):410112
                                                                                                                                            Entropy (8bit):5.820183981855288
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:1gFs+D5tE9vTPjMGKktC3hWg0D8ObHCmNA4CDGaygNKD14t:6Fs+WL03Z0vAhqayI
                                                                                                                                            MD5:799368D49236DE4022D232FBB6A4DE38
                                                                                                                                            SHA1:3E3181DCFC62A9067A0265385A6CD5E228626CE7
                                                                                                                                            SHA-256:0414C6CC3FE30F6BAF019E30148A6C841358B6F3AB570B4419812EB7350B6A19
                                                                                                                                            SHA-512:9BB4B681CACD1C1361080FD3E768EA524A11FD284EA9795E04A5173E1FF326BDA17C18DEBD26BD146F19EAEBDD10F6C275FE0B2DFCE88B601E9C9A2BB9FA91F8
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..8..........&V... ...`....... ...............................;....`..................................U..O....`...............................T..T............................................ ............... ..H............text...,6... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................V......H...............................hT........................................{<...*..{=...*V.(>.....}<.....}=...*...0..;........u......,/(?....{<....{<...o@...,.(A....{=....{=...oB...*.*. .w.G )UU.Z(?....{<...oC...X )UU.Z(A....{=...oD...X*.0...........r...p......%..{<..........!.....!...-.q!........!...-.&.+...!...oE....%..{=.........."....."...-.q"........"...-.&.+..."...oE....(F...*..{G...*..{H...*V.(>.....}G.....}H...*...0..;........u#.....,/(?....{G....{G...o@...,.(A....{H..
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-TLF4O.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):24200
                                                                                                                                            Entropy (8bit):6.740208574629745
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:rMod1cH+4YaVWehWmDoWBhWYDpDzDm0GftpBjtvaQHRN7ElJ+/Zv:rWeIfDHNDhVibL4aZv
                                                                                                                                            MD5:5A1B13BFF9301F4623FB86AABCCC58AF
                                                                                                                                            SHA1:65FC65A675EFD3FF70363F7C1A6236DFEAC2D58E
                                                                                                                                            SHA-256:9C0B76C91580ABE9F08EBA1D85B54FF8AD319E28838489B405608026C0EC0E44
                                                                                                                                            SHA-512:4312C50150D96D487386C6160C1A684E5F07574215115E0DF6E0C1D51186051C48888C9B582D5F86634AD219A666B07E4AB3EBEDA3D38EB8947E3A5231254763
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0.............V.... ...@....... ..............................'?....@.....................................O....@............... ...>...`......H-............................................... ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................5.......H.......P ..x....................,......................................BSJB............v4.0.30319......l...|...#~......4...#Strings............#US.$.......#GUID...4...D...#Blob............T.........3....................................................B.................+.......a...............^.....{.........................................t...................t.............................[.....[...!.[...).[...9.[...A.[...I.[...Q.[...Y.[...a.[...i.[...q.[...y.[.....[. ...[.&.
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-UKQ25.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5710480
                                                                                                                                            Entropy (8bit):6.729997897394985
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:98304:bx2kcStnODfrjd1fJ1LYiT6SmKnV+wpwfAn0SM0lIjHqn2wnzSi4to4TvnebAAAB:bxhn4zLJ1LYiT6SmKnV+wpwfAn0SM0lD
                                                                                                                                            MD5:6E18A3A8797CBEC9C7CC2A8871305DC9
                                                                                                                                            SHA1:2F70ED4DF7663199463C9B580C00A84856FF3F55
                                                                                                                                            SHA-256:D09FA616DFDB561B0BAC172DBB8798593ADC7A5D7553C22F49BA24E1E2BC25CA
                                                                                                                                            SHA-512:5D10BD9CA27977737289D6A19017C545BF7DE7C6ABF5EE614569FDEB96182CE6F5A16EBEA9B31A9CA319AD88126BF11F151B8A1695D55E9799DD71E98ADFC0CE
                                                                                                                                            Malicious:false
                                                                                                                                            Yara Hits:
                                                                                                                                            • Rule: SUSP_NET_NAME_ConfuserEx, Description: Detects ConfuserEx packed file, Source: C:\Program Files\Voicemod Desktop\is-UKQ25.tmp, Author: Arnim Rupp
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....Q2..........."...0...G..l.................@..... .......................`W.......W...`...@......@............... ................................U...............W.................................................................................H...........lH.b'#sQ4.... ......................@....text.....G.......G................. ..`.rsrc.........U......dU.............@..@.......|F....jA.H.iz....Zb...av..I.O.2....0......94J....jA...)..n..neA..%..p.......b..?b.x.s..F..;.@....K..%!d..m=....56..Fg.G.2........E...p............{||t`.. @i6...]}... .v....s&...^njz..../..7a*.$".!4B.:.8...h......oS.V%t$m..>.yB.1A............k.rt^p......f..S<.U.v....+U....<.pD.M...l(.&..t.=.2..6.A..2.,....o/...}m.6j.....qH.5|.5......f.7vq.........?T..sC..=.Z~.3.iB~....|.....g....-..Fs...iAb,^.kuR.>@...3..uM.E/...}.E.R......v.QY.G..........Y#.*.
                                                                                                                                            C:\Program Files\Voicemod Desktop\is-UV9S2.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):87176
                                                                                                                                            Entropy (8bit):2.557292416890197
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:qU0/RBotFzbSVF7IHQlskYP2weVGicC19ecr2T6lskUu2weHGicC19Dcr2TnYCZN:u/RCtxbQ7qnkQeVnhokTeHnoKUjhS
                                                                                                                                            MD5:70B6B2ACE17E1422AB0023B65A4DE0BA
                                                                                                                                            SHA1:5AE3B138F402AA3319BF66F19A90E1F9B1100E75
                                                                                                                                            SHA-256:C00FD17F0FFCF45D86E25F60EFE0AE342130A7DD743F8B25D6905018903A1C44
                                                                                                                                            SHA-512:4DC8FE96BF3B3EAF60FB4C392F5B8D0AD6A15ECC0D8E8B5F7C3AFC447C7217C518633AE57E07F3A6C78B357CC30F47CE3E60D98C1436342EAA25AF6AFE0148D6
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....H`.........."...0.................. .....@..... ....................................`...@......@............... ..............................................8............................................................................... ..H............text...$.... ...................... ..`.rsrc..............................@..@........................................H.......@%..............$?...............................................{....*"..}....*..{....*"..}....*b.r...p}.....(.....(....*..0..E.......r...p...(....r!..p(......r7..p(....(....,..r7..p(....(....(...+.+.(.............o.......&(.............o........s ...%.o....%(....o.............o....o....%(....o....o....s....}.....{.....o.....{....o.....{....~ ...o!.....{.....{....o"...(.....{...........s#...o$....{.....o%....(....rI..po&....(....('...o(...o)...o....o*...*...........RX......
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-0AI41.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):213275
                                                                                                                                            Entropy (8bit):5.472747756120425
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:W0lUzeSHWlkK+T3Ptw/6EZ8OTBXo3xqS8nr+W50teStmQ+DTsMNu:zSzF2lvKMJB50aDTsh
                                                                                                                                            MD5:E10095BA4E9D158A547B246BF543048F
                                                                                                                                            SHA1:6D800996B7AED2CCFD61F862F5972ECD863F301D
                                                                                                                                            SHA-256:8F43EB42C38244C127FF37EF97E234E06E0ED16E041B7EA7975322F6CBFD1884
                                                                                                                                            SHA-512:F27D13E69BC3D1ECF75ACC409F6CF593672D4DDC5B259FE067A1399180EDAC13DE2D1B7F0E93BB9FEF316AFC86BB0AD1DDA9FB34141C872FDD1D316EEE734C62
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..p..z..p..{..p..|.:p..}.Ip..~.Tp....\p....ap....np....tp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q.....q....&q....(q....*q....+q....,q....1q....Cq....Sq....tq....|q.....q.....q.....q.....q.....r....$r....-r....6r....?r....Er....Nr....Ur....Xr....Yr....`r....pr.....r.....r.....r....0s....8s....vs.....s.....s.....s.....s.....s.....s.....s.....t.....t.....t....9t....Rt....ft....zt.....t.....t.....t.....t.....u.....u....+u....6u....Cu....nu....}u.....u.....u.....u.....u.....u.....u.....v.....v....+v....Ev....ev....|v.....v.....v.....v.....v.....v.....v.....v....>w....Bw....Mw....]w....jw....nw....qw....xw.....w.....w.....w.....w.....w.....w.....x....7x....?x....fx....wx.....x.....x.....x.....x.....y....3y....=y....My....Zy....ly....py.....y..!..y.."..y..$..y..%..y..6..y.....z....!z....5z....Kz....fz.....z.....z.....z.....{....2{....p{.....{.....|.....|..../}....I}.....}....#~.....~..........4.....u.......................#.
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-0E0VA.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):222492
                                                                                                                                            Entropy (8bit):5.251236782758598
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:B64IfGCdifD4f9cH6XNnJkksWM+oa/gVGNwDQFg3V2esSnWZ3S5AOoiXF0CzOZwS:B64I+CQfD4f9TxJmUNwDQFgGZ3S5fmHd
                                                                                                                                            MD5:82E0FB85C9B78351093DA5AE752A2988
                                                                                                                                            SHA1:849467DF01B5B214DFD5BDE4E6571DD68D368164
                                                                                                                                            SHA-256:A609C1D393E400634CEA090BEC73E952C0D248182E6D1745848046FADCED7D9D
                                                                                                                                            SHA-512:99D65D9F9900A60930C6D6D999E724877C68E2B601AAD6F20E962FB69D846BA79F04795C6B105041BDE1AC0479420EEE5361F3AC277C9A0A387D1485075D63B8
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e.2p..f.<p..z.Np..{.dp..|.pp..}..p..~..p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q...."q....*q..../q....7q....?q....Gq....Nq....Uq....\q....^q....`q....aq....bq....gq....tq.....q.....q.....q.....q.....q.....q.....r....Er....ar....ir....qr....|r.....r.....r.....r.....r.....r.....r.....r.....r.....r.....s....Ts.....s.....s.....s.....t.....t....Ht....Pt....dt....ht....rt....{t.....t.....t.....t.....t.....t.....u.....u....Bu....bu....eu.....u.....u.....u.....u.....u...."v....5v....Rv....Xv....iv.....v.....v.....v.....v.....v.....v.....w....*w....=w....Pw....Xw....`w.....w.....w.....w.....w.....x.....x.....x....*x....=x....Ex....Hx....Nx....fx....zx.....x.....x.....x.....x.....y...."y....-y....Zy....zy.....y.....y.....y.....y....%z....Nz....^z....lz....zz.....z.....z.....z..!..z.."..z..$..z..%..{..6.){....Q{....d{.....{.....{.....{.....|.....|....=|....b|.....|.....|....!}.....}....Z~.....~.....~....0...........8...............,.....C.............
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-1O99J.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):184212
                                                                                                                                            Entropy (8bit):6.71574130938633
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:H/UTYk3g3Aj1NPS/rkpEhwpI7zbQW/kni5mjUU3uRtedH7yQjd+vdXiPib5abD9J:8TuQRN6TXb5WU+svdyKMTl
                                                                                                                                            MD5:4CF02219A3829F1841F430527DA47BA5
                                                                                                                                            SHA1:7B77CAA9C113E815950835EA543F1C46638CB62A
                                                                                                                                            SHA-256:A08E74C73A327618104FD7BE45BE6359F0EE82A05EA1DCDF23DF3825491D6382
                                                                                                                                            SHA-512:2E9D1C6374B608A5211638BF4932A5B8A5F149D53837F9A4246F88B8C16CDE20FDDA4AB02D324FD3DB7870CD51115E2BDD9FE8D48EDF44BA9F88D80CFAD68C53
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ........J.\.e.>o..f.Po..z._o..{.po..|.to..}..o..~..o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p....!p....)p.....p....6p....>p....Ep....Lp....Sp....Up....Wp....Yp....^p....gp....sp.....p.....p.....p.....p.....p.....q....9q....Hq....Tq....`q....fq....lq....xq.....q.....q.....q.....q.....q.....q.....q.....r....4r....:r....pr.....r.....r.....r.....r.....r.....r.....r.....r.....r.....r....'s....9s....Es....]s....ls.....s.....s.....s.....s.....s.....s.....s.....t....4t....Ct....[t....at....mt....|t.....t.....t.....t.....t.....t.....t.....t.....t.....u.....u.....u....-u....9u....Hu....Tu.....u.....u.....u.....u.....u.....u.....u.....u.....u.....u.....u.....v.....v....&v....8v....Mv....Yv....{v.....v.....v.....v.....v.....v.....w....2w....;w....Gw....Sw....ew....qw.....w..!..w.."..w..$..w..%..w..6..w.....x...."x....>x....Sx....mx.....x.....x.....x.....y....?y....ly.....y....Yz.....z.....z.....z....\{.....{....m|.....|.....}....e}....t}.....}.....}.....~....l~.....~
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-1Q56H.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):215681
                                                                                                                                            Entropy (8bit):5.445843629166027
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:Rf6mTFBFQzLxbIHTSK7vxgkL8Z6tu1+4AaJuk7/z0zCrI5REDusYXrwhwUhkZl4:Rf5zOL7qc4L4W5taQo
                                                                                                                                            MD5:5C58AC2F79555A9FEB5028A004280718
                                                                                                                                            SHA1:F9510A1E9EB748A1DA710568CFA7E8E7572C8F9D
                                                                                                                                            SHA-256:DEF5AB8985D837F6493BA46AB57A2C7D105396F660E0B6C1F468BBE6B6058FD6
                                                                                                                                            SHA-512:CB64B9FEC871491D75AE285EBA342D915B23461EFAE2EA51B215001EFA12CB1B7257FE067D485D73D5276341BFD2EE8BF5F83E6E45020A132865E6E341F9F5EE
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..p..z.#p..{.4p..|.@p..}.Op..~.Zp....bp....gp....tp....zp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q....%q....,q.....q....0q....1q....2q....7q....Jq....[q....sq....{q.....q.....q.....q.....q....#r....5r....>r....Gr....Pr....Vr....dr....kr....nr....or....vr.....r.....r.....r.....s....Cs....Ks.....s.....s.....s.....s.....s.....s.....t.....t.....t...."t....9t....Zt....st.....t.....t.....t.....t.....t.....t....2u....>u....\u....du....qu.....u.....u.....u.....u.....u.....u.....u.....v....5v....Av....Qv....dv.....v.....v.....v.....v.....v.....v.....v.....w.....w....Vw....`w....kw....{w.....w.....w.....w.....w.....w.....w.....w.....w.....x.....x....Rx....hx....px.....x.....x.....x.....x.....x.....y....9y....[y....fy....vy.....y.....y.....y.....y..!..y.."..y..$..y..%..z..6..z....@z....Rz....xz.....z.....z.....z.....{....2{....[{.....{.....{....5|.....|....U}.....}.....}.....~.....~..................................C.....i.......
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-1RND3.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):227524
                                                                                                                                            Entropy (8bit):5.822907389925881
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:it7poMXj76GXbmeig8RF7vUjyYEWziDJzLGm+Wg5FBTQV6aQNKRNwoqcHCYmbG3:it9v761Rx83iDJzif5paQNKoG3
                                                                                                                                            MD5:E7D744ABF53C8FCD509A04880D7E7E06
                                                                                                                                            SHA1:5B1145F2AFF82A48ADFC8649468C738729BE11F5
                                                                                                                                            SHA-256:F7BF2C8276300EA9BA44FAE644F62A66F59267AB79C81B48DAF5F8111A9F884D
                                                                                                                                            SHA-512:5E700DB11C2CAAED831076B87AFDE94109409BC4EF0A9FA016D42CFE9EE7574616F5F1174435899FBEC27A1B488BBEB96851FF54F96E6103ACC15C4E0D65B47D
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z..p..{.%p..|.1p..}.@p..~.Kp....Sp....Xp....ep....kp....zp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q.....q.....q....!q...."q....#q....%q....9q....Aq....Sq....[q....fq.....q.....q.....q.....r....%r....3r....Ar....Ir....Qr....\r....cr....fr....gr....sr.....r.....r.....r....5s.....s.....s.....s.....s.....t....[t....vt....{t.....t.....t.....t.....t.....t.....t.....u....*u....Au....du.....u.....u.....u.....u.....v.....v.....v....Fv...._v....~v.....v.....v.....v.....v.....v.....w.....w.....w..../w....Kw....Zw....jw....pw....xw.....w.....w.....w.....w.....w.....w.....x.....x...."x....0x....;x....Yx....ox.....x.....x.....x.....x.....x.....y.....y....3y....Ny.....y.....y.....y.....y.....y.....z....!z..../z....;z....Jz....Tz....hz..!..z.."..z..$..z..%..z..6..z.....{....'{....F{....]{....y{.....{.....{....(|....V|.....|.....|....A}.....}....Z~.....~.....~....B.................-.....N.......................6..................
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-2G5U2.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):227745
                                                                                                                                            Entropy (8bit):5.6729252442833085
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:c9rCyKjooJUFPdaZ4e707UpuysVwi5d8PxJDKNH0qjxe6St45n1:cxCoSsaZ4b7UpuysVV5ueHJjw6Sm
                                                                                                                                            MD5:841D864732DB84AF734F0D76DB5FB931
                                                                                                                                            SHA1:5BF289E0B7FBF3BA76C458CDEE3DA37AE8916FC6
                                                                                                                                            SHA-256:C885C900FD84C6D89D832611B7B24F4D8B8997A5E6D56183E4B30CD631B229C5
                                                                                                                                            SHA-512:7200A9AC1BC3CA87FA69436B1F268B5677DDCAFC8D4DA9AF9A58BFD21E07A1AF24639D108C34DC0954C3999CA551414866B3D1B92D38BC5837AD48AC667429A0
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..p..z..p..{.&p..|.2p..}.Ap..~.Lp....Tp....Yp....fp....lp....{p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q.....q.... q...."q....#q....$q....&q....4q....Aq....Uq....]q....hq.....q.....q.....q.....r....+r....5r....@r....Gr....Pr....`r....gr....jr....kr....ur.....r.....r.....r....*s....ys.....s.....s.....s.....t....Ht....Yt....wt.....t.....t.....t.....t.....t.....u....!u....9u....Mu....bu.....u.....u.....u.....u.....u.....v....*v....Ev....mv.....v.....v.....v.....v.....v.....v.....w....$w....;w....Mw....\w....vw.....w.....w.....w.....w.....w.....w.....w.....x....8x....Ax....Kx....hx.....x.....x.....x.....x.....x.....x.....x....$y....Jy....py.....y.....y.....y.....z.....z....:z....Ez....\z....nz.....z.....z.....z.....z.....z.....z.....z.....{..!..{..".1{..$.O{..%.f{..6..{.....{.....{.....{.....|....#|....||.....|.....|.....|....#}....j}.....}.....~.....~....9.....Z...........z......................!.....@...................
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-3605R.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):219649
                                                                                                                                            Entropy (8bit):5.392313416972976
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:iL8QYOFghXPQ/TtAFHYRiKymw5bwSbNIJJO8qQd9:iRYGDxAFHY8aw5cJk8qA9
                                                                                                                                            MD5:9401291B80A82367BC348351E56DD2DC
                                                                                                                                            SHA1:7D68745DF63153295BA95362298A6C807E22FB8F
                                                                                                                                            SHA-256:20A04EF0F439F4B70C1703CA36B6DB8E7901C6928DBFBAAA323BA2D175D05DCB
                                                                                                                                            SHA-512:544717C28EB88C3FCE20D3F262C7D2C4E81050EA55DDF2DB4A2540CC790E3A1CEC9AE9EE05C7CDB51AAD6D68035FC0419BD79CCE91BFC5A6F6BD11BCBCA49343
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z..o..{..o..|..o..}..p..~..p.....p.... p....-p....3p....Bp....Sp....\p....qp....~p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q....%q....-q....;q.....q.....q.....q.....r.....r....(r....1r....:r....@r....Nr....Ur....Xr....Yr....`r....qr.....r.....r.....s....bs....js.....s.....s.....s.... t..../t....Ft....Wt....ct....tt....yt.....t.....t.....t.....t.....u.....u..../u....Ku....Nu.....u.....u.....u.....u.....u.....u.....v..../v....7v....Ev....Tv....av.....v.....v.....v.....v.....v.....v.....w.....w.... w....(w....Lw....^w....qw.....w.....w.....w.....w.....w.....w.....w.....w.....x....3x....Sx....}x.....x.....x.....x.....y.....y..../y....@y....vy.....y.....y.....y.....y.....z.....z....$z....0z....Bz....Nz....bz..!.~z.."..z..$..z..%..z..6..z.....z.....{...."{....7{....Q{.....{.....{.....{.....|....<|.....|.....|.....}.....~..../~....X~.....~....F...........N.....g............................_.......
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-3ARQP.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):226576
                                                                                                                                            Entropy (8bit):5.662476270754285
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:6BoHm98S2ZpA/rusJo34pnpcJNr2JN5hGv8ykobkyitJff4C:PGePA6sJo34piJNr2JN5wvkyitJf4C
                                                                                                                                            MD5:23B4DD9A07D6390504ABF063655EE6B2
                                                                                                                                            SHA1:C99AE49A35A91CB65DEC70C7D047317E7A4990B1
                                                                                                                                            SHA-256:7B276DAB15F7ED98AD4027BA083F0F58C4363D2526C3F72C4C1F7483EA36201F
                                                                                                                                            SHA-512:9A479DDF9B1855DE6649C3744C809E21A73FF32AF0435D2C1698934C91B98EE75B89EA5416FDBD4572EAB16BF71C0F45D776B8745FF4E2740C1DB14C67492969
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z..p..{..p..|.)p..}.8p..~.Cp....Kp....Pp....]p....cp....rp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q.....q.....q.....q.....q.....q....0q....Cq....Yq....aq....mq.....q.....q.....q....3r....Or....Yr....dr....lr....tr.....r.....r.....r.....r.....r.....r.....r.....r....=s.....s.....s.....s.....t....!t....Zt....et....wt....~t.....t.....t.....t.....t.....t.....t.....u....!u....:u....Zu.....u.....u.....u.....u.....u.....v.....v....=v....Mv....cv....jv....wv.....v.....v.....v.....v.....v.....v.....w....+w....<w....Uw....[w....aw.....w.....w.....w.....w.....w.....x.....x.....x....3x....<x....?x....Fx....\x....nx.....x.....x.....x.....x.....x.....y.....y....Hy....ay.....y.....y.....y.....y.....z....,z....=z....Pz....ez....wz.....z.....z..!..z.."..z..$..z..%..z..6..{....?{....K{....k{.....{.....{.....|....2|....[|.....|.....|.....|....C}.....}....a~.....~.....~....b...........u...........&.....l.....................Q.
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-43RGC.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):223622
                                                                                                                                            Entropy (8bit):5.853804557991919
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:5Niu85r1eDXfjdPu7/t1A+yYEG2A+EQecL8Q5cN1iCuXFplg8QLNi7:u1eDXfVgt1AvA+ETlQ56uXFp+8QO
                                                                                                                                            MD5:17796F7A3CB728821CBA3763425F372C
                                                                                                                                            SHA1:8E28D1B3E2DCEE254DB0906470FE9EF061F6F301
                                                                                                                                            SHA-256:65537023772426B62C9CBF39F224E470D9FA2EE835627A3E96205F21DBEEF717
                                                                                                                                            SHA-512:2EC7B253E0C9210F5A855629247ABB64987CE208E59A28C69626DD859C12CC7ABBCC5AF6B90827F5B4F6C4836A9A3EB279DAEAFA61B45B20FEF007D07B6181FB
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z..o..{..o..|..o..}..p..~..p.....p....#p....0p....6p....Ep....Vp...._p....tp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q....$q....,q....5q.....q.....q.....q.....q.....q.....r.....r.....r....#r.....r....5r....8r....9r....Dr....Pr.....r.....r.....r....$s....*s....zs.....s.....s.....s.....s.....t....$t....-t....?t....It...._t.....t.....t.....t.....t.....t.....u....3u....6u....ku....xu.....u.....u.....u.....u.....u.....v.....v....#v..../v....Fv....pv.....v.....v.....v.....v.....v.....v.....v.....w.....w....+w....<w....Nw...._w.....w.....w.....w.....w.....w.....w.....w.....w.....w.....x.....x....7x....Nx....cx....zx.....x.....x.....x.....x.....y....&y....Ey....Py.....y.....y.....y.....y.....y.....y.....y.....y..!..z.."..z..$.3z..%.Wz..6.tz.....z.....z.....z.....z.....{....n{.....{.....{.....{.....|....N|.....|....^}.....}.....}.....~.....~....D..................................W.....~......
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-4691S.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):433963
                                                                                                                                            Entropy (8bit):4.416023403495144
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:F17BKRYYLTn6lSc0Q5K54TUCW8nK35Nf0PxwXg/ydLJN45vTKDGTukDHaSvy4PGs:j7BlYrr8b5fpSW
                                                                                                                                            MD5:E816A8439184C3C662DAFAB1ED54A260
                                                                                                                                            SHA1:C0CC8D54E5E10011AEE01445C84FB9F0D5886976
                                                                                                                                            SHA-256:2FBE8ACF91109FEA418F3D4C4B44ACFB220518F994FB99B696BA1CC6DA911601
                                                                                                                                            SHA-512:7C9BB0ECAABEA1EEE34512577913F737066485BC673AC994078AA217CFB34F156A17CD94B8BA65E01F24228CE92C530D2E6FE68AF92613C1538895D79AB4C8B0
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f."p..z.Pp..{.jp..|.vp..}..p..~..p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q....(q....0q....5q....=q....Eq....Mq....Tq....[q....bq....dq....fq....gq....hq....mq.....q.....q.....q.....q.....r.....r.....r.....r....ks.....s.....s.....s.....s.....t....%t....,t..../t....1t....Ht....it.....t.....t.....u.....v....3v.....v.....w....Bw.....w.....w.....w.....x.....x....%x....1x....cx.....x.....x...."y....[y.....y.....y.....z....!z.....z.....z.....z.....z.....{....4{....i{.....{.....{.....|....0|....\|.....|.....|.....|.....}....%}....|}.....}.....}.....}.....}....1~....P~....y~.....~.... .....,.....E.....j...................................1.....\................/.....x...............3....._................;.....\..........@.....V.....|.........................!.Z...".]...$.{...%....6.......X.....m................ ...............1................[.....6.......................].....5.....5.....6....._...........#.....S..........!......
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-4AFKH.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):388334
                                                                                                                                            Entropy (8bit):4.839650247500967
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:ICti3iOP4kykD2Mzz0BRTEa23u0VpXj0u59tYMKfxOLZi6ggD7zf0i13vt65eCOQ:ICtMiOP4kykD2Mzz0BRTEa23u0VpXj0N
                                                                                                                                            MD5:06C2BC71B81421F95B91D9EF1E6950CE
                                                                                                                                            SHA1:1C27383402BF6E116DFE35275C10A258BFB2C1DC
                                                                                                                                            SHA-256:E5CC5837625582151155CBAEAB35A3F593B4D9CF602A71B76CB7B9CE6886D981
                                                                                                                                            SHA-512:3040792B799658E1615219DB1BC40B9EAA31A4DCD72278751BF1F09B7FC2740066FF0D0A63B35910D742DDE452E1B07F00AF8A550F43A0FB66AE1C2301E95C00
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z..p..{..p..|..p..}.#p..~..p....6p....;p....Hp....Np....]p....np....wp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q.....q.....q..../q....Tq.....q.....q.....q....@r....ir.....r.....r.....s....Js....ds....vs.....s.....s.....s.....s.....s.....s.....s....kt....st.....t.....u.....u....Iv....}v.....v....+w....Cw....vw.....w.....w.....w.....w.....x....Vx.....x.....x.....x.....x....(y....wy....zy.....z....(z....bz....wz.....z.....z.....z....'{....7{....R{.....{.....{.....|....;|....X|....i|.....|.....|.....|.....}....-}....;}.....}.....}.....}.....}....L~....`~....t~.....~.....~.....~.....~.....~..........M.....y.................d......................C.....c.....................?......................).....:.....V.....i.........!...."....$.....%.%...6.u...............".....D.....k...........6.....i......................w......................H.....1.....(.....".....3.....a...............]...........8.
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-4M5DM.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):212034
                                                                                                                                            Entropy (8bit):5.345562721033385
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:V3r5g5dmifSjqrR/s4165I/GT9TnIwpVaA1+wlyIiAMEPPjEVeU4pLlCAyZHIhPy:3Z8IKr5Y1I
                                                                                                                                            MD5:280399B4201836021DE7167B9A12CBDD
                                                                                                                                            SHA1:1AA31C84E57DAFC025C7101FF67686F5CA4C1427
                                                                                                                                            SHA-256:03AC8D06833EE1D5FEF10BDE5F88E5A2BCC1916E916915AB27882B7316CF756F
                                                                                                                                            SHA-512:8DA7496B49E1438D4D7DFBD78E7A6A7091D61B700CFE1420F9ABBC31C393328F0A341E0A2EF4B3358EFF10E5FF19A9A835ADDAAAC4F313B486FC8057A5AC56CA
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z..o..{..p..|..p..}..p..~.&p.....p....3p....@p....Fp....Up....fp....op.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q...."q....;q....Cq....Nq.....q.....q.....q.....q.....q.....r.....r.....r....!r....-r....4r....7r....8r....>r....Nr.....r.....r.....r....(s.....s....ss.....s.....s.....s.....s.....s.....s.....s.....t.....t....$t....Dt....Xt....kt.....t.....t.....t.....t.....t.....u.....u....<u....Hu....Uu....}u.....u.....u.....u.....u.....u.....u.....v.....v....(v....8v....Jv....gv....}v.....v.....v.....v.....v.....v.....w.....w....$w....8w....Lw....Pw....Sw....Zw....nw.....w.....w.....w.....w.....w....!x....8x....@x....kx....yx.....x.....x.....x.....x.....y....8y....Dy....Ky....Wy....jy....my....wy..!..y.."..y..$..y..%..y..6..y.....z.....z....=z...._z.....z.....z.....z.....{....1{....Z{.....{.....|.....|....:}....e}.....}.....}....\~.....~....e...................................h............
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-4QGIR.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):213458
                                                                                                                                            Entropy (8bit):5.5395530922461615
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:Uaw4pmXvzfnX9ouLnusr71h5Q6g8xGTTXtjq7:44479bx71h5o8xGTTXtjq7
                                                                                                                                            MD5:ACD431246CD9A57C6EDC3BB536725BAC
                                                                                                                                            SHA1:2BF6609859614FFFF59835CC646F312616CA3221
                                                                                                                                            SHA-256:B22241D17F0C892396F3263F2BEDD44460604A9D4EE9BA95DD3AE53FC3D43D30
                                                                                                                                            SHA-512:E4BCD40A768521284BF7C9448BC1AC58E48033D72792DE210F403AAD525AD872D0C68948A91E31F9C9CDE5F16B3CC6CAE74E5E2E415F2BDB5AD974AAE5985980
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z..o..{..p..|..p..}..p..~.$p....,p....1p....>p....Dp....Sp....dp....mp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q....6q....>q....Fq.....q.....q.....q.....q.....q.....r.....r.....r.....r....#r....*r....-r.....r....6r....Ar.....r.....r.....r.....s.... s....ms.....s.....s.....s.....s.....t.....t.....t....)t..../t....Bt....mt.....t.....t.....t.....t.....t.....u.....u....Ku....Xu....su.....u.....u.....u.....u.....u.....u.....v.....v.....v....9v....Ov....Zv....jv....wv.....v.....v.....v.....v.....v.....v.....v.....v.....w....:w....Ew....Lw....`w....sw....vw....yw.....w.....w.....w.....w.....w.....x.....x....>x....Qx....\x.....x.....x.....x.....x.....y.....y....@y....`y....qy.....y.....y.....y.....y.....y..!..y.."..y..$..y..%..z..6.(z....Dz....Oz....az....xz.....z.....z.....z.....{....,{....S{.....{.....{.....|.....|....1}....O}.....}....7~.....~....-.....E.............................C.
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-6PNUQ.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):207112
                                                                                                                                            Entropy (8bit):5.405317166443281
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:gQyhkDXL+6p0z3J/lP+/mC3g+Nv4e6mZlJhkB0+a+57EwutVnhQ8TuvZSoktzrUb:gQyhMy6UHWtvO5t1Aepl
                                                                                                                                            MD5:EE5C1574D99F22BD073E313F74A7B005
                                                                                                                                            SHA1:3CF49D1A6C4EAD4DDDE1BDB7B47F27D396DEA174
                                                                                                                                            SHA-256:52D3C377728C5B1E04EF760E7F73E1A948F39E575718DAA1B2CCEC06BA66A2F1
                                                                                                                                            SHA-512:E83CC25FEAC5F8ADD571A0C6B0091B4253952AAD3F90EFD0C6FA1885A1871A59EB90B1897732D527772ED420320469F27F3C2C997DC02B517B52E170F1549F8D
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z..o..{..o..|..p..}..p..~.!p....)p.....p....;p....Ap....Pp....ap....jp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q....6q....?q.....q.....q.....q.....q.....q.....q.....q.....q.....r.....r.....r.....r.....r....(r....9r.....r.....r.....r.....s.....s....Is....^s....vs.....s.....s.....s.....s.....s.....s.....s.....s.....t....5t....Ht....et....vt.....t.....t.....t.....t.....t.....u.....u.....u....?u....Wu....tu.....u.....u.....u.....u.....u.....u.....u.....v.....v....;v....Uv....iv....ov....xv.....v.....v.....v.....v.....v.....w.....w....3w....7w....:w....Ew....\w....qw.....w.....w.....w.....w.....x....!x....(x....Qx....fx.....x.....x.....x.....x.....y....*y....=y....My....Wy....ey....iy....wy..!..y.."..y..$..y..%..y..6..y.....z.....z....%z....5z....Jz.....z.....z.....z.....z.....{....Q{.....{....Z|.....|.....|.....}....y}.....}....p~.....~..........S.....h.......................\.
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-7FD80.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):181262
                                                                                                                                            Entropy (8bit):5.550867742212527
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:M5zxouk6QQR7Y8kdX4bh6/NL1zM89efrCOyyRqPjQ/TQn59EphfiB8sw5KgglY8k:mouk6/JgvZzM89efGOy8qz5pw5d5
                                                                                                                                            MD5:424663A523CE37F8A6087681FE3B05F3
                                                                                                                                            SHA1:C250B53402E3CA81A5B15B4AE9EFBE374D0B40DC
                                                                                                                                            SHA-256:A9AD65A2BC012CC22EFCEA44FF42DE06503043F7CE76CCAB8EDAA33456D339E7
                                                                                                                                            SHA-512:566ADF1626179BDB07615B63545B12DD304B7CBE43767E924A2806FA7FA8AC3B808A862375DD4723E985F15BA83760319A70C594E97934F91022446590FB10D6
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e.np..f.xp..z..p..{..p..|..p..}..p..~..p.....p.....p.....p.....p.....p.....p.....p.....q.... q....&q....5q....;q....Mq....Uq....Zq....bq....jq....rq....yq.....q.....q.....q.....q.....q.....q.....q.....q.....q.....q.....q.....q.....r.....r....$r....Mr....^r....fr....nr....ur....zr.....r.....r.....r.....r.....r.....r.....r.....r.....r.....r....!s....(s....Xs....es....ps.....s.....s.....s.....s.....s.....s.....s.....s.....s.....s.....t....!t....-t....Kt....bt....et.....t.....t.....t.....t.....t.....t.....t.....u.....u...."u....2u....>u....Yu....lu....yu.....u.....u.....u.....u.....u.....u.....u.....u.....v.....v....$v....Qv....Vv....^v....jv....wv....{v....~v.....v.....v.....v.....v.....v.....v.....v.....w....*w....1w....Ow....^w.....w.....w.....w.....w.....w.....x.....x....!x....+x....9x....=x....Fx..!.fx..".ix..$..x..%..x..6..x.....x.....x.....x.....x.....y....Ky....ay.....y.....y.....y.....y....Kz.....z....5{....]{....s{.....{....2|.....|.....}.....}....L}...._}.....}.....}
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-7GS7E.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):197834
                                                                                                                                            Entropy (8bit):5.46136579935785
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:15DmtixKqUrsSbOhlDZ1EPEzLkWJ1KMpIQoFIgRIu9QzaXIFqq5gNmKhCvF8eIXi:1pm4YOhlDo8qQgyxV5D2e5f
                                                                                                                                            MD5:3968448103F9D2FFA376D44F09EC3B09
                                                                                                                                            SHA1:11447469B1E2EA31E5E41175EACBF2688CFDCBFC
                                                                                                                                            SHA-256:37604F5A9BEAA114B1B72A94D868947B3CCC075CF1C6CCFBF52719CB9663C6D7
                                                                                                                                            SHA-512:D5A453918AF06D163E2588A2513AED689396DB0CDE8F92B23D0827DAED2834BAE5BCD9A873E0CA506B99B6EE85AC5924603446C38C0F4BAAD9496827D232307B
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z..o..{..o..|..p..}..p..~..p....%p....*p....7p....=p....Lp....]p....fp....{p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q....$q....,q....4q....rq....|q.....q.....q.....q.....q.....q.....q.....q.....q.....r.....r.....r.....r.....r....Ir....Pr.....r.....r.....r.....s....2s....Js....us.....s.....s.....s.....s.....s.....s.....s.....s.....s.....t....+t....;t....Zt.....t.....t.....t.....t.....t.....u.....u....;u....Ou....gu....lu....{u.....u.....u.....u.....u.....u.....u.....v...."v....1v....@v....Fv....Lv....ev....tv.....v.....v.....v.....v.....v.....v.....v.....v.....v.....w.... w....3w....Hw....ew....~w.....w.....w.....w.....w.....w.....w....&x....0x....Ix...._x.....x.....x.....x.....x.....x.....x.....x.....x..!..x.."..x..$..y..%.&y..6.7y....Xy....cy....yy.....y.....y.....y.....z....4z....Wz....|z.....z.....{.....{.....|....G|....a|.....|....-}.....}....$~....<~.....~.....~.....~.....~....9.
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-7LGTS.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):331863
                                                                                                                                            Entropy (8bit):4.857972381503547
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:03isBchA1mcECmtTDY3lwwCq4a3CUvp/M5I+l7dhNKpdPk13Xp:0SDyCCIF+p05IYdmp1kZp
                                                                                                                                            MD5:2C74AEE82345A042E0B20B04529B9F65
                                                                                                                                            SHA1:DE8301191E06A92FDA4B6AA0173D13144BC9D201
                                                                                                                                            SHA-256:164836B921FE78DD97D97F69AE63ED5BC84C24EB1C60978ABB1506FA53EC6EF3
                                                                                                                                            SHA-512:989131B1245308509B455AD02BD3CB14CE4602B51B859BEB349E0D4D213A4F48687947AC46D5C3DF958101017C06FB7C71CEC13D2488045329253C0F18BB7B19
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..p..z.8p..{.Ip..|.Up..}.dp..~.op....wp....|p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q....$q....,q....3q....:q....Aq....Cq....Eq....Fq....Gq....Iq....sq.....q.....q.....q.....q....\r....wr.....r.....s....As....Ks....Ws....ps....~s.....s.....s.....s.....s.....s.....s....St....]t.....t....yu.....u..../v....Yv.....v.....v.....v.....w....!w....<w....Uw...._w.....w.....w.....w.....x....Bx....cx.....x.....x.....x....-y....By....uy.....y.....y.....y.....y.....z....'z....8z....[z....uz.....z.....z.....z.....{.....{....O{....t{.....{.....{.....{.....{.....|....+|....J|.....|.....|.....|.....|.....|.....|.....}.....}....6}....Z}....z}.....}.....}.....~....O~....s~.....~.....~.....~....O.....a....................... .....D.....a.....q....................!.....".....$.(...%.F...6.n............................*......................:............................S......................Z................. .......................E......
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-7U002.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):179898
                                                                                                                                            Entropy (8bit):5.562438200939882
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:stN4O0pGfnwaYQHY3Hkg6cK0meM89emr32jkKNdsQ/TQm5UEpqBbBl3Q5ngglwVc:QKO/fnv4uJeM89emz2j7NZ5AQ55v
                                                                                                                                            MD5:2C4FF090C2235DF95B8C1799CFCCEC1D
                                                                                                                                            SHA1:1FDFEE5FDC8E4DC1BF797773A4C7B381640E94DB
                                                                                                                                            SHA-256:5519ED17B8DEEF30F441C2787A9F52FCB3DB68ACE2D619562E36F628AA2E805C
                                                                                                                                            SHA-512:3B60C15E534165CC9BCDD692C506A4D77B5690042B33E29C1FA27748B256DAC76B63AB5692C9F5C3E739B02A1190C435EE4EEE828673292D225E256F9CD189EB
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e.Jp..f.Tp..z.cp..{.qp..|.}p..}..p..~..p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q..../q....7q....<q....Dq....Lq....Tq....[q....bq....iq....kq....mq....nq....oq....tq.....q.....q.....q.....q.....q.....q.....q.....r..../r....@r....Hr....Pr....Wr....\r....cr....jr....qr....tr....ur....zr.....r.....r.....r.....r.....s.....s....:s....Gs....Rs....ms....ss.....s.....s.....s.....s.....s.....s.....s.....s.....s.....t.....t....-t....Dt....Gt....tt.....t.....t.....t.....t.....t.....t.....t.....t.....u.....u....#u....>u....Qu....^u....pu.....u.....u.....u.....u.....u.....u.....u.....u.....v.....v....6v....;v....Cv....Ov....\v....`v....cv....iv....yv.....v.....v.....v.....v.....v.....v.....w.....w....4w....Cw....rw....~w.....w.....w.....w.....w.....w.....x.....x.....x...."x....+x..!.Kx..".Nx..$.lx..%..x..6..x.....x.....x.....x.....x.....x....0y....Fy....ey.....y.....y.....y....0z.....z...."{....J{....`{.....{....#|.....|.....|.....}....=}....P}.....}.....}
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-8CJV9.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):308569
                                                                                                                                            Entropy (8bit):4.99767495715102
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:r+1f+7NED6HQaHJTdOWZpHuDGdfwXIeMHl/RmSwkBED4SAen6OFD2soo9RVAcR0S:r+uc6TT5PwYDvYjoFqM5yUQcut
                                                                                                                                            MD5:E6D8660B83E777DC84CA86DAB4276B2C
                                                                                                                                            SHA1:C38470C74EC5FA6C39C557A9AE1C62EA8C5949E7
                                                                                                                                            SHA-256:43044A0F8D2061E74409A4015258D16173E05BAB53C6C04602B34E5C9431F155
                                                                                                                                            SHA-512:21AA4D4DC988AF4C76E9614C3426568E6F0C00CD6FFE709FC92F929D1C3727B4403F40DE0537DB8DA80F1323A66669CA03AE4F520CC636CC24CFCE6D390C9C45
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..p..z.'p..{.2p..|.>p..}.Mp..~.Xp....`p....ep....rp....xp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q....#q....*q....,q.....q..../q....0q....5q....Qq....gq.....q.....q.....q....4r....Lr....kr.....r.....r.....r.....r.....s.... s....0s....7s....:s....;s....Bs....Ys.....s.....s.....t....Yt....ft.....t.....t.....t....2u....Bu...._u....hu....nu.....u.....u.....u.....u.....v....5v....]v....vv.....v.....v.....v....5w....Kw....mw.....w.....w.....w.....w.....w.....x....-x....Mx....lx.....x.....x.....x.....x.....y....By....ey.....y.....y.....y.....y.....y.....z....1z....}z.....z.....z.....z.....z.....z.....z.....z.....{....7{....P{.....{.....{.....{....)|....^|....m|.....|.....|.....|.....}....K}....c}.....}.....}.....~....!~....:~....Y~....q~.....~..!..~.."..~..$..~..%.....6.$.....Q....._.......................U.....t......................X...........................E................L...........1...............................
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-937OP.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):414114
                                                                                                                                            Entropy (8bit):4.419766342184668
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:vDmUCwsB8bLU2IQsDAhr09XpJnJcC9LGIHY5Ys+mJXIOwO3HV7w1pWRz8ZtEoL6:vD5D
                                                                                                                                            MD5:A7A2AC1B448E5E2A3841F971EB0F1765
                                                                                                                                            SHA1:77115AFC2AACCEAF7E06BFFA204636F5D43896DE
                                                                                                                                            SHA-256:82ED27A209D7D45FD6E5688DA0207E944D88C51B07EC8A4978B1CAB77F87A2EB
                                                                                                                                            SHA-512:79C61395E7FAC42C3A3E4B7BC4DFAD9D45BA920FDDE06EFEF5F565A9D8ADC023F5683C12A16CE3186A90DF9E56AAD3B21DFC56915117B08A4EC70B0565F93BE5
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ........T.R.e.Ro..f.mo..z..o..{..o..|..o..}..o..~..o.....o.....o.....o.....o.....o.....p.....p....(p.....p....=p....Cp....Up....]p....bp....jp....up....}p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p....+q....3q....Tq.....q.....q.....r.....r.....r.....r.....r.....r.....s.....s.....s...."s....Gs.....s.....s....ht.....t.....u.....u.....u.....v.....v.....v.....v.....v.....v.....w....9w....`w.....w.....x....&x....Vx.....x.....x.....x.....x....{y.....y.....y.....z.....z....9z....fz.....z.....z.....z.....{....){....k{.....{.....{.....{.....{....$|....Q|....u|.....|.....|.....|.....}....p}.....}...."~....4~....O~....p~.....~.....~.....~.....~.....~..........;.....w.......................I.....g................5.....P................+.....s..................................*...!.o...".r...$.....%....6.......F.....j..................................U.......................z...............U.................................X.................................).....Y.
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-9DA2V.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):219794
                                                                                                                                            Entropy (8bit):5.783289640322853
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:N87jR7eGB8ujYFS4bUKvVUEWz4m5ZrxCoqs+64nxDi+LUYM:N8Z78uWS4bUgUWm51J4xO+JM
                                                                                                                                            MD5:5B6F6D2FE69903939C7D3F085406BB5B
                                                                                                                                            SHA1:3B458BE93A629DD21412C90261C6E0FC75884A01
                                                                                                                                            SHA-256:0692D7D108C7E903B4FC7A7F279E206EFD0C00D7B886C089360AA44A4A8BA354
                                                                                                                                            SHA-512:1FE5C2DC8093CAD399DDF61F6A5FB64D200ED1EDEF0CA4A4F50B424D301344A74C916ED11770E9E2AE003306BCBE75BF0A0426EDE28334824EA657316CD57A6E
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z..p..{..p..|..p..}.*p..~.5p....=p....Bp....Op....Up....dp....up....~p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q.....q.....q.....q.....q....,q....Aq....Iq....Rq.....q.....q.....q.....q.....q.....r.....r.... r....'r....1r....8r....;r....<r....Cr....Tr.....r.....r.....r....4s....9s.....s.....s.....s.....t.....t....&t....5t....?t....Qt....Vt....kt.....t.....t.....t.....t.....t.....u....*u....-u....ju.....u.....u.....u.....u.....u.....u.....v.....v....)v....>v....Jv....jv....~v.....v.....v.....v.....v.....v.....v.....v.....v.....w....'w....;w....nw....vw....}w.....w.....w.....w.....w.....w.....w.....w.....w.....x.... x....<x....Wx....ix....tx.....x.....x.....x.....x.....y.....y....<y....gy....qy.....y.....y.....y.....y.....y..!..y.."..y..$..y..%..z..6.8z....Tz....kz....|z.....z.....z.....z.....{....9{....`{.....{.....{....)|.....|....4}....e}.....}.....}....p~.....~....i.......................4.....J.............
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-9TNNJ.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):220145
                                                                                                                                            Entropy (8bit):5.449647718917739
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:OqU+En5TqMckANvsowKtcg4bQ3celEIWLM+evLbML0WTEuei3oqgRBtry251HV80:OqU+En5TqMckANvsowK+g4bQ3celEIWY
                                                                                                                                            MD5:F1FA1B7E5EC7C5D472C56EE442AAAC09
                                                                                                                                            SHA1:4E5A93371D8E69306FF7104EC9E4BA9F1E658DE0
                                                                                                                                            SHA-256:F5D70B9D5DF7F62FCAA2346BD6405E87299CE3D49A95FB1B36F9476389EBE1CF
                                                                                                                                            SHA-512:B7BECB133488B3311A0E59E261020EE65828D7C0608510F225AD44B5BC455E917613F88954B328C99CE3CA26F3F052AA90D538B267031FFBF3A349E57D7E3DC3
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z..o..{..o..|..p..}..p..~..p....'p....,p....9p....?p....Np...._p....hp....}p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q....,q....Lq....Tq....aq.....q.....q.....q.....q.....r....&r..../r....7r....<r....Ir....Pr....Sr....Tr....Zr....lr.....r.....r.....r....8s....@s....{s.....s.....s.....s.....t....!t....&t....1t....At....Ft....\t.....t.....t.....t.....t.....t.....u.....u.....u....Pu....au....}u.....u.....u.....u.....u.....u.....u.....v.....v....+v....Qv....mv....yv.....v.....v.....v.....v.....v.....v.....v....$w....6w....}w.....w.....w.....w.....w.....w.....w.....w.....w.....w.....w....$x....>x....Yx....vx.....x.....x.....x.....x.....x.....y....,y....;y....ly.....y.....y.....y.....y.....y.....y.....y..!..z.."..z..$.2z..%.Wz..6..z.....z.....z.....z.....z.....{...._{....y{.....{.....{.....{....0|.....|....,}.....}.....}.....}....d~.....~..........6.....L............................K............
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-BG9HR.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):212148
                                                                                                                                            Entropy (8bit):5.56060465441926
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:Yfb35zO3gNzF7sBLU0niGFlZ5h9dttJct7BheudqcRfDDL5NKXXtUDeDDEL9KM1M:YbDn8rMNL5XD3c
                                                                                                                                            MD5:F231C9DC36BBF18D831A909D0710E990
                                                                                                                                            SHA1:340B0FE0BFAD72027B5C4851AD0CDD1E88DB8F2E
                                                                                                                                            SHA-256:06A56A4655190B25B41D3D51DCE80D1060FE63DDE5C7C3C0858B6FFEB06FBC35
                                                                                                                                            SHA-512:57DBAB7F4A4E8C1CDA3E42C512D68BE49ABEAA22FDD13D2EBBE6028B4B311342DFB596984E922DAEDAF2F34AAA363CD59E70816969864017736FCA7A9D46475E
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..p..z..p..{.#p..|./p..}.>p..~.Ip....Qp....Vp....cp....ip....xp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q.....q.....q.... q....!q....#q..../q....;q....Iq....Qq....Wq.....q.....q.....q.....q.....q.....r.....r.....r.....r....+r....2r....5r....6r....>r....Jr.....r.....r.....r.....s....'s....ss.....s.....s.....s.....s.....t.....t.....t....,t....2t....Gt....qt.....t.....t.....t.....t.....t.....u.....u....Bu....Pu....ru....}u.....u.....u.....u.....u.....u.....u.....v.....v....;v....Nv....`v....rv.....v.....v.....v.....v.....v.....v.....v.....v.....w.....w....Jw....Uw....]w....jw....~w.....w.....w.....w.....w.....w.....w.....w.....w.....x....2x....Fx....Mx....zx.....x.....x.....x.....x.....x.....y....Ey....Qy....by....my.....y.....y.....y..!..y.."..y..$..y..%..y..6..z....)z....?z....dz....yz.....z.....z.....z.....{....5{....Y{.....{.....{.....|.....}....A}....[}.....}....M~.....~....W.....s.......................7.......
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-BI396.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):354995
                                                                                                                                            Entropy (8bit):4.7504149843854595
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:gSmRxf37iqnq+sSlYhUiJGs/Y7fHKtAscm03IiJ6zJ155qtDSvypZu9s5XrhY81B:gSmRBriqnq+sSlYhUY/YfHKtA003IiJF
                                                                                                                                            MD5:285B973FD86C9E63FEE0C72A227E60B1
                                                                                                                                            SHA1:82BB3358F6404168A22618C666736D45B9652C15
                                                                                                                                            SHA-256:E3057F1085CC94A8A0BC5239C72D6A4E17557384A9E8F7DBCE43B021A962BC8C
                                                                                                                                            SHA-512:8EFD7A1F8850DAAC1824B01281B669DF98D075292BBFE6F61B5FDE2FFF92E027A058B332FB2F6F283B1439989EE0C8D1C585F4440B7A15D63B1B57522666652C
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..p..z.\p..{.dp..|.pp..}..p..~..p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q...."q....*q..../q....7q....?q....Gq....Nq....Uq....\q....^q....`q....aq....bq....gq.....q.....q.....q.....q.....q....Sr....hr.....r.....s....4s....Hs....^s....zs.....s.....s.....s.....s.....s.....s.....s....Vt....`t.....u....zu.....u....0v....Yv....~v.....v.....v....%w....Dw....Xw....sw....}w.....w.....x....<x....rx.....x.....x.....y....Ky....Ny.....y.....y.....z....%z....4z....\z.....z.....z.....z.....z....&{....6{....u{.....{.....{.....{.....|....F|....l|.....|.....|.....|.....|.....}..../}....J}.....}.....}.....}.....}.....~.....~....%~....9~....g~.....~.....~..........S.............................h......................".....C............................0.....R.....f.........!...."....$....%.....6.m......................*.....S.....................Y.............................c.......................m.....%..................................:......
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-CA5IV.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):221281
                                                                                                                                            Entropy (8bit):6.155519808066964
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:57ORo7OetsqECFFFg+bpvzJIv7OcwqJ9m44+Z1b+65l7Ihnvg/TS1U:57iitECFFej1Z1q65l7Iho/sU
                                                                                                                                            MD5:391E1918A8A201B63036AEE1C0CB7FBA
                                                                                                                                            SHA1:CCF76DE8F9B8123534FDBC295EB611084827AE44
                                                                                                                                            SHA-256:03B04C6BBBB0E70A9C7CEF6BB77EE6B766851780C5B1A9703516257DB4F00DA4
                                                                                                                                            SHA-512:1C5AB8352ACB9B691BD4254D5E08AE876B292ECE4806CB4A00E789CA9119C0881F944855F8247F6EA22D0A534EF320923BE2E086642B44B8A7D8FC344043B55B
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ........4.r.e..o..f.&o..z.6o..{.Go..|.Ro..}._o..~.go....oo....uo....|o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p....#p....*p....1p....3p....5p....7p....<p....Hp....Xp....kp....sp....|p.....p.....p.....p.....q....>q....Gq....Pq....Vq....\q....cq....jq....mq....wq.....q.....q.....q....Zr.....r.....r....<s....Os....bs.....s.....s.....s.....s.....s.....s.....s.....s.....t....&t....3t....Jt....Zt....zt.....t.....t.....t.....u.....u....$u....1u....Yu....ou.....u.....u.....u.....u.....u.....u.....v.....v....%v....8v....Lv....\v....ov....uv....{v.....v.....v.....v.....v.....w.....w.....w....0w....Cw....Iw....Lw....Rw....sw.....w.....w.....w.....w.....w...."x....?x....Kx....yx.....x.....x.....x.....y.....y....Oy....}y.....y.....y.....y.....y.....y.....y..!..y.."..y..$.)z..%.Fz..6.\z.....z.....z.....z.....z.....z....S{....o{.....{.....{.....{....G|.....|.....}.....~....U~....n~.....~....s...........|.....................B.....]................H.....e.
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-CRPKS.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):184050
                                                                                                                                            Entropy (8bit):6.711001547554978
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:uujw4XtNzPgDPS/t5lPpxs5nTYOEpelEKo423m5N/ggdSEIV6WUQlQ:Xjw47gDS/nRpu5nTYOF+K923m5T7WUQ2
                                                                                                                                            MD5:297EFCCD1B11EB2AF43E30B41832928A
                                                                                                                                            SHA1:68887DDD4DCB4AB75A1A4FA7148CE7EECB3B1524
                                                                                                                                            SHA-256:1A5100E638604EABC3B63CBADD1D33F2A9C7BAA9569194B56F59F03E07102173
                                                                                                                                            SHA-512:DE90BE89A2FAB8A8A878094330D307FABCFA64F3702907101008FDC64807CE767C7CC5E96F4A4BC3C29903BC8C5BCF6A55FA6504F75CCCA5EBF56A5E87EF1C1F
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ........[.K.e.`o..f.oo..z..o..{..o..|..o..}..o..~..o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p....&p.....p....9p....Ap....Pp....Up....]p....dp....kp....mp....op....qp....vp.....p.....p.....p.....p.....p.....q....(q....=q....vq.....q.....q.....q.....q.....q.....q.....q.....q.....q.....q.....q.....q.....r.....r...._r.....r.....r.....r.....r.....r.....s....(s....4s....:s....@s....Ls....Rs....ds....vs.....s.....s.....s.....s.....s.....s.....s....,t....At....Ut....^t....kt.....t.....t.....t.....t.....t.....t.....t....(u....7u....Du....Qu....]u....ou.....u.....u.....u.....u.....u.....u.....u.....u.....v.....v.....v.....v....@v....Fv....Lv....Rv....mv.....v.....v.....v.....v.....v.....v.....w.....w....?w....Kw.....w.....w.....w.....w.....w.....x.....x.... x..../x....>x....Dx....Px..!.kx..".nx..$..x..%..x..6..x.....x.....x.....y.....y....7y.....y.....y.....y.....y.....z....3z.....z....!{.....{.....{.....{.....|.....|.....}.....}.....}.....}.....}....?~....Q~.....~.....~
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-D57G0.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):245342
                                                                                                                                            Entropy (8bit):5.84655311624166
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:EXa81mFdCS0DdP5u0WurPoAY5Qggzb5JGjGlbTT9TCE:631mvCS0DdP5u0WYoh5QgQb5JGjGxT9h
                                                                                                                                            MD5:589587701E3AC4D94877BA75A6C391B7
                                                                                                                                            SHA1:816C6A6AAB8F0FD3262E55EACB26EA7F02886103
                                                                                                                                            SHA-256:49A7C511EF83547B3E9CF7C9A9857239BCEEB3CE1ED14DC8AA6177F9DFD489A9
                                                                                                                                            SHA-512:9E053AD3EF0A8B0FCE6087ED5A9E9C3F391C15956F660F484BFC30ECCA8E9F6ABEC5F4DCB4DE2486C813C4D03DF556739F55302A12DDFFCFB336BEF182F6BFC9
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ........f.@.e.vo..f..o..z..o..{..o..|..o..}..o..~..o.....o.....o.....p.....p.....p....'p....0p....Ep....Rp....Xp....gp....mp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q....oq....xq.....q.....q.....r.....r.....r....(r.....r....7r....>r....Ar....Br....Lr....^r.....r.....r.....r.....s....,s....us.....s.....s.....s.....s.....s.....s.....t....!t....,t....Nt.....t.....t.....t.....t.....t.....u....Du....Gu.....u.....u.....u.....u.....u.....u.....v..../v....9v....Pv....pv.....v.....v.....v.....v.....v.....v.....w....;w....Qw....\w....aw.....w.....w.....w.....w.....w.....w.....w.....x.....x.....x...."x....&x....Ax...._x....ux.....x.....x.....x.....y....)y....3y....^y....}y.....y.....y.....y.....z....Oz.....z.....z.....z.....z.....z.....z.....z..!..{.."..{..$.7{..%.S{..6.o{.....{.....{.....{.....{.....|....n|.....|.....|.....|.... }....m}.....}.....~....6.................U................I.....f......................7.......
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-D5QI5.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):488193
                                                                                                                                            Entropy (8bit):4.350436198796433
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:X83ErTMygVps7tB1EPalPeYtyFtLT5eAyL68gTJw5xi6QWQeC253D/wwMaKZPbUs:sVUn5q
                                                                                                                                            MD5:B9F856CC8141183331C1ACDD3129907A
                                                                                                                                            SHA1:C5F840C16BBB8D881CBBE6DC5ECE0224A2B233FA
                                                                                                                                            SHA-256:ABE6D7FA0EB7F06AC6E707429FBEDFD1A613E8DB394FDF04012F0C43988401A6
                                                                                                                                            SHA-512:9ECDEDA4E35795D36A621272903A07E3026BCCA38205430410694E2C3850D15C2CCA3077D24C6A60B9473CDA78AA7EFD79AEF6281B19A1BCB63EBD43A1769E98
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..p..f.Ep..z.vp..{..p..|..p..}..p..~..p.....p.....p.....p.....p.....p.....p.....p.....q....!q....'q....6q....<q....Nq....Vq....[q....cq....kq....sq....zq.....q.....q.....q.....q.....q.....q.....q.....q.....q....;r....Cr....[r.....s....8s....`s.....s....Gt....nt.....t.....t.....t.....t.....u.....u.....u....!u.....u....Zu.....v....+v.....v....{w.....w....[x.....x.....x....ay.....y.....y.....y.....y.....z.....z....gz.....z....${....[{.....{.....{....Y|.....|.....|....K}.....}.....}.....}.....~....+~....q~.....~.....~.....~....=.....z.................0.....R.................5.....|.......................I.....u.................:.....a.................................`................W.................^...............R......................J.....z...........W.................................J...!.....".....$....%.'...6.^................#.....Y...........e......................b................D.....C..........$...........4.....M.................`...........*.....s.
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-DFPQJ.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):342198
                                                                                                                                            Entropy (8bit):4.942768074879322
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:A30yAhpet+mXsnIyXN2hncSwte8t1C6RS6xJkQzNLPeXh9eHUqf3mKPzawxHKhPh:A3nAnet+mXsnIyXN2hncSwte8t1C6RSr
                                                                                                                                            MD5:EE0CD566B3F5B426C84B54A67EDD0FCD
                                                                                                                                            SHA1:B5E70099AB9221C7B48172615E90EEC4651BA962
                                                                                                                                            SHA-256:39282765B55EFF0CA9630220B563706E433D7CE8C2135D8282FED9C6F099B4D2
                                                                                                                                            SHA-512:C431AE6A9D872735089F2789EF2F3D070BD2B684429F112E6AF4100C135FA4D2513A4F2E9CC181489196CB48AF44E1AA67CADECA514BD2543343AF318CCEB409
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ........@.f.e.*o..f.Oo..z.uo..{..o..|..o..}..o..~..o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p....,p....2p....Dp....Lp....Qp....Yp....ap....ip....pp....wp....~p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q....nq.....q.....q.....r....*r....:r....Nr....fr....tr.....r.....r.....r.....r.....r.....r....=s....Gs.....s....Wt....ct.....t.....u....<u....~u.....u.....u.....u.....u.....v...."v....Pv.....v.....v.....v.....w....<w....ow.....w.....w.... x....0x....`x....qx.....x.....x.....x.....x.....y...."y....6y....@y....yy.....y.....y.....y.....z....Nz....qz.....z.....z.....z.....z.....{....+{.....{.....{.....{.....{.....{.....{.....{.....|....8|....Q|....l|.....|.....|.....}....4}....X}.....}.....}.....~...."~....V~....w~.....~.....~..........!.....E.....Y.....x...!.....".....$.....%.....6.......5.....@.....W.....w................8.....g.................h................d....................h......................`.....v......................%.....h.......
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-E1CDJ.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):200631
                                                                                                                                            Entropy (8bit):5.312091386971175
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:JoYA+HwGJtkOWkd+3XQWkxKRtV5I0CAj9v1LA225y+WzCgTVeaXF8ulP:mY7XtEkyKxofIrA9v1La5yxJh
                                                                                                                                            MD5:E983286AF56684AC8F86AF0FAA911C20
                                                                                                                                            SHA1:F321C7D05192A568BFA9A3F1F2E1E4F990CCB0FD
                                                                                                                                            SHA-256:590475F2A6700BF71AFC71CAFCFE8F8A8B6DADB97479F451CDB9A31DC40DC6DE
                                                                                                                                            SHA-512:2523F526189BA256E88321EC300BA4A70FC0CDC02A44F0303ACA328E8DB3882862FC797447139C35B79A20C46CD369E3C03EEFF43CA996078FFD4EC386728F75
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z..p..{..p..|..p..}.'p..~.2p....:p....?p....Lp....Rp....ap....rp....{p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q.....q.....q...."q....6q....Pq....Xq....]q.....q.....q.....q.....q.....r.....r....%r....-r....2r....<r....Fr....Mr....Pr....Qr....Wr....cr.....r.....r.....r.....s.....s....Is....Zs....ks.....s.....s.....s.....s.....s.....s.....s.....s.....t....$t....0t....Ht....Wt....st.....t.....t.....t.....t.....t.....t.....t....'u....=u....]u....fu....tu.....u.....u.....u.....u.....u.....u.....u.....v.....v....,v....3v....8v....Qv....`v....pv.....v.....v.....v.....v.....v.....v.....v.....v.....v.....v.....w.....w....5w....Qw....nw.....w.....w.....w.....w.....w.....x....#x....<x....Hx....sx.....x.....x.....x.....x.....x.....x.....x..!..y.."..y..$.$y..%.;y..6.Ly....ry.....y.....y.....y.....y.... z....;z....[z.....z.....z.....z....E{.....|....{|.....|.....|....K}.....}....^~.....~..........K.....`.............
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-ECM4I.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):545408
                                                                                                                                            Entropy (8bit):4.339298430593299
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:YImWQvJWPet4wEN2GIHX1lCnvQOW6x/ccsXAX2BdfQWc3iE5lkYrJXdbijOKcx1d:TdIQPetA2GIHh8TgcTiE5TKcx1d
                                                                                                                                            MD5:D98E2DD41A325C87076C53EE5DBFB288
                                                                                                                                            SHA1:AF5EE2F04A369FF547A302FC25D8A83625B4834A
                                                                                                                                            SHA-256:F40F81D87A618B7A09158141E6D9624DC020B0D4A7B665342D292C8F51756AEB
                                                                                                                                            SHA-512:7D6F23C8D5C5F09B08981C340E028BF45C7B9904C4FD3B78B87A79279E346AC676FB4561C7A0EFF64C45AEF5A742FC2D4971D8BDE8EB19487808C916933B1222
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..p..f.Cp..z.{p..{..p..|..p..}..p..~..p.....p.....p.....p.....p.....p.....p.....p.....q.....q....#q....2q....8q....Jq....Rq....Wq...._q....gq....oq....vq....}q.....q.....q.....q.....q.....q.....q.....q.....r....Lr....Tr....ur....5s....]s.....s.....s....Jt....nt.....t.....t.....t.....t.....t.....t.....t.....u....Su.....u.....v.....v....Xw....vw.....x....~x.....x....Vy.....y.....y.....y.....y.....y.....z....\z.....z....@{.....{.....{....2|.....|.....}.....}.....}.....}.....~....J~....W~.....~.....~..........+.....k.................B......................!......................+.....F...................................................[.....g.....j................&.....]..........&................D.....h................~..................................B.....v.....................!...!...."....$.....%.R...6.............>................3...........E................A...........................N................).................)......................6.......
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-EO6S9.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):198993
                                                                                                                                            Entropy (8bit):5.567506225604513
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:UJ58GRmi7XhTuO2pcAYrmirf5P5xiVWaGIbC+tiLQkh:m8+miJuOMa5TCbdU
                                                                                                                                            MD5:E629BD51C67169A7E1906B2CA793051F
                                                                                                                                            SHA1:59BCD61F90A572EE04B653E380F7FB037558EDF7
                                                                                                                                            SHA-256:6E9382D6368BAA4B971AB76C719E2D823583725218E5F291F3AEBF6DAA3300CA
                                                                                                                                            SHA-512:B9DB237549AEA84C2EE17A20C0357785DC0BF0563C7081E8F497E26E8363B4AE089F57A23DEB3786D4BCC94B97F0B218E28E036054C56F08D6356B225224E284
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z..o..{..p..|..p..}..p..~.)p....1p....6p....Cp....Ip....Xp....ip....rp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q....&q....:q....Bq....Jq.....q.....q.....q.....q.....q.....q.....q.....r.....r.....r.....r....!r...."r....*r....5r....pr....vr.....r.....s.....s....Ss....ds....ts.....s.....s.....s.....s.....s.....s.....s.....s.....t.....t....1t....It....[t....{t.....t.....t.....t.....t.....t.....t.....u....4u....Mu....eu....ku....{u.....u.....u.....u.....u.....u.....u.....v....!v....1v....Cv....Hv....Nv....ov....}v.....v.....v.....v.....v.....v.....v.....v.....v.....w.....w....(w....>w....Vw....uw.....w.....w.....w.....w.....w....!x.....x....cx....nx.....x.....x.....x.....x.....x.....x.....x.....y.....y.....y..!.:y..".=y..$.[y..%.qy..6.}y.....y.....y.....y.....y.....y....3z....Jz....rz.....z.....z.....z....d{.....|....f|.....|.....|....'}.....}.....}....g~.....~.....~.....~..........).......
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-G035B.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):220783
                                                                                                                                            Entropy (8bit):5.512968510461954
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:D+TvtQaR9gVcm9gjx3AfDoKesx4/X5WpI4tGQVQbOVPLYA/Djyp:DWLR9gvgjx3Ales2/X5H0dV/DGp
                                                                                                                                            MD5:7720A8B30ED4AD4F2066B24104A342CB
                                                                                                                                            SHA1:3715F4B689B36371BE57F8B3B428463B04E3D589
                                                                                                                                            SHA-256:9FFD87766181BF1302F0BC8C8426E247AA7ACC770F2DE7F92E8B248ABE7C5631
                                                                                                                                            SHA-512:E7BC6E12737AFFBA1A2D3B901D16801428EC379C249389B11B9681CEEF12771AD1EEBCB982AFA4E463321F28EDA791A42D8D27C5DEB74DE1B733364952C3074B
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..p..z.!p..{.2p..|.<p..}.Kp..~.Vp....^p....cp....pp....vp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q....!q....(q....*q....,q....-q.....q....0q....?q....Kq....Yq....aq....lq.....q.....q.....q.....r....$r....0r....<r....Ir....Qr....\r....cr....fr....gr....pr.....r.....r.....r....'s....ps....xs.....s.....s.....s....,t....7t....Qt....bt....ht....wt....}t.....t.....t.....t.....t.....u....$u....Ku....nu....qu.....u.....u.....u.....u.....u....&v....Gv....dv....mv.....v.....v.....v.....v.....v.....v.....w.....w....Aw....Xw....lw....tw.....w.....w.....w.....w.....x.....x....#x....=x....Yx....]x....hx....px.....x.....x.....x.....x.....y....Fy....iy....~y.....y.....y.....y.....y.....z....$z....4z....[z.....z.....z.....z.....z.....z.....z.....z..!..{.."..{..$.'{..%.D{..6.^{.....{.....{.....{.....{.....{....4|....L|....l|.....|.....|.....|....X}.....~.....~.....~.....~....=...........>...............0.....J.......................V.
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-HJ5MA.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):263008
                                                                                                                                            Entropy (8bit):4.796252414879489
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:GhNdH5tzZ6vG6za7VdpgCmI8lRj3ESnBTm8d6VgKabMD5mSrzk6e5TyXTp7IBcIz:G9zQDGdpgCT/8d6VgKabMD5nP/e5TyDq
                                                                                                                                            MD5:6E006E508B9CE1D625CD9C834FED3ABA
                                                                                                                                            SHA1:A3DE5BDE7F03F3CE7A49D8C9C3D222D4F1B92E33
                                                                                                                                            SHA-256:3EEB1A743C54F0E182C2A03A6CF496A6CC6D3DBDA604F8A78718C19A5F6172B1
                                                                                                                                            SHA-512:06ED0C3D1CBDF518AA7ADC233AE3AE55D7F1B70F37C390368B29C056BC8222B1C0D6BEBF7D2F4C627F3499416AE50CD62224B3CD2BADDD790539A3B31A49EDC6
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z..o..{..p..|..p..}.+p..~.6p....>p....Cp....Pp....Vp....ep....vp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q.....q.....q.....q....'q....@q....Yq....aq....tq.....q.....q.....r....Hr....er....mr....ur....}r.....r.....r.....r.....r.....r.....r.....r.....s.....s....xs.....s.....s....;t....Yt....wt.....t.....t.....t.....t.....t.....u.....u....7u....qu.....u.....u.....u.....u.....v....;v....>v.....v.....v.....v.....v.....v.....v.....w.....w....0w....?w....^w....ww.....w.....w.....w.....x....%x....Jx....]x....ux....}x.....x.....x.....x.....x.....x....By....Ly....Vy....ry.....y.....y.....y.....y.....y.....y.....z....Nz....xz.....z.....z.....{.....{.....{....B{....}{.....{.....{.....{....+|....N|...._|....l|.....|.....|.....|.....|..!..|.."..|..$..}..%.7}..6.H}....p}.....}.....}.....}.....}....S~....n~.....~.....~..........k.................1.................3..........g...........,............................j.
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-IF9F6.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):311518
                                                                                                                                            Entropy (8bit):5.1169741209646125
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:0xnYXyHMYZyOSaWb5wDfc7K6ZY3n+IL3CSINN2Dl8thiYA39J+efUZFanoaLe9qn:0xnYXysYZyOSaWb5wDfc7K6ZY3n+IL3V
                                                                                                                                            MD5:22DDA179D05BADE04D98CED496E994A2
                                                                                                                                            SHA1:C3252469CB0704118DC87EFF963730786EDE9CF8
                                                                                                                                            SHA-256:563B5A6997CA4E8AE8EDBEB9DE717B218B52194D90D564A8645244D1550D5356
                                                                                                                                            SHA-512:9DF01219047F6EE4D4369E7A02F390796424618C9084B04C3EADDC27E617870A308E7FB3F04F05C081B0B5A9F260BA28CEB75F0B622F2FEB26A877B9C1507E6C
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z..o..{..o..|..o..}..p..~..p.....p....!p.....p....4p....Cp....Tp....]p....rp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q....'q....Qq....Yq....hq.....q.....q.....r....cr.....r.....r.....r.....r.....r.....r.....r.....r.....r.....r.....s....ms....ys.....s....St....ft.....t.....t.....u....Su....fu.....u.....u.....u.....u.....u.....u....$v....Rv....jv.....v.....v.....v.....v.....v....Yw....sw.....w.....w.....w.....w.....x....3x....9x....Nx....sx.....x.....x.....x.....y.....y....Iy....yy.....y.....y.....y.....y.....y.....z...."z.....z.....z.....z.....z.....z.....z.....z.....z.....{....;{....Z{.....{.....{.....{.....|....T|....`|.....|.....|.....|.....}....@}....T}.....}.....}.....}.....}.....~....,~....?~....]~..!..~.."..~..$..~..%..~..6..~.... .....8.....`.................\.....|......................m............................F........................................A................R............
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-J61OM.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):440783
                                                                                                                                            Entropy (8bit):4.390030688606769
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:LiKwB/ykyM0y94HH03lJPFcQ+PE4L24Nz3JdFZSZhHJm3PbtftP/DYEYwC2BH77o:3wB/3tRs7BTi6xe/5sk7h
                                                                                                                                            MD5:199689E28DA8A80779A91E30B39DF841
                                                                                                                                            SHA1:F5B0DAA6B06102EB7CB8E0D3A2B8A7CC8E4EB3B5
                                                                                                                                            SHA-256:CF3CD4A70EF84CA72DA86309997D2E58EE151C9E089232F18BBF81302267EDE2
                                                                                                                                            SHA-512:33586318407A2B997F60BCE4830EC5CD8F2DEA05536B421B6EC1667D4D823F6F02080C941AC0DF69EB10BFAD7E0811C373FA46B225D19E0008AC092DDC763DFF
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z.!p..{.;p..|.Gp..}.Vp..~.ap....ip....np....{p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q.....q....%q....,q....3q....5q....7q....8q....9q....>q....`q.....q.....q.....q.....q....?r....[r....zr.....r....@s....Vs....es.....s.....s.....s.....s.....s.....s.....s.....s.....t.....t....8u.....u.....u.....v.....v.....v.... w....9w....dw....jw....yw.....w.....w.....w....1x....jx.....x.....x....$y....|y.....y.....y....1z....Tz.....z.....z.....z.....z.....{....:{....h{.....{.....{.....|....L|.....|.....|.....|.....|....4}....S}.....}.....}.....}.....}.....~....&~....E~.....~.....~.....~..........F.....O.....R.....n.......................C......................j.....y................k......................^............................1.....O.....t...!...."....$....%.4...6.t.....................?.....s.....?.....j................9....................................................../.....X.............................
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-JCPQ4.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):212733
                                                                                                                                            Entropy (8bit):5.654306457566975
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:T0UuMl4VYI6flLSHKmGhL4BpwO9vYpYxuilLeamWAKRDKe25V7KeY/SoYLmWhygV:GuHmL9FbLDK5a9gW5N+JwjB592
                                                                                                                                            MD5:A97382867A012148AEDDDD6EE3B15F3B
                                                                                                                                            SHA1:263531664B606FE910BA60E34D2FA588EEA940C6
                                                                                                                                            SHA-256:2C4A059C6CC812B64021246CE54A4D59D5F4E833C99216FC635B677C910AC469
                                                                                                                                            SHA-512:7D95B5249A0F98B63E847106F98253B8F9828E93643859E5DCFE7EC31D69243989DA465AC260922F4A8323A5C205975574FC5EC81F244A875401C01140681EAB
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..p..z..p..{.-p..|.7p..}.Fp..~.Qp....Yp....^p....kp....qp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q....#q....%q....'q....(q....)q....+q....Cq....Yq....nq....vq.....q.....q.....q.....q....2r....Lr....dr....kr....vr....{r.....r.....r.....r.....r.....r.....r.....r.....r.....r....<s....{s.....s.....s.....s.....s.....t....'t....7t....@t....It....`t....gt.....t.....t.....t.....t.....t.....t....'u....Ou....Ru.....u.....u.....u.....u.....u.....u.....u.....v.....v....)v....<v....Uv.....v.....v.....v.....v.....v.....v.....v.....w.....w.... w....Cw....Uw....hw....xw.....w.....w.....w.....w.....w.....w.....w.....w.....x.....x....+x....Px....jx.....x.....x.....x.....x.....y.....y....?y....Ly....hy....wy.....y.....y.....y.....y.....y.....z.....z....'z..!.Qz..".Tz..$.rz..%..z..6..z.....z.....z.....z.....{....&{....n{.....{.....{.....{.....{....8|.....|....U}.....}.....~....3~.....~......................3.....{.................
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-KLC22.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):346713
                                                                                                                                            Entropy (8bit):4.9603851961211145
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:TvNDIMFdPtq1PGnMQDohVgioiST4fZP50HB3IjqysLNiXEACq7MWxoQ:DND1TVnMQDWVKiSa50HB3IjqysLNiXEu
                                                                                                                                            MD5:03504CEDE03FEC5AB8FD8A192BDBFEE9
                                                                                                                                            SHA1:D4E839D8839A4E974D0AD0481516CDADB20CC22F
                                                                                                                                            SHA-256:F4CA39136C9EDD77F1A62719FAB1AD42606368206C7BFBF0D2CE272C4D04755D
                                                                                                                                            SHA-512:4B66F53A9B1C95B151B3DD8AEE1D0AC92CF5AD834197AC84AB1576E47FA0C127F312DAD7B4F550B32EB2E030FF8CA907287F1F8A7C9CCCC4E2FF8B8BD6F655D8
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ..........&.e..o..f..o..z..o..{..p..|..p..}."p..~.-p....5p....:p....Gp....Mp....\p....mp....vp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q.....q....'q....@q....}q.....q.....q.....r.....r....=r.....r.....r.....r.....s...."s....0s....Gs....Ns....Qs....Rs....es....{s.....s.....t.....t.....u....!u.....u.....u.....v....tv.....v.....v.....v.....v.....w.....w....Ew.....w.....w.....w.....x..../x....hx.....x.....x.....x....&y....Vy....gy....vy.....y.....y.....y.....z.....z.....z....Oz.....z.....z.....z.....z.....{....6{....W{....v{.....{.....{.....{.....{.....|....W|....k|....{|.....|.....|.....|.....|.....|.....}.....}....5}....n}.....}.....}.....}.....~....)~....|~.....~.....~.....~....*.....A.........................................'.....H...!.....".....$.....%....6.......P....._......................>.....l............................O.....&.............................{.....Q.....$....._...............R.....i............
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-KTMHR.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):230497
                                                                                                                                            Entropy (8bit):5.688415641931208
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:Ox4qxLc4bs5T02R2v7IDxO40HACnr4dumXvlo1u5NtPN5ZSxXk5cemFY7pbi69M+:oL44w5tcX4sud8K5cii6/8UYoBmdpEkq
                                                                                                                                            MD5:CD57194B7EF91048147A697D9E05F13D
                                                                                                                                            SHA1:AF775FBF31FE24FF03D7F20E54A13EBB704B1243
                                                                                                                                            SHA-256:4AF09D06ED83D394B46168FA7D812AC765C7CDC69483F41BA5B96925CC687025
                                                                                                                                            SHA-512:EC899EB1BAAE304A80D3B7D0D0B4A4ECBFD61717580A836136C0630DC51AB274EAB8F47C1991EF4BA521410D95326F05F2618D37BE9B245FEB8BA59FC0E4DBE2
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ..........!.e..o..f..o..z..o..{..o..|..o..}..p..~..p.....p.... p....-p....3p....Bp....Sp....\p....qp....~p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q....)q....1q....Aq.....q.....q.....q.....r.....r....$r....1r....Ar....Jr....Qr....Xr....[r....\r....fr....}r.....r.....r....Rs.....s.....s.....t....2t....Ft....xt.....t.....t.....t.....t.....t.....t.....t.....u....3u....Iu....ju.....u.....u.....u.....u....!v....9v....[v....dv....rv.....v.....v.....v.....v.....v.....w.....w....Ew....aw....nw....~w.....w.....w.....w.....w.....w.....w.....x....#x....3x....ux....~x.....x.....x.....x.....x.....x.....x.....x.....y....!y....Wy.....y.....y.....y.....y.....y....%z....8z....vz.....z.....z.....z.....z.....z.....{.....{....${....4{....A{....^{..!..{.."..{..$..{..%..{..6..{.....|....$|....V|....m|.....|.....|.....|.....}....=}....o}.....}....>~............................m.................6.....M.............................f......
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-LAS5M.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):196109
                                                                                                                                            Entropy (8bit):5.515328922402482
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:jVkt2SH4CzLAbaR/ESjU/PzO5FB0oYx9eNMCgO:iMSYiLAbaR/ESjU/rO5Wx9eNMCF
                                                                                                                                            MD5:C249F96644E34E449AC03940D27B5459
                                                                                                                                            SHA1:0D699B20763B1617466C767422AB165B59FFA44D
                                                                                                                                            SHA-256:283CF24024B414085511D8A8E6BDDDEA59EE6263ED117518E6A537D955EA2D34
                                                                                                                                            SHA-512:DBFEB0640D8634AF505CA32AFF8DD8E495317E0D6E1CA32FA315A13C68F6C358A24D94C66625FC4A8C3D1DF14F27BA85ECF5ADF7E49B9EE43B77040F3F28FB2B
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..p..f..p..z. p..{.1p..|.=p..}.Lp..~.Wp...._p....dp....qp....wp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q...."q....)q....+q....-q.....q..../q....1q....Aq....Sq....hq....pq....yq.....q.....q.....q.....r..../r....8r....Br....Hr....Mr....Yr....`r....cr....dr....lr....wr.....r.....r.....r.....s....4s....ss.....s.....s.....s.....s.....s.....s.....s.....t.....t.....t....:t....Lt....at....wt.....t.....t.....t.....t.....t.....u....'u....2u....Au....iu....~u.....u.....u.....u.....u.....u.....u.....v.....v.....v..../v....Ev....Rv....kv....qv....yv.....v.....v.....v.....v.....v.....v.....w.....w.....w.....w....!w....5w....Hw....Zw....sw.....w.....w.....w.....w.....w.....w.....x....0x....=x....Wx....ex.....x.....x.....x.....x.....x.....x.....x.....y..!.-y..".0y..$.Ny..%.gy..6..y.....y.....y.....y.....y.....z....az....vz.....z.....z.....z.....{....Y{.....{....U|.....|.....|.....}....{}.....}....T~....j~.....~.....~.....~..........].......
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-LAU41.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):234784
                                                                                                                                            Entropy (8bit):5.427664019946707
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:ncw1A2E8T6uwqVwa5oLMKvrxOIafWqx0VAW3Pwa55APYXVtHI4KMrwKuFviricja:nl1A2Eq6uwqVwLZOxWqxfW3PP55AoItt
                                                                                                                                            MD5:0005F26247663AF37DC31BE8B917ECD5
                                                                                                                                            SHA1:117E0FA329FD8C6CF2C50683112AA0AA9FB78E92
                                                                                                                                            SHA-256:E597FB2473F83DE44E44113C3B1B2BAAF1341E817405285F3FE9653FCB92E60A
                                                                                                                                            SHA-512:54CA9181D83A62A77E06C27A0AE3892700A231B361C02938092DEB4CC6A7AE0ED25D2E1DF5B43A9136832488271F3749BA8CBD2BC6458FC18360CFA01979990C
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z..o..{..o..|..p..}..p..~. p....(p....-p....:p....@p....Op....`p....ip....~p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q....*q....2q....=q.....q.....q.....q.....q.....r.....r.....r....!r....'r....4r....;r....>r....?r....Fr....Yr.....r.....r.....r....#s....*s....js.....s.....s.....s.....s.....s.....s.....s.....t.....t....'t....Lt....ft....{t.....t.....t.....t.....u.....u....8u....Iu....ju....tu.....u.....u.....u.....u.....u.....u.....v.....v....Gv...._v....mv.....v.....v.....v.....v.....v.....v.....w....,w....@w....Lw.....w.....w.....w.....w.....w.....w.....w.....w.....w.....w.....x....1x....Rx....ux.....x.....x.....x.....x.....x....6y....@y....Zy....ny.....y.....y.....y.....y.....y.....z.....z....3z..!.Vz..".Yz..$.wz..%..z..6..z.....z.....z.....{....!{....A{.....{.....{.....{.....{.....|....g|.....|.....}.....}....*~....L~.....~....f............................".....h................).
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-MC0MU.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):216250
                                                                                                                                            Entropy (8bit):5.409310666517049
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:9KfALzZhttta4k+SPbn4p49GaIwp0NWzX9MkAli0ndb6y9G7+X8ku7+hOqMXTJvu:MoLVvaQ9aIwfA8K5FtM5b6ShToCbzkf
                                                                                                                                            MD5:834732342FEEFB18FB0ECAAC4F1C1C1D
                                                                                                                                            SHA1:AC9C6DDCAFDED36C1B7341D715D4D5AEC80EF6C4
                                                                                                                                            SHA-256:93913E4C314BCFA829AC8C0103F8C91F7A0E067055D821E388BF33448C6E62B4
                                                                                                                                            SHA-512:2BA8AE6A498F9CDB0B1294EE4BE1CBC8867EDE15B903DD23F3592A39F260DB6D7FAD0CD1455C0DA63B7DF96C94305AC9F13C0CC4114BB39ABF446D8D17985618
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z..p..{..p..|..p..}.+p..~.6p....>p....Cp....Pp....Vp....ep....vp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q.....q.....q.....q...."q....1q....Fq....Nq....\q.....q.....q.....q....(r....?r....Hr....Qr....Zr....`r....nr....ur....xr....yr.....r.....r.....r.....r.....s....Ts....\s.....s.....s.....s.....t...."t....<t....Mt....Vt....gt....lt.....t.....t.....t.....t.....t.....u....&u....Eu....Hu.....u.....u.....u.....u.....u.....u.....v....*v....2v....@v....Ov....]v.....v.....v.....v.....v.....v.....v.....w....+w....0w....8w....^w....pw.....w.....w.....w.....w.....w.....x.....x.....x....#x....:x....Ux....lx.....x.....x.....x.....y.....y....#y....Ey....Sy.....y.....y.....y.....y.....y.....z.....z..../z....;z....Mz....Yz....mz..!..z.."..z..$..z..%..z..6..z.....{....%{....?{....T{....n{.....{.....{.....{.....|....P|.....|.....}.....}....&~....Z~....w~.....~....q..................................2.....F............
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-P9LUJ.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):200457
                                                                                                                                            Entropy (8bit):5.506305593667926
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:ANOOZiJQKi8s5cTSk7Z3wVppfyC1a4wHt1Uf5SomQGyix/tugfUJm:fOiBq5c+kFwVpsL4wzUf5Syi5gE
                                                                                                                                            MD5:5A861D87313A482BC2E7DC57E6681FB4
                                                                                                                                            SHA1:C69E36ABB056EE8F3F79348ABAC3ACB4394A915D
                                                                                                                                            SHA-256:8657171AD659A7D9B9F2DEBC8D38B21D6A26B2C62A5FA9806AD5F1E42281FE63
                                                                                                                                            SHA-512:FA026559E84C018AA1DF4AB81AF0D575A912BA4BDC1A717960E5FF756B84DAFAE68F2601E8CCB5D023A0D6CA9F9888A7544C66F68CC0A5B9F86286D57C95300F
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z..o..{..p..|..p..}.(p..~.3p....;p....@p....Mp....Sp....bp....sp....|p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q.....q.....q.....q....+q....?q....Gq....Oq.....q.....q.....q.....q.....q.....q.....q.....r.....r.....r.....r.....r.....r.....r....*r....kr....rr.....r.....r.....r....+s....As....Xs....}s.....s.....s.....s.....s.....s.....s.....s.....s.....s.....t.... t....-t....Kt....qt....tt.....t.....t.....t.....t.....t.....u....$u....;u....Bu....Mu....]u....ju.....u.....u.....u.....u.....u.....u.....u.....v.....v.....v....1v....Av....ev.....v.....v.....v.....v.....v.....v.....v.....v.....v.....w.....w....-w....Gw....bw....{w.....w.....w.....w.....w.....w.....w.....x....4x....Zx....vx.....x.....x.....x.....x.....x.....x..!..x.."..x..$..x..%..x..6..y.....y....9y....Py....by....yy.....y.....y.....y.....z....6z....qz.....z.....{.....{.....|.....|.....|.....}.....}....$~....=~....q~.....~.....~.....~....$.....j.
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-QCHR3.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):513725
                                                                                                                                            Entropy (8bit):4.137034430743283
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:PwdcMeSt4YVnKr+IjCzDY8r3yHWX2QrghJHXK8izElmfmsTWnVJ6rwQzAiyiDjjM:vY4YVnKSIrq57X2T2A
                                                                                                                                            MD5:AF524DD96578F658F67A741B1E92D17B
                                                                                                                                            SHA1:C55A45300374620C318931CB57AD40A765C310E3
                                                                                                                                            SHA-256:424383793823735AF59C40CC5793220C6F532F253069E0B0D165BD81F6F22A2C
                                                                                                                                            SHA-512:D53467C43D3C35B2D3784240BEB092FA859AE953B00CA3CD5463FEEE77BBE7D31F1D5B7D616FF7255338542BC241685F3B7B508FDBF2E86B080894A12205622C
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z..p..{.$p..|.0p..}.?p..~.Jp....Rp....Wp....dp....jp....yp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q.....q.... q....!q...."q....'q....Uq.....q.....q.....q.....q.....r.....r.....s.....s.....s.....t....#t....8t....Dt....ct....jt....mt....nt.....t.....t.....u.....u...._v....@w....ew.....w....:x....xx.....y....<y.....y.....y.....y.....y.....y.....z....~z.....z.....{....N{....v{.....{....&|....)|.....|.....|.....}....-}....:}....b}.....}.....~....)~....W~.....~.....~....F.............................@.....}.....................T.....|................W.....c......................".....%.....7.....o.................N.................\...............E.....m.....................a...........V.....{...................... .....Z...!.....".....$....%.0...6.g................D............................R.............................7.....:..........!...........q..........c...........W...........(.....i.....$.
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-R4DPQ.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):263635
                                                                                                                                            Entropy (8bit):5.778437569667112
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:MmxrWbunYdNwS4PkwV44mh7NH7amHe5UlHa7TTrs9+TeXN5VQ:MmFWbugC8O5cgEVQ
                                                                                                                                            MD5:0973852ACCF4D6A3FD349AF92103930C
                                                                                                                                            SHA1:F5E8088157758222A5F12D92468E3278379ACC9D
                                                                                                                                            SHA-256:66AABE9A5BA75B9A4B0761F9514F5C858A6B47590805BF01B29357D41C8A8EEC
                                                                                                                                            SHA-512:5E0CB63935952E57CE7B3E24B18E7F50D1C2410E8BEA239084EBB5C00FF2A697B81414F98A2D6E80E470BD1DCAB319116AE1F02A68599C1BD9E8DE37EB6E82D3
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ........H.^.e.:o..f.Oo..z.so..{.~o..|..o..}..o..~..o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p...."p....'p..../p....:p....Bp....Qp....Vp....^p....ep....lp....sp....up....wp....yp....~p.....p.....p.....p.....p.....p....Jq....\q....kq.....q.....q.....q.....q.....q.....r.....r.....r.....r....)r....<r.....r.....r.....s....xs....~s.....s.....t....$t....Wt....ft.....t.....t.....t.....t.....t.....t.....t.....u....!u....6u....Ku....]u.....u.....u.....u.....v....$v....*v....7v...._v.....v.....v.....v.....v.....v.....v....#w....Gw....Ww....gw.....w.....w.....w.....w.....w.....w.....x.....x....@x....Fx.....x.....x.....x.....x.....x.....x.....y.....y..../y....Yy.....y.....y.....y.....z....@z....gz.....z.....z.....z.....z....5{....V{.....{.....{.....{.....{.....{.....|.....|.....|..!.a|..".d|..$..|..%..|..6..|.....}.....}....5}....V}.....}.....}.....}.....}....&~....P~.....~................................w.................=.....X......................I...........".....U.....v.
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-R7MKQ.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):506652
                                                                                                                                            Entropy (8bit):4.30192063278737
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:LA/7g2ZWe0xa0f8R2rfOGE0q+Y6d9H6kUumMvCWUpYRpReiYF2wgatQc7b/5xlVL:6s45Rdg/NaV5V1fl
                                                                                                                                            MD5:065444239A1186C90BE9CDAB751FBF35
                                                                                                                                            SHA1:A404D241DC5C878EE984B9A020868C3B3A657D48
                                                                                                                                            SHA-256:FAABB7A5FA487EAFB250A3EE4EC3DDAB0AD03CFF829FB1CAB9635137E921CCA2
                                                                                                                                            SHA-512:739A45C84B12026C875E729D8C86B535C2DA1CD89C4F4CBA61E43167F90CE9B72D48548E405FBF2D2C0B07A4352F5CD7E90C7671979CF8BE5BA964F18BCFC0E8
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..p..f..p..z._p..{.pp..|.|p..}..p..~..p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q.....q....6q....;q....Cq....Kq....Sq....Zq....aq....hq....jq....lq....mq....nq....sq.....q.....q....!r....)r....Ar.... s....Es....ms.....s....>t....Vt....zt.....t.....t.....t.....t.....t.....t.....t.....u.....u.....u....[v.....v.....w.....w.....w.....w....Sx....kx.....x.....x.....x.....x.....x...."y.....y.....y.....z....nz.....z.....{....I{....L{.....{.....|....O|....s|.....|.....|.....}....9}....T}.....}.....}....(~....|~.....~.....~..........S.................!.....9..................................................2.....A.....D.....b................2.................S.................(................0.....]................Q......................2.....R.....g.........!."...".%...$.C...%.....6......@.....[................@...........J.................4..................................e.....R.....Q.....S.................`...........B...........9.......
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-S580S.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):218494
                                                                                                                                            Entropy (8bit):5.516547957390761
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:K5YLDa7H91A2d8C9rt1r0OtU9tKl+bbX0XlY7jAjTJj5XK5uryuYOUCcot+gbN9V:K5nc23R1rFtU9tdbbkT95XK5oJ9pTMO
                                                                                                                                            MD5:ED2106BFA538EE1A1972FB48E82C205E
                                                                                                                                            SHA1:BE21B950998704AC0F6A4F8FE2DFE7831E4DB188
                                                                                                                                            SHA-256:947E97554065B7013F8ACD19CB100FAB9794B0FC1D07E40A054C838D05EEC710
                                                                                                                                            SHA-512:8CB551E560C315E0CF1E788EC330B83C8A90D2E1AA08A111D22FC3D56A910E950A346913C32E4D7DF74F6118CF5F9A42CDAB42F9AA95A6CC747986962C94C37C
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ........{.+.e..o..f..o..z..o..{..o..|..o..}..o..~..o.....o.....o.....p.....p....!p....2p....;p....Pp....]p....cp....rp....xp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q....gq....pq.....q.....q.....q.....q.....q.....q.....q.....q.....r.....r.....r.....r....!r....hr....or.....r.....r.....r....=s....Ss....}s.....s.....s.....s.....s.....s.....s.....s.....s.....t....+t....9t....Zt....jt.....t.....t.....t.....t.....t.....u.....u....$u....Lu....au.....u.....u.....u.....u.....u.....u.....u.....v.....v....(v....Lv...._v....uv....{v.....v.....v.....v.....v.....w.....w....#w....@w....Ww....[w....^w....gw.....w.....w.....w.....w.....x..../x....Vx....tx....{x.....x.....x.....x.....x.....y....)y....ay.....y.....y.....y.....y.....y.....y.....y..!..y.."..y..$..z..%.=z..6.Nz....uz.....z.....z.....z.....z....${....G{....g{.....{.....{.....{....N|....-}....u}.....}.....}....q~.....~................0.....x.....................3.......
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-T1MUS.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):457090
                                                                                                                                            Entropy (8bit):4.354413694492152
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:Ql3VKqp1cEZP7e7PnxpDTv7Kk2E5YTrHf4g:Ql3cqYgOv7N51g
                                                                                                                                            MD5:1CD091C254F6C9C549F01E17549129F3
                                                                                                                                            SHA1:CAEE7C690B81EE2A39D806598891BBE419FED0F0
                                                                                                                                            SHA-256:A62F577569410E4049F79D08D53879F63A54FEDD2182D534D2DA51A772DABD2B
                                                                                                                                            SHA-512:F82136D291DAE41C1552ED140AB2889005BB4548B69BC02DAB45B50D47589B2561C6E187B7AC618FC58312EAEEA46587643A65446584E3C889D1A52B0B824CA4
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f.)p..z.Tp..{.ep..|.qp..}..p..~..p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q....$q....,q....1q....9q....Aq....Fq....Nq....Uq....\q....cq....eq....gq....hq....iq....nq.....q.....q.....q.....q.....r.....r.....r.....s.....s.....s.....s.....s.....t....!t....=t....@t....At....Xt....yt.....u.....u.....u....Ev....]v.....v.....w....Kw.....w.....w.....w.....w.....x....$x....6x....ex.....x.....y....Oy.....y.....y...."z.....z.....z.....{....3{....a{.....{.....{.....{.....{....(|....\|.....|.....|.....|....1}....y}.....}.....}.....}....D~....z~.....~.....~.....~....4.....V.................$.....-.....H.....t..................................*.....c................1.....p................].......................L.....q..........._.....x............................S...!.....$.....%.....6..............................J................F................T................|...........4...........'.....4.....b.........../.....[..........0............
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-TFQOM.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):444860
                                                                                                                                            Entropy (8bit):4.395789113611724
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:I+ykaHXU1YBuawHMkLUCs7gVKYRQbN/TaGn49jjJm3nH0I0UUVWUg8Gz0G0aXBQP:kEWOEk57Q1Ba
                                                                                                                                            MD5:55E07E4AFDDCAC229A6DC9681A71930C
                                                                                                                                            SHA1:C8E80B209AFF6C0672846E45A5CAD70E294372C4
                                                                                                                                            SHA-256:D82AA183B17C3118C5D4637C827F144320349B3F741B4E9D45E2DBB949EA3C16
                                                                                                                                            SHA-512:0F80DDB888D25FDA2486BF9DBAECF64BC3A6754CFF0813916DA8952B1B8CD28A3A0BC43D551AE86E451A8C0F01AF46C9D4FBA1FD5E777E1EB7A30B77AFF517D7
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z.&p..{.7p..|.Cp..}.Rp..~.]p....ep....jp....wp....}p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q.....q....!q....(q..../q....1q....3q....4q....5q....7q....Yq....~q.....q.....q.....q....or.....r.....r.....s....Ls....es....~s.....s.....s.....s.....s.....s.....s.....t....1t.....t.....t.....u.....v....,v.....v.....w....'w....qw.....w.....w.....w.....w.....x...."x....Tx.....x.....x....?y.....y.....y....-z....zz....}z.....z.....{....6{....U{....r{.....{.....{.....{.....|....R|....t|.....|.....|....F}....Y}....~}.....}.....}....+~....a~....p~.....~.....~.....~....).....K.............................Y.....b.....e.....t.................,.....t.................Z.......................2......................8.......................H.....x....................!.....".....$.4...%.....6......7.....m................Q...........U.................d......................}...........`.....?.....D.....]................k...........a...........M.
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-TV1OH.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):203901
                                                                                                                                            Entropy (8bit):5.3971465326087
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:Q6jO/7YnIdOYa7aaLsj35oDzGp5tJLHwC:TjAYzdo35Xp5N
                                                                                                                                            MD5:DDE1FB53C6D60EE9BFBEA56B10D560FE
                                                                                                                                            SHA1:E227032C65FD15F95134D5737D6A82153D64F88E
                                                                                                                                            SHA-256:3E589DCCAC1C2334B85D3F177722FD6F8D888C9E447911989AB3D07BF2565FA3
                                                                                                                                            SHA-512:E64993EFBF7551D4F2CBA1C670FB1D8719B6C227288AA1D5ABFE7120010ECA045B15193D6B6B2EC5863EEF4EB4942AFEB41E89BCB2B6F63BFFDEA3946E7752B0
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z..o..{..o..|..p..}..p..~. p....(p....-p....:p....@p....Op....`p....ip....~p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q....3q....;q....Gq.....q.....q.....q.....q.....q.....r.....r.....r.....r....#r....0r....7r....:r....;r....Br....Nr.....r.....r.....r.....r.....r....+s....Cs....Xs....}s.....s.....s.....s.....s.....s.....s.....s.....s.....t.....t....<t....Lt....mt.....t.....t.....t.....t.....t.....u.....u....?u....Uu....ru....xu.....u.....u.....u.....u.....u.....u.....v.....v....1v....Bv....Xv....bv....hv.....v.....v.....v.....v.....v.....v.....w.....w....,w....0w....3w....8w....Iw....cw....{w.....w.....w.....w.....x...."x....)x....Ix....[x.....x.....x.....x.....x.....y....<y....Fy....Qy....]y....ty....|y.....y..!..y.."..y..$..y..%..y..6..z....$z....3z....Tz....gz.....z.....z.....z.....{....5{...._{.....{.....{.....|.....}....H}....q}.....}....]~.....~....N.....k.......................-.
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-U2ET3.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):193889
                                                                                                                                            Entropy (8bit):5.417598000601806
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:u/obUNNM6J5moL4KvbrNZ/WmRD1HmA8oTbbjQHvziOKrIplgevsmCTF5B6aj/d8E:uA0qqrxmHonB5BKOWtwsEa7a
                                                                                                                                            MD5:8F9985B0B7BCCD6C22A60A2DDF9F8B72
                                                                                                                                            SHA1:48EB5000362567230AECE13533A20201BC7E9DA5
                                                                                                                                            SHA-256:D08A7519762B44981D6D8CCEBFEB2D736EFBDC24AD3FFDDED15D7EFA443D2C8E
                                                                                                                                            SHA-512:3CA06BC1F77DEDE019B11225336ED660D8EFDFA24C7AE6C3DDD8C88BF6DB4DBFDA207676DFD1195948F64A8026AFEB0D91A55FFA322FD99289FCEB59E7B3538D
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ............e..o..f..o..z..o..{..o..|..p..}..p..~..p....'p....,p....9p....?p....Np...._p....hp....}p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q....$q....,q....3q....xq.....q.....q.....q.....q.....q.....q.....q.....q.....q.....r.....r.....r.....r.....r.....r....Kr....Qr.....r.....r.....r.....r.....r.....s....3s....=s....Is....Ps....Ws....ls....ss.....s.....s.....s.....s.....s.....s.....t..../t....2t....^t....kt.....t.....t.....t.....t.....t.....t.....t.....u.....u....*u....Hu....]u....hu....yu.....u.....u.....u.....u.....u.....u.....u.....u.....v.....v....?v....Cv....Jv....\v....iv....mv....pv....uv.....v.....v.....v.....v.....v.....v.....w....8w....>w....`w....uw.....w.....w.....w.....w.....x....7x....Ix....Rx....]x....sx....vx.....x..!..x.."..x..$..x..%..x..6..x.....y....$y....=y....Qy....jy.....y.....y.....y.....z....9z....vz.....z.....{.....{....5|....K|.....|.....}.....}.....}.....~....R~....c~.....~.....~
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-VJQHQ.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):202474
                                                                                                                                            Entropy (8bit):5.45762263137586
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:4tHAZ7zVwWSkk2HVaSxhH5eN49g6YPW9ZF33Q+02aJYXZlkMrz9DFQZGtATccqz4:gCrr0aHQmkGZ5sgEzzj2XHhw37
                                                                                                                                            MD5:022CA5DC88A35BB83F9A0F34148A7FF5
                                                                                                                                            SHA1:A8E758C20BE09FB539F70A0808F16088D75F9412
                                                                                                                                            SHA-256:B78F9778B90BA923BC8866508AB0CD264965B1754E6FA1A9B0115B26D8C03C59
                                                                                                                                            SHA-512:B766C36DBD268F01B6B8771C35B62224AE3B3C1FC11269264E9A7A563D727DF4B14B43055B4900EF41F25E72A859D9B35829260985754CBA094BFDF193CE3055
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ........k.;.e..o..f..o..z..o..{..o..|..o..}..o..~..o.....o.....o.....o.....o.....p.....p....&p....;p....Hp....Np....]p....cp....up....}p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p....Jq....Sq....lq.....q.....q.....q.....q.....q.....q.....q.....q.....q.....q.....q.....r....Rr....[r.....r.....r.....r....<s....Ns....as.....s.....s.....s.....s.....s.....s.....s.....s.....t.....t....1t....Mt....at.....t.....t.....t.....t.....t.....t.....t.....u.....u....Eu....bu....gu....uu.....u.....u.....u.....u.....u.....u.....u.....u.....v.....v....$v....+v....Gv....Rv.....v.....v.....v.....v.....v.....v.....v.....v.....v.....w.....w....Kw....nw.....w.....w.....w.....w.....w.....w....*x....8x....Mx....]x.....x.....x.....x.....x.....x.....x.....x.....y..!./y..".2y..$.Py..%.ky..6..y.....y.....y.....y.....y.....z....iz.....z.....z.....z.....z.....{....e{.....|....w|.....|.....|....?}.....}....C~.....~.....~..../.....L.....z.................8.....`.
                                                                                                                                            C:\Program Files\Voicemod Desktop\locales\is-VL07T.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):309144
                                                                                                                                            Entropy (8bit):5.044227364542228
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:rnVTJwuHNKGzNw0C819TwwP3ee6unt5kgRNyPKRMt2b30TdhTEpTSeGHwduYcdUK:ZHHw+3GunzXw2xcl7SKk5ZNjS3HDjnjT
                                                                                                                                            MD5:346A05E1E727F648394DFC4FC0CAF272
                                                                                                                                            SHA1:488117B83394AC599F68D89EE6CB4AFDC101617D
                                                                                                                                            SHA-256:D218BED61BB4E7B3BAD7F4AB45C7BAAED247D9ADC926A51C11A1B0F978D72245
                                                                                                                                            SHA-512:7338BC976F7D663C29CA10FF4CD653FC3DA701C88D9CC613C370E9A46DBE0F2E3D4B6D6A3C2BDF492F21E134A0F3DC5D8076FEC17BE3584E1D9C786FF23812F6
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ..........".e..o..f..o..z..o..{..p..|..p..}..p..~.&p.....p....3p....@p....Fp....Up....fp....op.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q....9q....nq....vq.....q.....q.....r....+r.....r.....r.....r.....r.....r.....r.....r.....s.....s.....s....$s....rs.....s.....s....6t....It.....t.....t.....t....Qu....fu.....u.....u.....u.....u.....u.....u....0v....Rv....pv.....v.....v.....v.....w.....w....Ow....dw.....w.....w.....w.....w.....w.....x....$x....;x....Nx....ex.....x.....x.....x.....x.....x....*y....Cy....^y....by....ly.....y.....y.....y....#z....+z....>z....Uz....pz....zz.....z.....z.....z.....z.....{....?{....g{.....{.....{.....{.....{....P|....g|.....|.....|.....|.....}....V}.....}.....}.....}.....}.....}.....}.....~..!.H~..".K~..$.i~..%..~..6..~.....~.....~..........%.....I.......................+.....]...........".................................v.....'................W.....................U..................
                                                                                                                                            C:\Program Files\Voicemod Desktop\unins000.dat
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):139613
                                                                                                                                            Entropy (8bit):3.8965383528981263
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:yBocjRk6l4spVxU9Ri4YeGMQwjsG85LWW+pUZgC5sVpN0esOpoasGjPkBcbYTv2t:koMRdfeiwjsG85LeU830GpAb2xSJR2
                                                                                                                                            MD5:B87D3459186F5B8A81567062D115CC38
                                                                                                                                            SHA1:9E20C77B323FD2BDA75762CE732D9652C48655A2
                                                                                                                                            SHA-256:AFEF2605BB3C07957203026AD47D06ED136669A0F27DA255AF203B83104A909E
                                                                                                                                            SHA-512:351BF04A59C6737981D13119760936483B52F476D0980577B43453762F71EDF7E78A49F967B8E1545F950FA57FAB2CEF9CBADF95615248DA9BE7E6775AE3AD54
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: .........................................................................................................................................................................................................................................................................................................................................................................................................................................................................lP.......}........3.0.2.4.9.4......h.a.r.d.z......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.V.o.i.c.e.m.o.d. .D.e.s.k.t.o.p................6...R.. .....:.....~..IFPS....G...8...5................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM..........................TFONT....TFONT.........TOBJECT....TOBJ
                                                                                                                                            C:\Program Files\Voicemod Desktop\unins000.msg
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):23277
                                                                                                                                            Entropy (8bit):3.2719500437081046
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:J1EjfpCkf3STsfr69FTyPanTa1tznL7VF+Iqfc51U5YQDzU5XfbKJg/BYo:J1EF6ir64+WX+7Q1U5YQDzi7/BYo
                                                                                                                                            MD5:A4ACCE1E05A6AA265AC2B2F8F9FFCE6D
                                                                                                                                            SHA1:085617AD6CEA05CF90CFFA86B06E1E70C75E75C8
                                                                                                                                            SHA-256:DED9043A4DE93F1A7BEC57EF9A5CAF535A66837921DCFD7DB62AC9AA81037FBC
                                                                                                                                            SHA-512:0C4CA57341160C1B194934AFC9798525EDC0AA02C90AD460AC1E5F5F9978F22DC28230A0ADBB38074D12D72CDC8AED83E3E8882812EF597F499CD6A814796BF0
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: Inno Setup Messages (6.0.0) (u)......................................Z.._...dU..C.a.n.c.e.l. .i.n.s.t.a.l.l.a.t.i.o.n...S.e.l.e.c.t. .a.c.t.i.o.n...&.I.g.n.o.r.e. .t.h.e. .e.r.r.o.r. .a.n.d. .c.o.n.t.i.n.u.e...&.T.r.y. .a.g.a.i.n...&.A.b.o.u.t. .S.e.t.u.p.........%.1. .v.e.r.s.i.o.n. .%.2.....%.3.........%.1. .h.o.m.e. .p.a.g.e.:.....%.4.....A.b.o.u.t. .S.e.t.u.p...Y.o.u. .m.u.s.t. .b.e. .l.o.g.g.e.d. .i.n. .a.s. .a.n. .a.d.m.i.n.i.s.t.r.a.t.o.r. .w.h.e.n. .i.n.s.t.a.l.l.i.n.g. .t.h.i.s. .p.r.o.g.r.a.m.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.
                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\edb.chk
                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):24576
                                                                                                                                            Entropy (8bit):0.36205444996716485
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:UtcctcMtcctcMtcctcMtcctcQtcctc0tcctc:UtTtDtTtDtTtDtTtTtTtbtTt
                                                                                                                                            MD5:353C0E84A6C573D30B15481706263B9A
                                                                                                                                            SHA1:4DCBF5ED97F1251EEF6E0747906368AB5639D0FA
                                                                                                                                            SHA-256:4412C6044B8C975D5BAB1F0E173339AE2A091A3B4D2DFBF771F1E9B854EF1751
                                                                                                                                            SHA-512:210B6E533923CF5F3FE255C39E1B2D243F675D2C022FA613E3ABD680FB552A2FD9079BF1699C91A5033AED47E29EE0191CF6E307429554A3128D2C009E047AFD
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: .............'..........3...w..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................................................).............................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\edb.log
                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16384
                                                                                                                                            Entropy (8bit):0.24026158820327892
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:bfQrGaD0JcaaD0JwQQP7Ag/0bjSQJa8tt4hKrls15llKrls15l:bfQtgJctgJwH0rjSua8tt4espisp
                                                                                                                                            MD5:40A61EC2CEF678B50C3AD684D9DEB501
                                                                                                                                            SHA1:7FACA87DD133E070F914CDCD1829AB2D69201512
                                                                                                                                            SHA-256:0F049C5171E4FAA29B62190787A4BC5D73BBCF6628D3908A4F46F1B61FACE08C
                                                                                                                                            SHA-512:3C4BBADB779365BBE9139C31EC09D9BFADEB159062A992107FFF741FA42D6D1AEE4BB3AF972140C3D33320F73118E92C4F631B8BE62E090765EE658AC9BEB093
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ....E..h..(......5...y............... ..1C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................5...y............&......e.f.3...w.......................3...w..................h..C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b...G............................................................................................................................................................................................................
                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                            File Type:Extensible storage engine DataBase, version 0x620, checksum 0xf0b2c480, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):131072
                                                                                                                                            Entropy (8bit):0.09757040598018256
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:60+ZsO4bl39OKk0+ZsO4bl39OK9G0+ZsO4blMK9G0+ZsO4blMKS0+ZsO4blYsMKP:9rtxlxtgOgGfff
                                                                                                                                            MD5:6621A9C621945F44A93CAA6885E19357
                                                                                                                                            SHA1:DDCA33120F8CEB91DC2F2278DF86D0C31EDE6D9F
                                                                                                                                            SHA-256:318E1C228D37C4D1053105A01EE46A30BACEA4D25480E5EA77877247E6597722
                                                                                                                                            SHA-512:74434FC274913FDDB42B96355A39953714F335C8CC6ACDA2F90A05BDCC8A585DC4E446C73F698FA8D492B06A956DFEC8FB3FABE1EEEF4DCD4FB2AC0CEEDB65ED
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ..... ................e.f.3...w........................&..........w...5...y..h.(..............................3...w...........................................................................................................B...........@...................................................................................................... ........3...w......................................................................................................................................................................................................................................5.)..5...ymk.....................5...ym.........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):32768
                                                                                                                                            Entropy (8bit):0.1159384600812501
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:Btamyt4R+AlmyIMc26uRzs7JlA0ymyt+nsivlA0rm5lWnssymJlA:Lwt4Xedu1s9Yt+nsiRnsTm
                                                                                                                                            MD5:8090ED35A7938E076CBDDAA554820EDD
                                                                                                                                            SHA1:6AD2CC7D5579EB7608CCF126A42270DF5F4A7788
                                                                                                                                            SHA-256:0CFFFCAE733DA16438792F5BC7112A717CF0E609A24ABABBB4EDCE7C0485C3A5
                                                                                                                                            SHA-512:EA6538CFD571DB87E1AF68B6F5A19511DC7EE8773B0C14426DF2020B196A3C249617C671BCCA5B02EDE79FE64BE3E96595D102DBE30BC24DE043D56738AED4C1
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: .Z.......................................3...w...5...ym......w...............w.......w....:O.....w.......................5...ym.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voicemod\Voicemod.lnk
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Mar 23 19:54:28 2021, mtime=Tue Mar 23 19:54:28 2021, atime=Wed Mar 10 17:07:14 2021, length=5710480, window=hide
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):962
                                                                                                                                            Entropy (8bit):4.557589278043736
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:8mv32bp7YXPU1hl+YudpF4CRRKAUmQGSu4el4OPjALubdp3jmTWjORbdp3jml5DO:8m+CYudxKAUh64SAWd9xid9F+m
                                                                                                                                            MD5:4F317F614D623CD028DBCACFE6951511
                                                                                                                                            SHA1:C3D0A988E002C022805A510B7F85F362A7D77DD3
                                                                                                                                            SHA-256:969B83EE10D838A7C88E41FB2293303F53412D0FBBF27A4EFDEE2A8A34666185
                                                                                                                                            SHA-512:BE31C34777504218FD1E547955D86434232EFE5342893A0F1155DB1BFDDB868717A7E2F236D9CE0B50E0AFA3C2AEBC7600B01E0BDBCD2190161E5C95DA4D06B3
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: L..................F.... ...rX..& ..HA_.& .....2....."W..........................P.O. .:i.....+00.../C:\.....................1.....wR...PROGRA~1..t......L.wR.....E...............J........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....j.1.....wR...VOICEM~1..R......wR.wR.....7S........................V.o.i.c.e.m.o.d. .D.e.s.k.t.o.p.....t.2.."W.jR. .VOICEM~1.EXE..X......wR.wR......|........................V.o.i.c.e.m.o.d.D.e.s.k.t.o.p...e.x.e.......d...............-.......c............w......C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe..D.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.V.o.i.c.e.m.o.d. .D.e.s.k.t.o.p.\.V.o.i.c.e.m.o.d.D.e.s.k.t.o.p...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.V.o.i.c.e.m.o.d. .D.e.s.k.t.o.p.`.......X.......302494...........!a..%.H.VZAj......-.........-..!a..%.H.VZAj......-.........-.E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............
                                                                                                                                            C:\ProgramData\Voicemod\DesktopApp\install.info
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):61
                                                                                                                                            Entropy (8bit):4.7481313459658745
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:buLWG4/md5+W4Bm+FVn:buPqR3bn
                                                                                                                                            MD5:BD054845B198D786281AC17E066CE3F4
                                                                                                                                            SHA1:DEE6AA7DC84549471009BCF5F0DBC35BAEC6A8A3
                                                                                                                                            SHA-256:111B3185D16A5ED90BB9D825B6C43A932146E532623C6D880BA107EC7A01DDC2
                                                                                                                                            SHA-512:42FF22EA077E5AF8E3AA9BEF9F396616F5EA71D27F38BB5C6857DF99654AF02E7D9EA71B94F1D85D6799EBDD4B082E2532DD5EEF45FE7D5E8848D5A841A86407
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: .{ "installpath": "C:\\Program Files\\Voicemod Desktop" }..
                                                                                                                                            C:\Users\Public\Desktop\Voicemod.lnk
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Mar 23 19:54:28 2021, mtime=Tue Mar 23 19:54:28 2021, atime=Wed Mar 10 17:07:14 2021, length=5710480, window=hide
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):944
                                                                                                                                            Entropy (8bit):4.582007708946116
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:8mv32bp7YXPU1hl+YudpF4CRRKAUmQGSu4el4OPjAL0mbdp3jmTWjORbdp3jml5i:8m+CYudxKAUh64SAYCd9xid9F+m
                                                                                                                                            MD5:F6DD435BE5F9F8D955FF2F034770C748
                                                                                                                                            SHA1:5A805A0F04F4B697479E3A83949560B743794EF4
                                                                                                                                            SHA-256:FBFCDCF160290A2EAA1929E23BF1112573B61DB1FFF4312754F1AE9E55B56EB1
                                                                                                                                            SHA-512:CD9322846944CA4AC40EFED25CF17414190EAB4772BA96DF9F68F6F4CCBE5FD87AA75B51A7CFB8726B6739AB3DD83FFDEF3B490986050AACF7F79DAA9DEEE790
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: L..................F.... ...rX..& ..HA_.& .....2....."W..........................P.O. .:i.....+00.../C:\.....................1.....wR...PROGRA~1..t......L.wR.....E...............J........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....j.1.....wR...VOICEM~1..R......wR.wR.....7S........................V.o.i.c.e.m.o.d. .D.e.s.k.t.o.p.....t.2.."W.jR. .VOICEM~1.EXE..X......wR.wR......|........................V.o.i.c.e.m.o.d.D.e.s.k.t.o.p...e.x.e.......d...............-.......c............w......C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe..;.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.V.o.i.c.e.m.o.d. .D.e.s.k.t.o.p.\.V.o.i.c.e.m.o.d.D.e.s.k.t.o.p...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.V.o.i.c.e.m.o.d. .D.e.s.k.t.o.p.`.......X.......302494...........!a..%.H.VZAj......-.........-..!a..%.H.VZAj......-.........-.E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............
                                                                                                                                            C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl
                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):65536
                                                                                                                                            Entropy (8bit):0.10996796263044084
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:26+szXm/Ey6q99955Hq3qQ10nMCldimE8eawHjcUv:26kl686LyMCldzE9BHjcU
                                                                                                                                            MD5:F75F6E90D1D196B5C32FEF83CDC06D52
                                                                                                                                            SHA1:39E0BF45879F1D37ECD6A1FBBEE2347FF7167B4C
                                                                                                                                            SHA-256:EC41862D8DC604F83879920FA7237318F320FBC3A396261DD09633ADFB74CBF1
                                                                                                                                            SHA-512:94283AC72716AC249965ED5F18C4BBD7350D6F806C98728A547D8F563D7B1DA19A461B022580BF2EA0D5C7BDB6D67DA0FEE86F34547FE92B1C27F0C8D7E65FD7
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ........................................................................................k.:......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................mk+.+..... .........& ..........S.y.n.c.V.e.r.b.o.s.e...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.S.y.n.c.V.e.r.b.o.s.e...e.t.l...........P.P...........:.....................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                            C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl
                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):65536
                                                                                                                                            Entropy (8bit):0.11248420569098956
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:zlzXm/Ey6q99955gh1miM3qQ10nMCldimE8eawHza1miIhEf:zYl68wh1tMLyMCldzE9BHza1tIC
                                                                                                                                            MD5:CB274523B331F561F9A854FA54169A57
                                                                                                                                            SHA1:0A61C31BC3BAFD2E5AEFCB7BE97CDA5DB7C297A3
                                                                                                                                            SHA-256:1B837CD0BBC2D28468A447087790D1AFB0DC84B6D23F22B40A49429B015C76AE
                                                                                                                                            SHA-512:55BC656207710661707C0A12812F471138832C3FDFDD5CC332FD7BF6BBF7B817D40E72549FB9FF155E06E50A48196B10610DFDED1CF5FF6AD790DC994FA04078
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: .........................................................................................l8......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................mk+.+..... ......&.& ..........U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...e.t.l.......P.P.........ns8.....................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                            C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl
                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):65536
                                                                                                                                            Entropy (8bit):0.11227232385731226
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1ldzXm/Ey6q999552w1mK2P3qQ10nMCldimE8eawHza1mKVf:1lwl68b1iPLyMCldzE9BHza1x
                                                                                                                                            MD5:E43D3587204ECA2980E3E2FF5F01745E
                                                                                                                                            SHA1:1B7244D8C33E855AC1C050AAA725B5DC0FC79BD2
                                                                                                                                            SHA-256:5ADF47798B3A2D4B719EE834BFF59B267A5A64739648718B6EA0F07A73D3FDC9
                                                                                                                                            SHA-512:19FF1AD6F8ACC63C11904D0065E492736565F86F0F5EEC9F863AB2C9FAB5D46C1266EAF7F097EB6E188BF01728516E02D780C60A753A3F12AB6BC903539FFC48
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: .........................................................................................Z5......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................mk+.+..... ........& ..........U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...e.t.l.......P.P..........c5.....................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                            C:\Users\user\AppData\Local\Temp\Setup Log 2021-03-23 #001.txt
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):96602
                                                                                                                                            Entropy (8bit):5.052813178579115
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:EMRHg+zy69iijgNnrgYNghyfQ0+90i6rjGcduSjwh:HRHg+zy69iijgzW
                                                                                                                                            MD5:5D140292E4EE0C3F1E63074CF4F42A9F
                                                                                                                                            SHA1:13481C0BC8D43CE2B1BF2A4D57A2E61D43F693CF
                                                                                                                                            SHA-256:7403B7618039EF8A7BA1CABFE02D7853017DFFF8BB6502C29027670300875D32
                                                                                                                                            SHA-512:1F2AC7A795C3C3874BBBD8A7C14A1F898A9C948C506EF545BC0AC9D0635C1B551A048A308FC043B6CFD2206407F8A862DB6E460EA35F42AFA11230183AB59684
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: .2021-03-23 13:53:19.850 Log opened. (Time zone: UTC-07:00)..2021-03-23 13:53:19.850 Setup version: Inno Setup version 6.0.3 (u)..2021-03-23 13:53:19.850 Original Setup EXE: C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exe..2021-03-23 13:53:19.850 Setup command line: /SL5="$50230,66830058,819200,C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exe" ..2021-03-23 13:53:19.850 Windows version: 10.0.17134 (NT platform: Yes)..2021-03-23 13:53:19.850 64-bit Windows: Yes..2021-03-23 13:53:19.850 Processor architecture: x64..2021-03-23 13:53:19.850 User privileges: Administrative..2021-03-23 13:53:20.007 Administrative install mode: Yes..2021-03-23 13:53:20.007 Install mode root key: HKEY_LOCAL_MACHINE..2021-03-23 13:53:20.007 64-bit install mode: Yes..2021-03-23 13:53:22.600 Created temporary directory: C:\Users\user\AppData\Local\Temp\is-LK17V.tmp..2021-03-23 13:53:22.600 -- DLL function import --..2021-03-23 13:53:22.600 Function name: GetSysCur
                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-LK17V.tmp\_isetup\_setup64.tmp
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6144
                                                                                                                                            Entropy (8bit):4.720366600008286
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                            MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                            SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                            SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                            SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................
                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-LK17V.tmp\bg-bottom.png
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PNG image data, 690 x 83, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1361
                                                                                                                                            Entropy (8bit):5.365786780530033
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:T+3EtuflEpEMI427gdetEMI427gdetEMI427gdetEMI427gdetEMI427gdee:63EtuII427lI427lI427lI427lI427U
                                                                                                                                            MD5:A85701BBAC20A65391E4E202AFC96204
                                                                                                                                            SHA1:A0E73596A79BAAA29FBBB368BD132E3EE49D3B03
                                                                                                                                            SHA-256:7E3058ACB23E999D1DDFDEA122AFD33BC487B075C2A966AFFEEC4D38CDBB738F
                                                                                                                                            SHA-512:55B1015A0D6A613104AE7EDB64A59D198A176EE4FC0C32D9F1AF1E7AD577AF606ADF55EA5586AD25443FB9EA9E770DBC2267301027C1A5F3DB5EFF928086A27F
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: .PNG........IHDR.......S.....c......sRGB........DeXIfMM.*.......i...................................................S....n.Q=....IDATx...... .CAu..?..[<.N............ @............... @...0d........ @ )`.&.&4..... @..!..... @....I.C6.6... @......Y. @.......H.....M....... `........ @.@R..M.Mh.... @...CV... @........l.mB. @........:@....... ..0d.o........ @........ @.....!.|..... @........ @......$.....&@.......0du....... @ )`.&.&4..... @..!..... @....I.C6.6... @......Y. @.......H.....M....... `........ @.@R..M.Mh.... @...CV... @........l.mB. @........:@....... ..0d.o........ @........ @.....!.|..... @........ @......$.....&@.......0du....... @ )`.&.&4..... @..!..... @....I.C6.6... @......Y. @.......H.....M....... `........ @.@R..M.Mh.... @...CV... @........l.mB. @........:@....... ..0d.o........ @........ @.....!.|..... @........ @......$.....&@.......0du....... @ )`.&.&4..... @..!..... @....I.C6.6... @......Y. @.......H.....M....... `........ @.@R..M.Mh.... @...CV... @........
                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-LK17V.tmp\bg-inner.png
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PNG image data, 417 x 237, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):964
                                                                                                                                            Entropy (8bit):3.6275384204970926
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:6v/lhPkM/CkdVR/C+fWw98hvfffffffffffffffffffffffffffffffffffffffQ:6v/7v6S/D982t
                                                                                                                                            MD5:4A1378CCBCBCF4A320BFC4D63AABEF36
                                                                                                                                            SHA1:8F17DC3DF0A7310AB4A3914A81B7F5576E5546A5
                                                                                                                                            SHA-256:F3640A78436C8F83C8B055C74DA597E239524201DF4AE6DB52A3141A1A47699A
                                                                                                                                            SHA-512:6800224D90FB8C00F31B51A485B90CE0FBC26AEA993484A148981D9EF41EE0FF712D43816C1F8EF8B511165DE70683AD98202BAF27D1A7FB9F31AA88FF17836E
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: .PNG........IHDR..............E.a....sRGB.........gAMA......a.....pHYs..........o.d...YIDATx^..1..0....x.:S..0...... !.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. #!.2.. ..C....:.....IEND.B`.
                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-LK17V.tmp\bg-top.png
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PNG image data, 690 x 413, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):33528
                                                                                                                                            Entropy (8bit):7.836837631676318
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:VFCC0KTrl/RDVcBemW5iWJYIYVbAKrDMx5Ur94T1qkr:LClKTR8BemWHGVbD45N4kr
                                                                                                                                            MD5:DC19715992C0051D1456308B41F04E98
                                                                                                                                            SHA1:85ABF86DD0E738638FFF84ECD44E5B3CDBB4B96D
                                                                                                                                            SHA-256:86BFE5ACDA1B1FC9BC8F205A58C824AD58179925D2CEAE11B2A341122604457D
                                                                                                                                            SHA-512:2F7B3BFA6C084B830213996F7691B6ABCB9EFD0AC44DA4739972758B4EAB0478E46761D8590FCEA03D2902909C2C992F1EED1EF48E353A05BA67C06189D2117F
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: .PNG........IHDR..............k......sRGB........DeXIfMM.*.......i.........................................................."..@.IDATx...w|.....Gw..-Y.r...c.{...`zo.).B.$.H(.%........H....{.6..m.v.{.Yy.{w{..>.$...s........Gs.3ieeea!!.... .... ...|}.~.]..@....@...,..Y.# .... .....I...>..q.. .... .......@....@........}.k..@....@....d.?.... .... .'..d....M#.... ............@....@.O.......F....@.... ...... .... .@.. .._.7.... .... @ .....@....@..>)@ .'.6n....@....@.@.... .... ...}R.@.O~m.4.. .... ...,...@....@.......l...i..@....@...Y.. .... .....I...>..q.. .... .......@....@........}.k..@....@....d.?.... .... .'..d....M#.... ............@....@.O.......F....@.... ...... .... .@.. .._.7.... .... ......@........C..[ni5.`...O....{H^^.u......eee...{....%.......w.....r...<P.~..Z.J...+..A...{.)......F..o.O>.....r..A..$>_.}...-.y...Hyy.l..V....| uuu.sn;........:..G.%......k..d.....!+W...S.Z[.z.....uJ=._/.......s=}.f..pO...#.... ...O@...?.P....xj..... 4`{.7../..B.9.H
                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-LK17V.tmp\botva2.dll
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):35840
                                                                                                                                            Entropy (8bit):6.170138105760338
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:Aoi9qZO9Q4rAJa4debLTMkUuzXIu53w4eGlV:Av9qZMQVGLyu5r3V
                                                                                                                                            MD5:0177746573EED407F8DCA8A9E441AA49
                                                                                                                                            SHA1:6B462ADF78059D26CBC56B3311E3B97FCB8D05F7
                                                                                                                                            SHA-256:A4B61626A1626FDABEC794E4F323484AA0644BAA1C905A5DCF785DC34564F008
                                                                                                                                            SHA-512:D4AC96DA2D72E121D1D63D64E78BCEA155D62AF828324B81889A3CD3928CEEB12F7A22E87E264E34498D100B57CDD3735D2AB2316E1A3BF7FA099DDB75C5071A
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................j..........$x............@.................................................................................................................................................................................................CODE....<h.......j.................. ..`DATA.................n..............@...BSS..................p...................idata...............p..............@....edata...............z..............@..P.reloc...............~..............@..P.rsrc...............................@..P....................................@..P................................................................................................................................................................................
                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-LK17V.tmp\buttons.png
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PNG image data, 160 x 272, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2024
                                                                                                                                            Entropy (8bit):7.198821612945268
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:bdP0R7jtgwE+oD2h+clpipipipCJw6jX0AUMbfGdMbfG1EtF/:RPWgwE+ph9l444qxT0bMb+dMb+1Er/
                                                                                                                                            MD5:87CC673665996A85A404BEB1C8466AEE
                                                                                                                                            SHA1:DF01FC67A739544244A0DDABD0F818BD960BF071
                                                                                                                                            SHA-256:D236F88EF90E6D0E259A586F4E613B14D4A35F3A704FF559DADDA31341E99C24
                                                                                                                                            SHA-512:2058E3FD362C689A78FB3D0A163FD21BFE472368649C43DC8E48B24FA4BC5ED1307FAF1CAB2C351A4DD28F903A72D4951A72D7EB27784FEE405884661A259C32
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: .PNG........IHDR.............7r......sRGB........DeXIfMM.*.......i........................................................|w.8...RIDATx...?N.I....F+..'.d$..d.s.G+..!8.^.......+ .H...WZAo..mb*......e....~....&/.... @....... @....... @........M`..]\\....]..|...!.S.@...d.nY......=|....z...../!..%......o..%~....F...[|..a.u.......F...Q6]..X.bFiK.G.t.s.`....-..e..)...f...p.MW:..V..Q...Q6]..X.bFiK.G.t.s.`....-..e..)...f...p.MW:..V..Q...Q6]..X.bFiK.G.t.s.`....-..e..)...f...p.MW:..V..Q...Q6]..X.bFiK.G.t.s.`....-..e..)...f...p.MW:..V..Q...Q6]..X.bFi+>.|7..K f/>.....t3....5.e..e...Y.@.........v......o.'..........}.......n@.. @....... @....... @....... @....... @....... @....... @........P`....t:..v5M...N...4R-....E4.M..'r..>.....O.z\K...@`._B.....O...xe#..O..|...E...z...WD^.(.......PT@...+..2PT@...+..2PT@...+..2PT@...+..2PT@...+..2PT@...+..2PT@...+..2PT@...+..2PT@...+..2PT@...+..2PT@...+..2PT@...+..2PT@...+..2PT@...+..2PT@...+..2PT@...+..2PT@...+..2PT`...6..A.Q.B..;`.4.@.
                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-LK17V.tmp\idp.dll
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):237568
                                                                                                                                            Entropy (8bit):6.42067568634536
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:dnSx3lws+iWbUmJmE8dxMw7r+mjT5PbzEFwyGIyTcHY10tSB9j:IP0bUmQEUr+mRcbTx4N
                                                                                                                                            MD5:55C310C0319260D798757557AB3BF636
                                                                                                                                            SHA1:0892EB7ED31D8BB20A56C6835990749011A2D8DE
                                                                                                                                            SHA-256:54E7E0AD32A22B775131A6288F083ED3286A9A436941377FC20F85DD9AD983ED
                                                                                                                                            SHA-512:E0082109737097658677D7963CBF28D412DCA3FA8F5812C2567E53849336CE45EBAE2C0430DF74BFE16C0F3EEBB46961BC1A10F32CA7947692A900162128AE57
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)Wj.H99.H99.H99..D9.H99..W9.H99..T9-H99zGd9.H99.H894H99..K9.H99..C9.H99..E9.H99..A9.H99Rich.H99........................PE..L......W...........!................Nr..............................................0............................... ;......h/..d.......................................................................@............................................text...i........................... ..`.rdata...n.......p..................@..@.data....:...@... ...@..............@....rsrc................`..............@..@.reloc..b-.......0...p..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-LK17V.tmp\vmdrv.inf
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):9330
                                                                                                                                            Entropy (8bit):5.543048080369521
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:Mq4tKHG5pWPl4yjr2K284I1kq4tKHG5pWPl4yjr2K284I1v:Mt8G5yl4y32K28j0t8G5yl4y32K28jv
                                                                                                                                            MD5:25C5C01A5E0ED4B569A4BC8B113CC514
                                                                                                                                            SHA1:A0B12490D34F93C344F7F2EEC4776DFD16691A21
                                                                                                                                            SHA-256:BC7CA0573C7AEF237D9080B69ACC04B50488C00681A745D3B978BF0DE6EE7847
                                                                                                                                            SHA-512:3A1BE11B3BB2A967674505D47DF34843CBFA595944EEBD78EC2F6959ECB1721C62BE7F8DD8B5B0098818F42D58F0E9BA89F7EC3E9822B235CD84BB2FD1B0B046
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: [Version]..Signature="$CHICAGO$"..Class=MEDIA..Provider=%VOICEMOD%..ClassGUID={4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 09/25/2020,2020.09.25.0..CatalogFile=vmdrv.cat....[SourceDisksNames]..222="Voicemod Driver Disk","",222....[SourceDisksFiles]..vmdrv.sys=222....;;This syntax is only recognized on Windows XP and above- it is needed to install 64-bit drivers on..;;Windows Server 2003 Service Pack 1 and above.....[Manufacturer]..%MfgName%=VoicemodDeviceSection,NTAMD64,NTIA64....;; For Windows Server 2003 Service Pack 1 and above, a 64-bit OS will not install a driver..;; unless the Manufacturer and Models Sections explicitly show it is a driver for that platform..;; But the individual model section decorations (or lack thereof) work as they always have...;; All of the model sections referred to are undecorated or NT-decorated, hence work on all platforms....[VoicemodDeviceSection]..%VOICEMOD_Driver.DeviceDesc%=VOICEMOD_Driver,*VMDriver....;; This section enables installing
                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            Process:C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2644104
                                                                                                                                            Entropy (8bit):6.392149194331632
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:M/bMELtKnwSaPuqrUJlORnUjzV8VkLwNd:MjMzVPeVCk
                                                                                                                                            MD5:E34D411292EEAD40863949B1E6A88A7D
                                                                                                                                            SHA1:8C788F559E0BA898D6AB0744F5F46AE79CF815AA
                                                                                                                                            SHA-256:5B2C2A7AA2E59E16E953C067D9B36B35E239BCA0D91664C1B87F5A79E4BED3CD
                                                                                                                                            SHA-512:5BE05B19C5619B9AE90F66C14EDE6B5448C7AABE83EB587B21468FFB76C48BCA22312ABC415502CE4ADA406ADF4EDCFD04C53E1A883242BFE1906396AFF7EE4A
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......]..................$..b........$.......$...@.......................... ).......(...@......@................... &.......%..5...P&.p............<(......................................@&.....................P.%.L.....&......................text.....$.......$................. ..`.itext...&....$..(....$............. ..`.data...TZ....$..\....$.............@....bss.....q...P%..........................idata...5....%..6...6%.............@....didata.......&......l%.............@....edata....... &......v%.............@..@.tls....D....0&..........................rdata..]....@&......x%.............@..@.rsrc...p....P&......z%.............@..@..............'.......&.............@..@........................................................
                                                                                                                                            C:\Users\user\AppData\Local\Temp\tasklist_VoicemodDesktop.exe.txt
                                                                                                                                            Process:C:\Windows\System32\tasklist.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:modified
                                                                                                                                            Size (bytes):9362
                                                                                                                                            Entropy (8bit):3.242699291244124
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:c9tmdhta0UooFZkZmb5ExTCfEpQSoo9Ysdc5bKkDxLcxkc23jEUIsw6GhNLYsr/e:c9tmdhta0UooFZkZmb5ExTCfEpQSoo9u
                                                                                                                                            MD5:4FA982F24760F6EC86A3799324F0C88F
                                                                                                                                            SHA1:F06F63A2764F84C1A60D0565FC9FD9893C7B6D90
                                                                                                                                            SHA-256:2798FC3D989E58CEED5D91323EFA760EFD490C54A6525EC26D93692A61AC4B17
                                                                                                                                            SHA-512:26CEF24C72AB3FB313320141D00A359C144DD1401CFCA849EF9F590A99C1D7D1FF342688784F56A42C474CD25377B195C2E0B36A403BA2BB82C0602CF549B101
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ..Image Name PID Session Name Session# Mem Usage..========================= ======== ================ =========== ============..System Idle Process 0 Services 0 8 K..System 4 Services 0 160 K..Registry 88 Services 0 11,196 K..smss.exe 300 Services 0 1,160 K..csrss.exe 392 Services 0 4,792 K..wininit.exe 468 Services 0 6,408 K..csrss.exe 480 Console 1 4,796 K..winlogon.exe 560 Console 1 13,684 K..services.exe 568 Services 0 11,284 K..lsass.exe 596 Services 0 15,956 K..fontdrvhost.exe 684 Services
                                                                                                                                            C:\Users\user\AppData\Local\Temp\tasklist_unins000.exe.txt
                                                                                                                                            Process:C:\Windows\System32\tasklist.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:modified
                                                                                                                                            Size (bytes):9440
                                                                                                                                            Entropy (8bit):3.24934756043352
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:c9tmdht80UroFZkPe/5ExTCfEpQ7qo9Ysdc5bKkDxLcxkc23jAUdsw6GhNLYsr/d:c9tmdht80UroFZkPe/5ExTCfEpQ7qo9g
                                                                                                                                            MD5:37CB5BA17DDB8A7618565DE837A23C10
                                                                                                                                            SHA1:6E51894729499BC2E09F6C026C6E11D663DFA369
                                                                                                                                            SHA-256:06693F5BE7394DD0C69D05B4D1226461012DEB4E0B515F9128A38E7A7E55A91A
                                                                                                                                            SHA-512:92091883222EFB05A0D9BFE50DB97C6D7A60ED3171B33C387A2333E0D416C109F6E2CE994F04D1FA6D1856661693A2EEFDFB34AB516C84B91E910D764AC5D625
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ..Image Name PID Session Name Session# Mem Usage..========================= ======== ================ =========== ============..System Idle Process 0 Services 0 8 K..System 4 Services 0 160 K..Registry 88 Services 0 11,196 K..smss.exe 300 Services 0 1,160 K..csrss.exe 392 Services 0 4,792 K..wininit.exe 468 Services 0 6,408 K..csrss.exe 480 Console 1 4,800 K..winlogon.exe 560 Console 1 13,684 K..services.exe 568 Services 0 11,284 K..lsass.exe 596 Services 0 15,960 K..fontdrvhost.exe 684 Services
                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Voicemod.lnk
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Mar 23 19:54:28 2021, mtime=Tue Mar 23 19:54:28 2021, atime=Wed Mar 10 17:07:14 2021, length=5710480, window=hide
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):968
                                                                                                                                            Entropy (8bit):4.553038600370824
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:8mv32bp7YXPU1hl+YudpF4CRRKAUmQGSu4el4OPjALImbdp3jmTWjORbdp3jml5i:8m+CYudxKAUh64SAZd9xid9F+m
                                                                                                                                            MD5:D5D0DB20866AAA629F21EED6A1430314
                                                                                                                                            SHA1:92AB3A19A8EA810A1ECCB2FA9A6FE9F2E0CD07AB
                                                                                                                                            SHA-256:0D281768ADB52643C1C377543E1424706E99B37EF26E1F1F49CE2090B666D308
                                                                                                                                            SHA-512:1BC38387F6932DD1B1F29E0CFB198F5910AA3EA8063C795D3E5ED6B0963383919BC1CE588AB8FE9B713F692F0C3ACEB765CCB85AAA414ADC9B4B5C459575982F
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: L..................F.... ...rX..& ..HA_.& .....2....."W..........................P.O. .:i.....+00.../C:\.....................1.....wR...PROGRA~1..t......L.wR.....E...............J........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....j.1.....wR...VOICEM~1..R......wR.wR.....7S........................V.o.i.c.e.m.o.d. .D.e.s.k.t.o.p.....t.2.."W.jR. .VOICEM~1.EXE..X......wR.wR......|........................V.o.i.c.e.m.o.d.D.e.s.k.t.o.p...e.x.e.......d...............-.......c............w......C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe..G.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.V.o.i.c.e.m.o.d. .D.e.s.k.t.o.p.\.V.o.i.c.e.m.o.d.D.e.s.k.t.o.p...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.V.o.i.c.e.m.o.d. .D.e.s.k.t.o.p.`.......X.......302494...........!a..%.H.VZAj......-.........-..!a..%.H.VZAj......-.........-.E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............
                                                                                                                                            C:\Users\user\Desktop\cmdline.out
                                                                                                                                            Process:C:\Windows\SysWOW64\wget.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:modified
                                                                                                                                            Size (bytes):103404
                                                                                                                                            Entropy (8bit):2.1939697699379788
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:0PPRpx4EDwo6cQdULQoq7I1DWiLUaYNqEXG7gv0n57:03Rpx4Qwo6RLj8AO7g857
                                                                                                                                            MD5:13B275F308904EA1AD13DF9E5EF80D37
                                                                                                                                            SHA1:95EAAD74CB2B06DC4693BB550D4EA94F83291BE8
                                                                                                                                            SHA-256:38C3493801A5FB59C2AA69CA1824CE06B38C9A8F6C0346A84C8437DF7C3C372D
                                                                                                                                            SHA-512:9468E7DBFAD5081918282730A62305168325CCB9C675BC59060CC421CF402FE03C81537D3CA5DD3A568EF857319F39C5836A4CF7C037F83488F56449E5A9432D
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: --2021-03-23 13:52:38-- https://www.voicemod.net/downloadVoicemod.php..Resolving www.voicemod.net (www.voicemod.net)... 104.22.65.102, 172.67.31.53, 104.22.64.102..Connecting to www.voicemod.net (www.voicemod.net)|104.22.65.102|:443... connected...HTTP request sent, awaiting response... 302 Found..Location: https://www.voicemod.net/b2c/v2/VoicemodSetup_2.8.0.4.exe [following]..--2021-03-23 13:52:38-- https://www.voicemod.net/b2c/v2/VoicemodSetup_2.8.0.4.exe..Reusing existing connection to www.voicemod.net:443...HTTP request sent, awaiting response... 200 OK..Length: 67617568 (64M) [application/x-msdownload]..Saving to: 'C:/Users/user/Desktop/download/VoicemodSetup_2.8.0.4.exe'.... 0K .......... .......... .......... .......... .......... 0% 270K 4m4s.. 50K .......... .......... .......... .......... .......... 0% 800K 2m43s.. 100K .......... .......... .......... .......... .......... 0% 902K 2m13s.. 150K .......... .......... .......... .......... .......... 0% 6
                                                                                                                                            C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exe
                                                                                                                                            Process:C:\Windows\SysWOW64\wget.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):67617568
                                                                                                                                            Entropy (8bit):7.999013509533871
                                                                                                                                            Encrypted:true
                                                                                                                                            SSDEEP:1572864:4OZD5OQFfNDueTAdYwPKplE/J25iJt62mqskLux:4OjOgfwe8dYwPKpcJ3yLqskKx
                                                                                                                                            MD5:8199D89BD279D96152F4ABAC8655F0FF
                                                                                                                                            SHA1:DD6D4CCD3816A59DC6F6B01846D115EF20266F3F
                                                                                                                                            SHA-256:063C56D1BDADA9B648231293A3425648D540E31C16F77D77E3C57A69E6D710EF
                                                                                                                                            SHA-512:7E5A04C6681EC991CA8370597065F587AA10E6C4E16A575BE1A25B10CD6AEBD72228354F3392F5D874BF6E38A6D9009AF996A7B2CD3FDFB6F52DBAABFB2B3E22
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......].................j...........~............@..........................`.......+....@......@...................`.......@.......................................................................................B..@....P.......................text....P.......R.................. ..`.itext..h....p.......V.............. ..`.data....7.......8...n..............@....bss....xg...............................idata.......@......................@....didata......P......................@....edata.......`......................@..@.tls.........p...........................rdata..]...........................@..@.rsrc...............................@..@....................................@..@........................................................
                                                                                                                                            C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):55
                                                                                                                                            Entropy (8bit):4.306461250274409
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                            SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                            SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                            SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                                                                                                            C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
                                                                                                                                            Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:modified
                                                                                                                                            Size (bytes):906
                                                                                                                                            Entropy (8bit):3.146128763971461
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:1A6F1E2441051893856FC60F9D34EB92
                                                                                                                                            SHA1:81916CFC2A32AA41C8C4452FD6B03169A54ED65D
                                                                                                                                            SHA-256:86B309D31836453922D428D0145FD272FDFCDC53F55B057EDE549391E1D863DE
                                                                                                                                            SHA-512:71656EF4D1FAA43C5A5EB451E9A7503DF98FEF7D475D9A8EC76B02D6A149B4DF10698E8C97F3895B22B4D6915D88F39A9CB18DBDB6D09BE0E616450896716B27
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. T.u.e. .. M.a.r. .. 2.3. .. 2.0.2.1. .1.3.:.5.4.:.2.5.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....E.R.R.O.R.:. .M.p.W.D.E.n.a.b.l.e.(.T.R.U.E.). .f.a.i.l.e.d. .(.8.0.0.7.0.4.E.C.).....M.p.C.m.d.R.u.n.:. .E.n.d. .T.i.m.e.:. .. T.u.e. .. M.a.r. .. 2.3. .. 2.0.2.1. .1.3.:.5.4.:.2.5.....-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....
                                                                                                                                            \Device\ConDrv
                                                                                                                                            Process:C:\Windows\System32\curl.exe
                                                                                                                                            File Type:ASCII text, with CRLF, CR, LF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2541
                                                                                                                                            Entropy (8bit):4.919745720266348
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:F8A64D28FA927E493E47B30F60966B52
                                                                                                                                            SHA1:75C57E1A0D4F259711848D39DEF47840793D2162
                                                                                                                                            SHA-256:0A9DB13F62238FD8706182E67D26EEA5FBA429DA608A090DF8BE17FA5608A850
                                                                                                                                            SHA-512:BAD0CCD38C4F5E38A4B0597033AA472453E96C50FE83EB567EDCE62B9C72069D4DC457A0F54811256D7E1C055FA8CF5556D39F2F05199EA00FD0DD6CEA0B5818
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: % Total % Received % Xferd Average Speed Time Time Time Current.. Dload Upload Total Spent Left Speed... 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 18.132.143.45.....* TCP_NODELAY set... 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to wsw.voicemod.net (18.132.143.45) port 443 (#0)..* schannel: SSL/TLS connection with wsw.voicemod.net port 443 (step 1/3)..* schannel: checking server certificate revocation..* schannel: sending initial handshake data: sending 181 bytes.....* schannel: sent initial handshake data: sent 181 bytes..* schannel: SSL/TLS connection with wsw.voicemod.net port 443 (step 2/3)..* schannel: failed to receive handshake, need more data..* schannel: SSL/TLS connection with wsw.voicemod.net port 443 (step 2/3)..* schannel: encrypted data got 3372..* schannel: encrypted data buffer: offset 3372 length 4096..* schannel: sending

                                                                                                                                            Static File Info

                                                                                                                                            No static file info

                                                                                                                                            Network Behavior

                                                                                                                                            No network behavior found

                                                                                                                                            Code Manipulations

                                                                                                                                            Statistics

                                                                                                                                            CPU Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            Memory Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            High Level Behavior Distribution

                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                            Behavior

                                                                                                                                            Click to jump to process

                                                                                                                                            System Behavior

                                                                                                                                            Analysis Process: cmd.exe PID: 4116 Parent PID: 4240

                                                                                                                                            General

                                                                                                                                            Start time:13:52:36
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://www.voicemod.net/downloadVoicemod.php' > cmdline.out 2>&1
                                                                                                                                            Imagebase:0xbd0000
                                                                                                                                            File size:232960 bytes
                                                                                                                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: conhost.exe PID: 1528 Parent PID: 4116

                                                                                                                                            General

                                                                                                                                            Start time:13:52:36
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff6b2800000
                                                                                                                                            File size:625664 bytes
                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: wget.exe PID: 3544 Parent PID: 4116

                                                                                                                                            General

                                                                                                                                            Start time:13:52:37
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\SysWOW64\wget.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://www.voicemod.net/downloadVoicemod.php'
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            File size:3895184 bytes
                                                                                                                                            MD5 hash:3DADB6E2ECE9C4B3E1E322E617658B60
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: VoicemodSetup_2.8.0.4.exe PID: 4876 Parent PID: 5564

                                                                                                                                            General

                                                                                                                                            Start time:13:53:17
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:'C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exe'
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            File size:67617568 bytes
                                                                                                                                            MD5 hash:8199D89BD279D96152F4ABAC8655F0FF
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: svchost.exe PID: 6116 Parent PID: 568

                                                                                                                                            General

                                                                                                                                            Start time:13:53:06
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                            Imagebase:0x7ff7488e0000
                                                                                                                                            File size:51288 bytes
                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: svchost.exe PID: 460 Parent PID: 568

                                                                                                                                            General

                                                                                                                                            Start time:13:53:17
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                                                                                                                            Imagebase:0x7ff7488e0000
                                                                                                                                            File size:51288 bytes
                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: VoicemodSetup_2.8.0.4.tmp PID: 3096 Parent PID: 4876

                                                                                                                                            General

                                                                                                                                            Start time:13:53:18
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:'C:\Users\user\AppData\Local\Temp\is-S9PGH.tmp\VoicemodSetup_2.8.0.4.tmp' /SL5='$50230,66830058,819200,C:\Users\user\Desktop\download\VoicemodSetup_2.8.0.4.exe'
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            File size:2644104 bytes
                                                                                                                                            MD5 hash:E34D411292EEAD40863949B1E6A88A7D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: svchost.exe PID: 1708 Parent PID: 568

                                                                                                                                            General

                                                                                                                                            Start time:13:53:18
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:c:\windows\system32\svchost.exe -k unistacksvcgroup
                                                                                                                                            Imagebase:0x7ff7488e0000
                                                                                                                                            File size:51288 bytes
                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: svchost.exe PID: 5632 Parent PID: 568

                                                                                                                                            General

                                                                                                                                            Start time:13:53:19
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
                                                                                                                                            Imagebase:0x7ff7488e0000
                                                                                                                                            File size:51288 bytes
                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: svchost.exe PID: 3396 Parent PID: 568

                                                                                                                                            General

                                                                                                                                            Start time:13:53:20
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
                                                                                                                                            Imagebase:0x7ff7488e0000
                                                                                                                                            File size:51288 bytes
                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: svchost.exe PID: 5872 Parent PID: 568

                                                                                                                                            General

                                                                                                                                            Start time:13:53:21
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p
                                                                                                                                            Imagebase:0x7ff7488e0000
                                                                                                                                            File size:51288 bytes
                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: SgrmBroker.exe PID: 3864 Parent PID: 568

                                                                                                                                            General

                                                                                                                                            Start time:13:53:21
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\SgrmBroker.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\SgrmBroker.exe
                                                                                                                                            Imagebase:0x7ff652820000
                                                                                                                                            File size:163336 bytes
                                                                                                                                            MD5 hash:D3170A3F3A9626597EEE1888686E3EA6
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: svchost.exe PID: 2420 Parent PID: 568

                                                                                                                                            General

                                                                                                                                            Start time:13:53:22
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
                                                                                                                                            Imagebase:0x7ff7488e0000
                                                                                                                                            File size:51288 bytes
                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: curl.exe PID: 4580 Parent PID: 3096

                                                                                                                                            General

                                                                                                                                            Start time:13:53:23
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\curl.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:'C:\Windows\system32\curl.exe' -v https://wsw.voicemod.net/api.windows/v2/webutils/getAnonymousId/?initialUuid=d06ed635-68f6-4e9a-955c-4899f5f57b9a -o C:\Users\user\AppData\Local\Temp\is-LK17V.tmp\deviceId.txt
                                                                                                                                            Imagebase:0x7ff7002b0000
                                                                                                                                            File size:424448 bytes
                                                                                                                                            MD5 hash:BDEBD2FC4927DA00EEA263AF9CF8F7ED
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: conhost.exe PID: 6072 Parent PID: 4580

                                                                                                                                            General

                                                                                                                                            Start time:13:53:23
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff6b2800000
                                                                                                                                            File size:625664 bytes
                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: cmd.exe PID: 204 Parent PID: 3096

                                                                                                                                            General

                                                                                                                                            Start time:13:53:25
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:'C:\Windows\system32\cmd.exe' /C tasklist > C:\Users\user\AppData\Local\Temp\\tasklist_unins000.exe.txt
                                                                                                                                            Imagebase:0x7ff64f870000
                                                                                                                                            File size:273920 bytes
                                                                                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: conhost.exe PID: 5780 Parent PID: 204

                                                                                                                                            General

                                                                                                                                            Start time:13:53:26
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff6b2800000
                                                                                                                                            File size:625664 bytes
                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: tasklist.exe PID: 1752 Parent PID: 204

                                                                                                                                            General

                                                                                                                                            Start time:13:53:27
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:tasklist
                                                                                                                                            Imagebase:0x7ff7a8c30000
                                                                                                                                            File size:100352 bytes
                                                                                                                                            MD5 hash:B12E0F9C42075B4B7AD01D0B6A48485D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: cmd.exe PID: 4244 Parent PID: 3096

                                                                                                                                            General

                                                                                                                                            Start time:13:53:29
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:'C:\Windows\system32\cmd.exe' /C tasklist > C:\Users\user\AppData\Local\Temp\\tasklist_VoicemodDesktop.exe.txt
                                                                                                                                            Imagebase:0x7ff64f870000
                                                                                                                                            File size:273920 bytes
                                                                                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: conhost.exe PID: 4260 Parent PID: 4244

                                                                                                                                            General

                                                                                                                                            Start time:13:53:30
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff6b2800000
                                                                                                                                            File size:625664 bytes
                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: tasklist.exe PID: 5228 Parent PID: 4244

                                                                                                                                            General

                                                                                                                                            Start time:13:53:30
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:tasklist
                                                                                                                                            Imagebase:0x7ff7a8c30000
                                                                                                                                            File size:100352 bytes
                                                                                                                                            MD5 hash:B12E0F9C42075B4B7AD01D0B6A48485D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: MpCmdRun.exe PID: 484 Parent PID: 2420

                                                                                                                                            General

                                                                                                                                            Start time:13:54:24
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable
                                                                                                                                            Imagebase:0x7ff793d40000
                                                                                                                                            File size:455656 bytes
                                                                                                                                            MD5 hash:A267555174BFA53844371226F482B86B
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: conhost.exe PID: 5744 Parent PID: 484

                                                                                                                                            General

                                                                                                                                            Start time:13:54:25
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff6b2800000
                                                                                                                                            File size:625664 bytes
                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: SaveDefaultDevices.exe PID: 5604 Parent PID: 3096

                                                                                                                                            General

                                                                                                                                            Start time:13:54:31
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:'C:\Program Files\Voicemod Desktop\driver\SaveDefaultDevices.exe' defaultdevices.txt
                                                                                                                                            Imagebase:0x7ff7f8830000
                                                                                                                                            File size:153032 bytes
                                                                                                                                            MD5 hash:CE0E059D4365C22F6F8CC1CE04FF5418
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: conhost.exe PID: 5816 Parent PID: 5604

                                                                                                                                            General

                                                                                                                                            Start time:13:54:31
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff6b2800000
                                                                                                                                            File size:625664 bytes
                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: cmd.exe PID: 5764 Parent PID: 3096

                                                                                                                                            General

                                                                                                                                            Start time:13:54:33
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:'C:\Windows\system32\cmd.exe' /C ''C:\Program Files\Voicemod Desktop\driver\setupDrv.bat''
                                                                                                                                            Imagebase:0x7ff64f870000
                                                                                                                                            File size:273920 bytes
                                                                                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: conhost.exe PID: 5380 Parent PID: 5764

                                                                                                                                            General

                                                                                                                                            Start time:13:54:33
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff6b2800000
                                                                                                                                            File size:625664 bytes
                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: net.exe PID: 5044 Parent PID: 5764

                                                                                                                                            General

                                                                                                                                            Start time:13:54:34
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\net.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:net stop audiosrv /y
                                                                                                                                            Imagebase:0x7ff7f3b50000
                                                                                                                                            File size:56832 bytes
                                                                                                                                            MD5 hash:15534275EDAABC58159DD0F8607A71E5
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: net1.exe PID: 5152 Parent PID: 5044

                                                                                                                                            General

                                                                                                                                            Start time:13:54:34
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\net1.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\net1 stop audiosrv /y
                                                                                                                                            Imagebase:0x7ff661480000
                                                                                                                                            File size:175104 bytes
                                                                                                                                            MD5 hash:AF569DE92AB6C1B9C681AF1E799F9983
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: svchost.exe PID: 1844 Parent PID: 568

                                                                                                                                            General

                                                                                                                                            Start time:13:54:35
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                            Imagebase:0x7ff7488e0000
                                                                                                                                            File size:51288 bytes
                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Analysis Process: net.exe PID: 5364 Parent PID: 5764

                                                                                                                                            General

                                                                                                                                            Start time:13:54:38
                                                                                                                                            Start date:23/03/2021
                                                                                                                                            Path:C:\Windows\System32\net.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:net stop AudioEndpointBuilder /y
                                                                                                                                            Imagebase:0x7ff7f3b50000
                                                                                                                                            File size:56832 bytes
                                                                                                                                            MD5 hash:15534275EDAABC58159DD0F8607A71E5
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Chronological Activities

                                                                                                                                            Disassembly

                                                                                                                                            Code Analysis

                                                                                                                                            Reset < >

                                                                                                                                              Analysis Process: VoicemodSetup_2.8.0.4.exe PID: 4876 Parent PID: 5564 VoicemodSetup_2.8.0.4.exeCOMMON

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:3.9%
                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                              Signature Coverage:12%
                                                                                                                                              Total number of Nodes:836
                                                                                                                                              Total number of Limit Nodes:33

                                                                                                                                              Graph

                                                                                                                                              execution_graph 29047 420060 29062 407e1c 29047->29062 29051 420098 29052 4200a4 GetFileVersionInfoSizeW 29051->29052 29053 42014a 29052->29053 29056 4200b4 29052->29056 29071 4079f4 29053->29071 29057 4200dd GetFileVersionInfoW 29056->29057 29058 4200e7 VerQueryValueW 29057->29058 29059 420101 29057->29059 29058->29059 29070 40540c 11 API calls 29059->29070 29061 420142 29064 407e20 29062->29064 29063 407e44 29066 407f84 29063->29066 29064->29063 29075 40540c 11 API calls 29064->29075 29067 407eec 29066->29067 29068 407f27 29067->29068 29076 40540c 11 API calls 29067->29076 29068->29051 29070->29061 29072 407a15 29071->29072 29073 4079fa 29071->29073 29073->29072 29077 40540c 11 API calls 29073->29077 29075->29063 29076->29068 29077->29072 29078 407854 29081 407724 29078->29081 29082 40773a 29081->29082 29083 40774b 29081->29083 29096 40768c GetStdHandle WriteFile GetStdHandle WriteFile 29082->29096 29084 407754 GetCurrentThreadId 29083->29084 29086 407761 29083->29086 29084->29086 29089 4077d0 29086->29089 29097 405494 11 API calls 29086->29097 29087 407744 29087->29083 29092 4077fb FreeLibrary 29089->29092 29095 407801 29089->29095 29090 4077b8 29090->29089 29098 405494 11 API calls 29090->29098 29092->29095 29093 40783a 29094 407832 ExitProcess 29095->29093 29095->29094 29096->29087 29097->29090 29098->29090 29099 40ce54 29100 40cec2 29099->29100 29101 40ce6d 29099->29101 29117 40580c 11 API calls 29101->29117 29103 40ce77 29118 40580c 11 API calls 29103->29118 29105 40ce81 29119 40580c 11 API calls 29105->29119 29107 40ce8b 29120 40a6b4 DeleteCriticalSection 29107->29120 29109 40ce90 29110 40cea3 29109->29110 29121 40426c 29109->29121 29141 40c50c 21 API calls 29110->29141 29113 40cead 29142 405384 29113->29142 29117->29103 29118->29105 29119->29107 29120->29109 29122 404281 29121->29122 29123 404364 29121->29123 29125 404287 29122->29125 29128 4042fe Sleep 29122->29128 29124 403cf8 29123->29124 29123->29125 29126 40445e 29124->29126 29152 403c48 29124->29152 29127 404290 29125->29127 29131 404342 Sleep 29125->29131 29133 404379 29125->29133 29126->29110 29127->29110 29128->29125 29130 404318 Sleep 29128->29130 29130->29122 29131->29133 29134 404358 Sleep 29131->29134 29139 4043f8 VirtualFree 29133->29139 29140 40439c 29133->29140 29134->29125 29135 403d39 29137 403d30 29135->29137 29138 403d42 VirtualQuery VirtualFree 29135->29138 29136 403d1f VirtualFree 29136->29137 29137->29110 29138->29135 29138->29137 29139->29110 29140->29110 29141->29113 29143 40538d CloseHandle 29142->29143 29144 40539f 29142->29144 29143->29144 29145 4053ad 29144->29145 29163 404d58 10 API calls 29144->29163 29147 4053b6 VirtualFree 29145->29147 29148 4053cf 29145->29148 29147->29148 29157 4052d4 29148->29157 29151 408d1c 27 API calls 29151->29100 29153 403c90 29152->29153 29154 403c51 29152->29154 29153->29135 29153->29136 29154->29153 29155 403c5c Sleep 29154->29155 29155->29153 29156 403c76 Sleep 29155->29156 29156->29154 29158 4052f9 29157->29158 29159 4052e7 VirtualFree 29158->29159 29160 4052fd 29158->29160 29159->29158 29161 405363 VirtualFree 29160->29161 29162 405379 29160->29162 29161->29160 29162->29151 29163->29145 29164 40a364 29165 40a391 29164->29165 29166 40a372 29164->29166 29166->29165 29169 40a31c 29166->29169 29170 40a348 29169->29170 29171 40a32c GetModuleFileNameW 29169->29171 29173 40b5a8 GetModuleFileNameW 29171->29173 29174 40b5f6 29173->29174 29183 40b484 29174->29183 29176 40b622 29177 40b63c 29176->29177 29178 40b634 LoadLibraryExW 29176->29178 29209 407a54 29177->29209 29178->29177 29181 4079f4 11 API calls 29182 40b661 29181->29182 29182->29170 29184 40b4a5 29183->29184 29185 4079f4 11 API calls 29184->29185 29186 40b4c2 29185->29186 29187 407e1c 11 API calls 29186->29187 29200 40b52d 29186->29200 29189 40b4d7 29187->29189 29188 407a54 11 API calls 29190 40b59a 29188->29190 29191 40b508 29189->29191 29278 40888c 29189->29278 29190->29176 29213 40b1a8 29191->29213 29195 40b520 29197 40b2d4 13 API calls 29195->29197 29196 40b52f GetUserDefaultUILanguage 29221 40ab58 EnterCriticalSection 29196->29221 29197->29200 29200->29188 29203 40b571 29203->29200 29260 40b3b8 29203->29260 29204 40b557 GetSystemDefaultUILanguage 29205 40ab58 28 API calls 29204->29205 29207 40b564 29205->29207 29208 40b2d4 13 API calls 29207->29208 29208->29203 29211 407a5a 29209->29211 29210 407a80 29210->29181 29211->29210 29367 40540c 11 API calls 29211->29367 29214 40b1ca 29213->29214 29218 40b1dc 29213->29218 29282 40ae8c 29214->29282 29216 40b1d4 29306 40b20c 18 API calls 29216->29306 29219 4079f4 11 API calls 29218->29219 29220 40b1fe 29219->29220 29220->29195 29220->29196 29222 40aba4 LeaveCriticalSection 29221->29222 29223 40ab84 29221->29223 29224 4079f4 11 API calls 29222->29224 29225 40ab95 LeaveCriticalSection 29223->29225 29226 40abb5 IsValidLocale 29224->29226 29227 40ac46 29225->29227 29228 40ac13 EnterCriticalSection 29226->29228 29229 40abc4 29226->29229 29234 4079f4 11 API calls 29227->29234 29230 40ac2b 29228->29230 29231 40abd8 29229->29231 29232 40abcd 29229->29232 29240 40ac3c LeaveCriticalSection 29230->29240 29310 40a840 14 API calls 29231->29310 29309 40aa3c 17 API calls 29232->29309 29237 40ac5b 29234->29237 29236 40abe1 GetSystemDefaultUILanguage 29236->29228 29239 40abeb 29236->29239 29246 40b2d4 29237->29246 29238 40abd6 29238->29228 29241 40abfc GetSystemDefaultUILanguage 29239->29241 29311 4086c4 29239->29311 29240->29227 29323 40a840 14 API calls 29241->29323 29244 40ac09 29245 4086c4 11 API calls 29244->29245 29245->29228 29247 40b2f3 29246->29247 29248 4079f4 11 API calls 29247->29248 29256 40b311 29248->29256 29249 40b37f 29250 4079f4 11 API calls 29249->29250 29251 40b387 29250->29251 29252 4079f4 11 API calls 29251->29252 29253 40b39c 29252->29253 29255 407a54 11 API calls 29253->29255 29254 40888c 11 API calls 29254->29256 29257 40b3a9 29255->29257 29256->29249 29256->29251 29256->29254 29337 40871c 29256->29337 29348 40b268 29256->29348 29257->29203 29257->29204 29361 407ad8 29260->29361 29263 40b408 29264 40871c 11 API calls 29263->29264 29265 40b415 29264->29265 29266 40b268 13 API calls 29265->29266 29268 40b41c 29266->29268 29267 40b455 29269 407a54 11 API calls 29267->29269 29268->29267 29270 40871c 11 API calls 29268->29270 29271 40b46f 29269->29271 29272 40b443 29270->29272 29273 4079f4 11 API calls 29271->29273 29274 40b268 13 API calls 29272->29274 29275 40b477 29273->29275 29276 40b44a 29274->29276 29275->29200 29276->29267 29277 4079f4 11 API calls 29276->29277 29277->29267 29279 408897 29278->29279 29363 407b7c 29279->29363 29283 40aea3 29282->29283 29284 40aeb7 GetModuleFileNameW 29283->29284 29285 40aecc 29283->29285 29284->29285 29286 40aef4 RegOpenKeyExW 29285->29286 29287 40b09b 29285->29287 29288 40afb5 29286->29288 29289 40af1b RegOpenKeyExW 29286->29289 29291 4079f4 11 API calls 29287->29291 29307 40ac9c 7 API calls 29288->29307 29289->29288 29292 40af39 RegOpenKeyExW 29289->29292 29294 40b0b0 29291->29294 29292->29288 29295 40af57 RegOpenKeyExW 29292->29295 29293 40afd3 RegQueryValueExW 29296 40aff1 29293->29296 29297 40b024 RegQueryValueExW 29293->29297 29294->29216 29295->29288 29298 40af75 RegOpenKeyExW 29295->29298 29301 40aff9 RegQueryValueExW 29296->29301 29300 40b040 29297->29300 29303 40b022 29297->29303 29298->29288 29299 40af93 RegOpenKeyExW 29298->29299 29299->29287 29299->29288 29304 40b048 RegQueryValueExW 29300->29304 29301->29303 29302 40b08a RegCloseKey 29302->29216 29303->29302 29308 40540c 11 API calls 29303->29308 29304->29303 29306->29218 29307->29293 29308->29302 29309->29238 29310->29236 29312 408713 29311->29312 29313 4086c8 29311->29313 29312->29241 29314 4086d2 29313->29314 29315 407dd4 29313->29315 29314->29312 29316 408708 29314->29316 29317 4086ed 29314->29317 29318 407e18 29315->29318 29324 40540c 11 API calls 29315->29324 29320 408644 11 API calls 29316->29320 29325 408644 29317->29325 29318->29241 29322 4086f2 29320->29322 29322->29241 29323->29244 29324->29318 29326 40868f 29325->29326 29328 408651 29325->29328 29327 407a18 11 API calls 29326->29327 29331 40868c 29327->29331 29328->29326 29329 408669 29328->29329 29329->29331 29332 407a18 29329->29332 29331->29322 29333 407a39 29332->29333 29334 407a1e 29332->29334 29333->29331 29334->29333 29336 40540c 11 API calls 29334->29336 29336->29333 29338 408720 29337->29338 29342 40878e 29337->29342 29339 408728 29338->29339 29344 407dd4 29338->29344 29339->29342 29345 408737 29339->29345 29356 407dd4 29339->29356 29340 407e18 29340->29256 29342->29342 29344->29340 29355 40540c 11 API calls 29344->29355 29345->29342 29346 407dd4 11 API calls 29345->29346 29347 40878a 29346->29347 29347->29256 29349 40b27d 29348->29349 29350 40b29a FindFirstFileW 29349->29350 29351 40b2b0 29350->29351 29352 40b2aa FindClose 29350->29352 29353 4079f4 11 API calls 29351->29353 29352->29351 29354 40b2c5 29353->29354 29354->29256 29355->29340 29359 407dd8 29356->29359 29357 407e18 29357->29345 29359->29357 29360 40540c 11 API calls 29359->29360 29360->29357 29362 407adc GetUserDefaultUILanguage GetLocaleInfoW 29361->29362 29362->29263 29364 407b8c 29363->29364 29365 407a18 11 API calls 29364->29365 29366 407ba6 29365->29366 29366->29191 29367->29211 29368 4a80cc 29369 4a80f1 29368->29369 29414 4a138c 29369->29414 29372 4a811b 29375 4a8174 29372->29375 29503 426dfc 11 API calls 29372->29503 29373 4a80ff 29419 4a1754 29373->29419 29430 4056b0 QueryPerformanceCounter 29375->29430 29377 4a810f 29383 4a84cc 29377->29383 29495 4a0ecc 29377->29495 29378 4a8179 29433 4a0d04 29378->29433 29382 4a8150 29388 4a8158 MessageBoxW 29382->29388 29386 4a84e5 29383->29386 29394 4a84df RemoveDirectoryW 29383->29394 29384 407dd4 11 API calls 29387 4a818e 29384->29387 29390 4a84f9 29386->29390 29391 4a84ee DestroyWindow 29386->29391 29452 422848 29387->29452 29388->29375 29393 4a8165 29388->29393 29392 4a8522 29390->29392 29506 408dac 27 API calls 29390->29506 29391->29390 29504 41f358 75 API calls 29393->29504 29394->29386 29399 4a8518 29507 40540c 11 API calls 29399->29507 29403 4a81bc 29404 40871c 11 API calls 29403->29404 29405 4a81ca 29404->29405 29406 407dd4 11 API calls 29405->29406 29407 4a81da 29406->29407 29475 423bf4 29407->29475 29409 4a8219 29481 42463c 29409->29481 29411 4a827b 29505 424918 105 API calls 29411->29505 29413 4a82a2 29508 4a0f5c 29414->29508 29420 4a1784 29419->29420 29421 4a1775 29419->29421 29423 4079f4 11 API calls 29420->29423 29422 407e1c 11 API calls 29421->29422 29424 4a1782 29422->29424 29423->29424 29527 4087a4 29424->29527 29426 4a17ac 29427 4a17bb MessageBoxW 29426->29427 29428 407a54 11 API calls 29427->29428 29429 4a17dd 29428->29429 29429->29377 29431 4056bd GetTickCount 29430->29431 29432 4056cb 29430->29432 29431->29432 29432->29378 29446 4a0d0c 29433->29446 29436 4a0d4b CreateDirectoryW 29437 4a0dc7 29436->29437 29438 4a0d55 GetLastError 29436->29438 29439 407dd4 11 API calls 29437->29439 29438->29446 29441 4a0dd1 29439->29441 29442 407a54 11 API calls 29441->29442 29443 4a0deb 29442->29443 29445 407a54 11 API calls 29443->29445 29447 4a0df8 29445->29447 29446->29436 29533 422c64 29446->29533 29558 4a0be8 29446->29558 29578 426dfc 11 API calls 29446->29578 29579 419f38 11 API calls 29446->29579 29580 4231e0 FormatMessageW 29446->29580 29584 426dcc 11 API calls 29446->29584 29585 41f384 11 API calls 29446->29585 29586 4070f0 11 API calls 29446->29586 29447->29384 29453 422858 29452->29453 29454 40888c 11 API calls 29453->29454 29455 42286a 29454->29455 29456 4225bc 29455->29456 29457 4225e6 29456->29457 29458 4225fa 29457->29458 29459 4225ec 29457->29459 29461 40888c 11 API calls 29458->29461 29460 40871c 11 API calls 29459->29460 29462 4225f8 29460->29462 29463 42260d 29461->29463 29465 4079f4 11 API calls 29462->29465 29464 40871c 11 API calls 29463->29464 29464->29462 29466 42262f 29465->29466 29467 422554 29466->29467 29468 422582 29467->29468 29471 42255e 29467->29471 29469 407dd4 11 API calls 29468->29469 29470 42258b 29469->29470 29470->29403 29471->29468 29472 422571 29471->29472 29473 40871c 11 API calls 29472->29473 29474 42257f 29473->29474 29474->29403 29476 423bfe 29475->29476 29661 423c9c 29476->29661 29477 423c2d 29478 423c43 29477->29478 29664 423ba0 106 API calls 29477->29664 29478->29409 29482 424649 29481->29482 29486 4246a2 29482->29486 29667 41f384 11 API calls 29482->29667 29484 42469d 29668 4070f0 11 API calls 29484->29668 29490 4246ca 29486->29490 29669 41f384 11 API calls 29486->29669 29488 4246c5 29670 4070f0 11 API calls 29488->29670 29493 42470d 29490->29493 29671 41f384 11 API calls 29490->29671 29492 424708 29672 4070f0 11 API calls 29492->29672 29493->29411 29496 4a0f26 29495->29496 29498 4a0edf 29495->29498 29496->29383 29497 4a0ee7 Sleep 29497->29498 29498->29496 29498->29497 29499 4a0ef7 Sleep 29498->29499 29501 4a0f0e GetLastError 29498->29501 29673 427040 29498->29673 29499->29498 29501->29496 29502 4a0f18 GetLastError 29501->29502 29502->29496 29502->29498 29503->29382 29505->29413 29506->29399 29507->29392 29514 4a0f7b 29508->29514 29509 4a0fb1 29511 4a0fbe GetUserDefaultLangID 29509->29511 29515 4a0fb3 29509->29515 29510 4a0fb5 29524 422f10 55 API calls 29510->29524 29511->29515 29513 4a0fba 29513->29515 29514->29509 29514->29510 29516 4a0f8f 29514->29516 29515->29516 29517 4a0f30 GetLocaleInfoW 29515->29517 29518 4a1320 29516->29518 29517->29515 29519 4a1328 29518->29519 29520 4a1363 29518->29520 29519->29520 29525 407f30 11 API calls 29519->29525 29520->29372 29520->29373 29522 4a1349 29526 426ef0 11 API calls 29522->29526 29524->29513 29525->29522 29526->29520 29528 4087ba 29527->29528 29529 408644 11 API calls 29528->29529 29530 4087f5 29528->29530 29531 40883f 29528->29531 29529->29530 29530->29531 29532 407dd4 11 API calls 29530->29532 29532->29531 29587 422984 29533->29587 29536 422c94 29538 422984 12 API calls 29536->29538 29541 422ce1 29536->29541 29539 422ca4 29538->29539 29540 422cb0 29539->29540 29542 422960 12 API calls 29539->29542 29540->29541 29607 42004c 47 API calls 29540->29607 29595 422798 29541->29595 29542->29540 29546 422554 11 API calls 29549 422cf6 29546->29549 29547 422cd6 29547->29541 29608 422c0c GetWindowsDirectoryW 29547->29608 29548 422cb9 29548->29547 29550 422984 12 API calls 29548->29550 29552 407dd4 11 API calls 29549->29552 29553 422cca 29550->29553 29554 422d00 29552->29554 29553->29547 29556 422960 12 API calls 29553->29556 29555 407a54 11 API calls 29554->29555 29557 422d1a 29555->29557 29556->29547 29557->29446 29559 4a0c0c 29558->29559 29560 422554 11 API calls 29559->29560 29561 4a0c25 29560->29561 29562 407e1c 11 API calls 29561->29562 29569 4a0c30 29562->29569 29563 4228a0 11 API calls 29563->29569 29565 4087a4 11 API calls 29565->29569 29569->29563 29569->29565 29570 4a0cac 29569->29570 29623 4a0b70 29569->29623 29631 4270b8 29569->29631 29639 426dfc 11 API calls 29569->29639 29640 41f384 11 API calls 29569->29640 29641 4070f0 11 API calls 29569->29641 29572 407dd4 11 API calls 29570->29572 29573 4a0cb7 29572->29573 29574 407a54 11 API calls 29573->29574 29575 4a0cd1 29574->29575 29576 407a54 11 API calls 29575->29576 29577 4a0cde 29576->29577 29577->29446 29578->29446 29579->29446 29581 423206 29580->29581 29582 407b7c 11 API calls 29581->29582 29583 423226 29582->29583 29583->29446 29584->29446 29585->29446 29588 408644 11 API calls 29587->29588 29589 422997 29588->29589 29590 4229b2 GetEnvironmentVariableW 29589->29590 29594 4229c5 29589->29594 29609 422d78 11 API calls 29589->29609 29590->29589 29591 4229be 29590->29591 29592 4079f4 11 API calls 29591->29592 29592->29594 29594->29536 29604 422960 29594->29604 29596 4227a1 29595->29596 29596->29596 29597 4227c8 GetFullPathNameW 29596->29597 29598 4227d4 29597->29598 29599 4227eb 29597->29599 29598->29599 29600 4227dc 29598->29600 29601 407dd4 11 API calls 29599->29601 29602 407b7c 11 API calls 29600->29602 29603 4227e9 29601->29603 29602->29603 29603->29546 29610 42290c 29604->29610 29607->29548 29608->29541 29609->29589 29616 4228a0 29610->29616 29612 42292c 29613 422934 GetFileAttributesW 29612->29613 29614 4079f4 11 API calls 29613->29614 29615 422951 29614->29615 29615->29536 29617 4228b1 29616->29617 29618 4228f7 29617->29618 29619 4228ec 29617->29619 29621 40888c 11 API calls 29618->29621 29620 407dd4 11 API calls 29619->29620 29622 4228f5 29620->29622 29621->29622 29622->29612 29624 4079f4 11 API calls 29623->29624 29626 4a0b91 29624->29626 29628 4a0bc2 29626->29628 29642 4084f0 29626->29642 29645 408930 29626->29645 29629 4079f4 11 API calls 29628->29629 29630 4a0bd7 29629->29630 29630->29569 29649 426ff4 29631->29649 29633 4270ce 29634 4270d2 29633->29634 29655 422974 29633->29655 29634->29569 29639->29569 29640->29569 29643 407b7c 11 API calls 29642->29643 29644 4084fd 29643->29644 29644->29626 29646 408945 29645->29646 29647 408644 11 API calls 29646->29647 29648 40899a 29646->29648 29647->29648 29648->29626 29650 427002 29649->29650 29651 426ffe 29649->29651 29652 427024 SetLastError 29650->29652 29653 42700b Wow64DisableWow64FsRedirection 29650->29653 29651->29633 29654 42701f 29652->29654 29653->29654 29654->29633 29656 42290c 12 API calls 29655->29656 29657 42297e GetLastError 29656->29657 29658 427030 29657->29658 29659 427035 Wow64RevertWow64FsRedirection 29658->29659 29660 42703f 29658->29660 29659->29660 29660->29569 29665 4084c8 29661->29665 29663 423cd8 CreateFileW 29663->29477 29664->29478 29666 4084ce 29665->29666 29666->29663 29667->29484 29669->29488 29671->29492 29674 426ff4 2 API calls 29673->29674 29675 427056 29674->29675 29676 42705a 29675->29676 29677 427076 DeleteFileW GetLastError 29675->29677 29676->29498 29678 427030 Wow64RevertWow64FsRedirection 29677->29678 29679 42709c 29678->29679 29679->29498 29680 403ee8 29681 403f00 29680->29681 29682 404148 29680->29682 29692 403f12 29681->29692 29694 403f9d Sleep 29681->29694 29683 404260 29682->29683 29684 40410c 29682->29684 29685 403c94 VirtualAlloc 29683->29685 29686 404269 29683->29686 29693 404126 Sleep 29684->29693 29695 404166 29684->29695 29688 403ccf 29685->29688 29689 403cbf 29685->29689 29687 403f21 29690 403c48 2 API calls 29689->29690 29690->29688 29691 404000 29703 40400c 29691->29703 29704 403bcc 29691->29704 29692->29687 29692->29691 29698 403fe1 Sleep 29692->29698 29693->29695 29696 40413c Sleep 29693->29696 29694->29692 29697 403fb3 Sleep 29694->29697 29699 403bcc VirtualAlloc 29695->29699 29700 404184 29695->29700 29696->29684 29697->29681 29698->29691 29702 403ff7 Sleep 29698->29702 29699->29700 29702->29692 29708 403b60 29704->29708 29706 403bd5 VirtualAlloc 29707 403bec 29706->29707 29707->29703 29709 403b00 29708->29709 29709->29706 29710 4a8383 29711 4a83b3 29710->29711 29734 40e748 29711->29734 29713 4a83ec SetWindowLongW 29738 41a99c 29713->29738 29718 4087a4 11 API calls 29719 4a846e 29718->29719 29746 4a143c 29719->29746 29722 4a1320 11 API calls 29724 4a8493 29722->29724 29723 4a84cc 29726 4a84e5 29723->29726 29729 4a84df RemoveDirectoryW 29723->29729 29724->29723 29725 4a0ecc 9 API calls 29724->29725 29725->29723 29727 4a84f9 29726->29727 29728 4a84ee DestroyWindow 29726->29728 29733 4a8522 29727->29733 29761 408dac 27 API calls 29727->29761 29728->29727 29729->29726 29731 4a8518 29762 40540c 11 API calls 29731->29762 29763 405720 29734->29763 29736 40e75b CreateWindowExW 29737 40e795 29736->29737 29737->29713 29764 41a9c4 29738->29764 29741 422ab8 GetCommandLineW 29782 422a28 29741->29782 29743 422adb 29744 4079f4 11 API calls 29743->29744 29745 422af9 29744->29745 29745->29718 29747 4087a4 11 API calls 29746->29747 29748 4a1477 29747->29748 29749 4a14a9 CreateProcessW 29748->29749 29750 4a14bc CloseHandle 29749->29750 29751 4a14b5 29749->29751 29753 4a14c5 29750->29753 29801 4a1064 13 API calls 29751->29801 29797 4a1410 29753->29797 29756 4a14e3 29757 4a1410 3 API calls 29756->29757 29758 4a14e8 GetExitCodeProcess CloseHandle 29757->29758 29759 4079f4 11 API calls 29758->29759 29760 4a1510 29759->29760 29760->29722 29760->29724 29761->29731 29762->29733 29763->29736 29767 41a9dc 29764->29767 29768 41a9e5 29767->29768 29770 41aa45 29768->29770 29780 41a914 104 API calls 29768->29780 29771 41aab8 29770->29771 29779 41aa62 29770->29779 29772 407b7c 11 API calls 29771->29772 29774 41a9bc 29772->29774 29773 41aaac 29775 408644 11 API calls 29773->29775 29774->29741 29775->29774 29776 4079f4 11 API calls 29776->29779 29777 408644 11 API calls 29777->29779 29779->29773 29779->29776 29779->29777 29781 41a914 104 API calls 29779->29781 29780->29770 29781->29779 29783 422a53 29782->29783 29784 407b7c 11 API calls 29783->29784 29785 422a60 29784->29785 29792 407f74 29785->29792 29787 422a68 29788 407dd4 11 API calls 29787->29788 29789 422a80 29788->29789 29790 4079f4 11 API calls 29789->29790 29791 422aa8 29790->29791 29791->29743 29793 407eec 29792->29793 29794 407f27 29793->29794 29796 40540c 11 API calls 29793->29796 29794->29787 29796->29794 29798 4a1424 PeekMessageW 29797->29798 29799 4a1418 TranslateMessage DispatchMessageW 29798->29799 29800 4a1436 MsgWaitForMultipleObjects 29798->29800 29799->29798 29800->29753 29800->29756 29801->29750 29802 4a7ed0 29829 40d508 GetModuleHandleW 29802->29829 29811 407dd4 11 API calls 29812 4a7f42 29811->29812 29813 423bf4 107 API calls 29812->29813 29814 4a7f5a 29813->29814 29861 4a1700 FindResourceW 29814->29861 29817 4a7fcf 29874 423bb4 29817->29874 29818 4a7f72 29818->29817 29896 4a1544 11 API calls 29818->29896 29820 4a7ff5 29821 4a8011 29820->29821 29897 4a1544 11 API calls 29820->29897 29823 42463c 11 API calls 29821->29823 29824 4a8037 29823->29824 29878 425bcc 29824->29878 29826 4a8062 29827 4a80ad 29826->29827 29828 425bcc 105 API calls 29826->29828 29828->29826 29830 40d543 29829->29830 29898 407458 29830->29898 29833 4a162c GetSystemInfo VirtualQuery 29834 4a16f7 29833->29834 29837 4a1658 29833->29837 29839 4a1188 29834->29839 29835 4a16d7 VirtualQuery 29835->29834 29835->29837 29836 4a1688 VirtualProtect 29836->29837 29837->29834 29837->29835 29837->29836 29838 4a16c1 VirtualProtect 29837->29838 29838->29835 30071 422b08 GetCommandLineW 29839->30071 29841 4a1271 29842 407a54 11 API calls 29841->29842 29843 4a128b 29842->29843 29847 422b68 29843->29847 29844 422b68 13 API calls 29845 4a11a6 29844->29845 29845->29841 29845->29844 29846 40888c 11 API calls 29845->29846 29846->29845 29848 422bb3 GetCommandLineW 29847->29848 29849 422b8f GetModuleFileNameW 29847->29849 29856 422bba 29848->29856 29850 407b7c 11 API calls 29849->29850 29852 422bb1 29850->29852 29851 422bc0 29854 4079f4 11 API calls 29851->29854 29853 422be7 29852->29853 29857 4079f4 11 API calls 29853->29857 29858 422bc8 29854->29858 29855 422a28 11 API calls 29855->29856 29856->29851 29856->29855 29856->29858 29859 422bfc 29857->29859 29860 407dd4 11 API calls 29858->29860 29859->29811 29860->29853 29862 4a171a SizeofResource 29861->29862 29863 4a1715 29861->29863 29865 4a172c LoadResource 29862->29865 29866 4a1727 29862->29866 30078 4a1544 11 API calls 29863->30078 29868 4a173a 29865->29868 29869 4a173f LockResource 29865->29869 30079 4a1544 11 API calls 29866->30079 30080 4a1544 11 API calls 29868->30080 29870 4a174b 29869->29870 29871 4a1750 29869->29871 30081 4a1544 11 API calls 29870->30081 29871->29818 29876 423bc8 29874->29876 29875 423bd8 29875->29820 29876->29875 30082 423aec 105 API calls 29876->30082 29882 425c48 29878->29882 29887 425bfd 29878->29887 29879 425c95 30086 424918 105 API calls 29879->30086 29881 425cad 29883 407a18 11 API calls 29881->29883 29882->29879 29894 424918 105 API calls 29882->29894 30083 4081e4 11 API calls 29882->30083 30084 407f30 11 API calls 29882->30084 30085 407e70 11 API calls 29882->30085 29886 425cc2 29883->29886 29885 408644 11 API calls 29885->29887 29888 4079f4 11 API calls 29886->29888 29887->29882 29887->29885 29889 407dd4 11 API calls 29887->29889 29892 407f74 11 API calls 29887->29892 29895 424918 105 API calls 29887->29895 29890 425cca 29888->29890 29889->29887 29890->29826 29892->29887 29894->29882 29895->29887 29896->29817 29897->29821 29899 407490 29898->29899 29902 4073ec 29899->29902 29903 407434 29902->29903 29904 4073fc 29902->29904 29903->29833 29904->29903 29906 4231e0 12 API calls 29904->29906 29911 40cde0 GetSystemInfo 29904->29911 29912 4a7114 29904->29912 29984 4a7980 29904->29984 29994 4a7000 29904->29994 30006 4a7a8c 29904->30006 29906->29904 29911->29904 29913 4a711c 29912->29913 29914 4a736d 29913->29914 29915 4a7141 GetModuleHandleW GetVersion 29913->29915 29918 407a54 11 API calls 29914->29918 29916 4a717a 29915->29916 29917 4a715c GetProcAddress 29915->29917 29920 4a7182 GetProcAddress 29916->29920 29921 4a7344 GetProcAddress 29916->29921 29917->29916 29919 4a716d 29917->29919 29922 4a7387 29918->29922 29919->29916 29923 4a7191 29920->29923 29924 4a735a GetProcAddress 29921->29924 29925 4a7353 29921->29925 29922->29904 30024 40e818 GetSystemDirectoryW 29923->30024 29924->29914 29927 4a7369 SetProcessDEPPolicy 29924->29927 29925->29924 29927->29914 29928 4a71a0 29929 407dd4 11 API calls 29928->29929 29930 4a71ad 29929->29930 29930->29921 29931 4a71e5 29930->29931 29932 4086c4 11 API calls 29930->29932 29933 40871c 11 API calls 29931->29933 29932->29931 29934 4a71f8 29933->29934 30025 40e844 SetErrorMode LoadLibraryW 29934->30025 29936 4a7200 29937 40871c 11 API calls 29936->29937 29938 4a7213 29937->29938 30026 40e844 SetErrorMode LoadLibraryW 29938->30026 29940 4a721b 29941 40871c 11 API calls 29940->29941 29942 4a722e 29941->29942 30027 40e844 SetErrorMode LoadLibraryW 29942->30027 29944 4a7236 29945 40871c 11 API calls 29944->29945 29946 4a7249 29945->29946 30028 40e844 SetErrorMode LoadLibraryW 29946->30028 29948 4a7251 29949 40871c 11 API calls 29948->29949 29950 4a7264 29949->29950 30029 40e844 SetErrorMode LoadLibraryW 29950->30029 29952 4a726c 29953 40871c 11 API calls 29952->29953 29954 4a727f 29953->29954 30030 40e844 SetErrorMode LoadLibraryW 29954->30030 29956 4a7287 29957 40871c 11 API calls 29956->29957 29958 4a729a 29957->29958 30031 40e844 SetErrorMode LoadLibraryW 29958->30031 29960 4a72a2 29961 40871c 11 API calls 29960->29961 29962 4a72b5 29961->29962 30032 40e844 SetErrorMode LoadLibraryW 29962->30032 29964 4a72bd 29965 40871c 11 API calls 29964->29965 29966 4a72d0 29965->29966 30033 40e844 SetErrorMode LoadLibraryW 29966->30033 29968 4a72d8 29969 40871c 11 API calls 29968->29969 29970 4a72eb 29969->29970 30034 40e844 SetErrorMode LoadLibraryW 29970->30034 29972 4a72f3 29973 40871c 11 API calls 29972->29973 29974 4a7306 29973->29974 30035 40e844 SetErrorMode LoadLibraryW 29974->30035 29976 4a730e 29977 40871c 11 API calls 29976->29977 29978 4a7321 29977->29978 30036 40e844 SetErrorMode LoadLibraryW 29978->30036 29980 4a7329 29981 40871c 11 API calls 29980->29981 29982 4a733c 29981->29982 30037 40e844 SetErrorMode LoadLibraryW 29982->30037 29985 4a7a2e 29984->29985 29986 4a799e 29984->29986 29985->29904 30038 40755c 29986->30038 29988 4a79a8 29989 407dd4 11 API calls 29988->29989 29990 4a79ca 29988->29990 29989->29990 29991 40b1a8 48 API calls 29990->29991 29992 4a7a11 29991->29992 30044 4205cc 119 API calls 29992->30044 29995 4a70c9 29994->29995 29996 4a701e 29994->29996 29995->29904 29997 4a7028 SetThreadLocale 29996->29997 30048 40a5c4 InitializeCriticalSection GetVersion 29997->30048 30001 4a705e 30002 4a7077 GetCommandLineW 30001->30002 30052 403810 GetStartupInfoW 30002->30052 30004 4a70a1 GetACP GetCurrentThreadId 30053 40cdf4 GetVersion 30004->30053 30007 4a7b3b 30006->30007 30008 4a7ab0 GetModuleHandleW 30006->30008 30010 407a54 11 API calls 30007->30010 30054 40e4a8 30008->30054 30012 4a7b55 30010->30012 30011 4a7ac5 GetModuleHandleW 30013 40e4a8 13 API calls 30011->30013 30012->29904 30014 4a7adf 30013->30014 30066 422c38 GetSystemDirectoryW 30014->30066 30016 4a7b09 30017 422554 11 API calls 30016->30017 30018 4a7b14 30017->30018 30019 4086c4 11 API calls 30018->30019 30020 4a7b21 30019->30020 30068 421124 SetErrorMode 30020->30068 30022 4a7b2e 30023 4231e0 12 API calls 30022->30023 30023->30007 30024->29928 30025->29936 30026->29940 30027->29944 30028->29948 30029->29952 30030->29956 30031->29960 30032->29964 30033->29968 30034->29972 30035->29976 30036->29980 30037->29921 30039 407568 30038->30039 30043 40759f 30039->30043 30045 4074a0 75 API calls 30039->30045 30046 4074f8 75 API calls 30039->30046 30047 407548 75 API calls 30039->30047 30043->29988 30044->29985 30045->30039 30046->30039 30047->30039 30049 40a642 30048->30049 30050 40a5f4 6 API calls 30048->30050 30051 40cde0 GetSystemInfo 30049->30051 30050->30049 30051->30001 30052->30004 30053->29995 30055 40e4d0 GetProcAddress 30054->30055 30056 40e4dc 30054->30056 30058 40e530 30055->30058 30057 407a18 11 API calls 30056->30057 30061 40e4f2 30057->30061 30059 407a18 11 API calls 30058->30059 30060 40e545 30059->30060 30060->30011 30062 40e509 GetProcAddress 30061->30062 30063 40e520 30062->30063 30064 407a18 11 API calls 30063->30064 30065 40e528 30064->30065 30065->30011 30067 422c59 30066->30067 30067->30016 30069 4084c8 30068->30069 30070 42115c LoadLibraryW 30069->30070 30070->30022 30072 422a28 11 API calls 30071->30072 30073 422b2a 30072->30073 30074 422b43 30073->30074 30075 422a28 11 API calls 30073->30075 30076 4079f4 11 API calls 30074->30076 30075->30073 30077 422b58 30076->30077 30077->29845 30078->29862 30079->29865 30080->29869 30081->29871 30082->29875 30083->29882 30084->29882 30085->29882 30086->29881 30087 4a82c1 30088 4a82e6 30087->30088 30089 4a831e 30088->30089 30099 4a1544 11 API calls 30088->30099 30095 423dcc SetEndOfFile 30089->30095 30092 4a833a 30100 40540c 11 API calls 30092->30100 30094 4a8371 30096 423de3 30095->30096 30097 423ddc 30095->30097 30096->30092 30101 423ba0 106 API calls 30097->30101 30099->30089 30100->30094 30101->30096

                                                                                                                                              Executed Functions

                                                                                                                                              Function 004A7114, Relevance: 43.9, APIs: 7, Strings: 18, Instructions: 165libraryloaderCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                              			E004A7114(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				long _t39;
				_Unknown_base(*)()* _t42;
				_Unknown_base(*)()* _t43;
				_Unknown_base(*)()* _t46;
				signed int _t51;
				void* _t111;
				void* _t112;
				intOrPtr _t129;
				struct HINSTANCE__* _t148;
				intOrPtr* _t150;
				intOrPtr _t152;
				intOrPtr _t153;

				_t152 = _t153;
				_t112 = 7;
				do {
					_push(0);
					_push(0);
					_t112 = _t112 - 1;
				} while (_t112 != 0);
				_push(_t152);
				_push(0x4a7388);
				_push( *[fs:eax]);
				 *[fs:eax] = _t153;
				 *0x4b0664 =  *0x4b0664 - 1;
				if( *0x4b0664 >= 0) {
					L19:
					_pop(_t129);
					 *[fs:eax] = _t129;
					_push(0x4a738f);
					return E00407A54( &_v60, 0xe);
				} else {
					_t148 = GetModuleHandleW(L"kernel32.dll");
					_t39 = GetVersion();
					_t111 = 0;
					if(_t39 != 0x600) {
						_t150 = GetProcAddress(_t148, "SetDefaultDllDirectories");
						if(_t150 != 0) {
							 *_t150(0x800);
							asm("sbb ebx, ebx");
							_t111 = 1;
						}
					}
					if(_t111 == 0) {
						_t46 = GetProcAddress(_t148, "SetDllDirectoryW");
						if(_t46 != 0) {
							 *_t46(0x4a73e4);
						}
						E0040E818( &_v8);
						E00407DD4(0x4b0668, _v8);
						if( *0x4b0668 != 0) {
							_t51 =  *0x4b0668;
							if(_t51 != 0) {
								_t51 =  *(_t51 - 4);
							}
							if( *((short*)( *0x4b0668 + _t51 * 2 - 2)) != 0x5c) {
								E004086C4(0x4b0668, 0x4a73f4);
							}
							E0040871C( &_v12, L"uxtheme.dll",  *0x4b0668);
							E0040E844(_v12, _t111);
							E0040871C( &_v16, L"userenv.dll",  *0x4b0668);
							E0040E844(_v16, _t111);
							E0040871C( &_v20, L"setupapi.dll",  *0x4b0668);
							E0040E844(_v20, _t111);
							E0040871C( &_v24, L"apphelp.dll",  *0x4b0668);
							E0040E844(_v24, _t111);
							E0040871C( &_v28, L"propsys.dll",  *0x4b0668);
							E0040E844(_v28, _t111);
							E0040871C( &_v32, L"dwmapi.dll",  *0x4b0668);
							E0040E844(_v32, _t111);
							E0040871C( &_v36, L"cryptbase.dll",  *0x4b0668);
							E0040E844(_v36, _t111);
							E0040871C( &_v40, L"oleacc.dll",  *0x4b0668);
							E0040E844(_v40, _t111);
							E0040871C( &_v44, L"version.dll",  *0x4b0668);
							E0040E844(_v44, _t111);
							E0040871C( &_v48, L"profapi.dll",  *0x4b0668);
							E0040E844(_v48, _t111);
							E0040871C( &_v52, L"comres.dll",  *0x4b0668);
							E0040E844(_v52, _t111);
							E0040871C( &_v56, L"clbcatq.dll",  *0x4b0668);
							E0040E844(_v56, _t111);
							E0040871C( &_v60, L"ntmarta.dll",  *0x4b0668);
							E0040E844(_v60, _t111);
						}
					}
					_t42 = GetProcAddress(_t148, "SetSearchPathMode");
					if(_t42 != 0) {
						 *_t42(0x8001);
					}
					_t43 = GetProcAddress(_t148, "SetProcessDEPPolicy");
					if(_t43 != 0) {
						 *_t43(1); // executed
					}
					goto L19;
				}
			}





























                                                                                                                                              0x004a7115
                                                                                                                                              0x004a7117
                                                                                                                                              0x004a711c
                                                                                                                                              0x004a711c
                                                                                                                                              0x004a711e
                                                                                                                                              0x004a7120
                                                                                                                                              0x004a7120
                                                                                                                                              0x004a7128
                                                                                                                                              0x004a7129
                                                                                                                                              0x004a712e
                                                                                                                                              0x004a7131
                                                                                                                                              0x004a7134
                                                                                                                                              0x004a713b
                                                                                                                                              0x004a736d
                                                                                                                                              0x004a736f
                                                                                                                                              0x004a7372
                                                                                                                                              0x004a7375
                                                                                                                                              0x004a7387
                                                                                                                                              0x004a7141
                                                                                                                                              0x004a714b
                                                                                                                                              0x004a714d
                                                                                                                                              0x004a7154
                                                                                                                                              0x004a715a
                                                                                                                                              0x004a7167
                                                                                                                                              0x004a716b
                                                                                                                                              0x004a7172
                                                                                                                                              0x004a7177
                                                                                                                                              0x004a7179
                                                                                                                                              0x004a7179
                                                                                                                                              0x004a716b
                                                                                                                                              0x004a717c
                                                                                                                                              0x004a7188
                                                                                                                                              0x004a718f
                                                                                                                                              0x004a7196
                                                                                                                                              0x004a7196
                                                                                                                                              0x004a719b
                                                                                                                                              0x004a71a8
                                                                                                                                              0x004a71b4
                                                                                                                                              0x004a71ba
                                                                                                                                              0x004a71c1
                                                                                                                                              0x004a71c6
                                                                                                                                              0x004a71c6
                                                                                                                                              0x004a71d4
                                                                                                                                              0x004a71e0
                                                                                                                                              0x004a71e0
                                                                                                                                              0x004a71f3
                                                                                                                                              0x004a71fb
                                                                                                                                              0x004a720e
                                                                                                                                              0x004a7216
                                                                                                                                              0x004a7229
                                                                                                                                              0x004a7231
                                                                                                                                              0x004a7244
                                                                                                                                              0x004a724c
                                                                                                                                              0x004a725f
                                                                                                                                              0x004a7267
                                                                                                                                              0x004a727a
                                                                                                                                              0x004a7282
                                                                                                                                              0x004a7295
                                                                                                                                              0x004a729d
                                                                                                                                              0x004a72b0
                                                                                                                                              0x004a72b8
                                                                                                                                              0x004a72cb
                                                                                                                                              0x004a72d3
                                                                                                                                              0x004a72e6
                                                                                                                                              0x004a72ee
                                                                                                                                              0x004a7301
                                                                                                                                              0x004a7309
                                                                                                                                              0x004a731c
                                                                                                                                              0x004a7324
                                                                                                                                              0x004a7337
                                                                                                                                              0x004a733f
                                                                                                                                              0x004a733f
                                                                                                                                              0x004a71b4
                                                                                                                                              0x004a734a
                                                                                                                                              0x004a7351
                                                                                                                                              0x004a7358
                                                                                                                                              0x004a7358
                                                                                                                                              0x004a7360
                                                                                                                                              0x004a7367
                                                                                                                                              0x004a736b
                                                                                                                                              0x004a736b
                                                                                                                                              0x00000000
                                                                                                                                              0x004a7367

                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,004A7388,?,?,?,?,00000000,00000000), ref: 004A7146
                                                                                                                                              • GetVersion.KERNEL32(kernel32.dll,00000000,004A7388,?,?,?,?,00000000,00000000), ref: 004A714D
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 004A7162
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 004A7188
                                                                                                                                                • Part of subcall function 0040E844: SetErrorMode.KERNEL32(00008000), ref: 0040E852
                                                                                                                                                • Part of subcall function 0040E844: LoadLibraryW.KERNEL32(00000000,00000000,0040E89C,?,00000000,0040E8BA,?,00008000), ref: 0040E881
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 004A734A
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 004A7360
                                                                                                                                              • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,00000000,004A7388,?,?,?,?,00000000,00000000), ref: 004A736B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressProc$ErrorHandleLibraryLoadModeModulePolicyProcessVersion
                                                                                                                                              • String ID: SetDefaultDllDirectories$SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$apphelp.dll$clbcatq.dll$comres.dll$cryptbase.dll$dwmapi.dll$kernel32.dll$ntmarta.dll$oleacc.dll$profapi.dll$propsys.dll$setupapi.dll$userenv.dll$uxtheme.dll$version.dll
                                                                                                                                              • API String ID: 2248137261-1119018034
                                                                                                                                              • Opcode ID: 3cff10d8a37e8f74ee08042b476ec0aeb1e7e16601af9275c0598c71473bbef6
                                                                                                                                              • Instruction ID: 02322ebf13ac6853ed14ef268a063699a4793311109b24e8029bbe3fde3c2d54
                                                                                                                                              • Opcode Fuzzy Hash: 3cff10d8a37e8f74ee08042b476ec0aeb1e7e16601af9275c0598c71473bbef6
                                                                                                                                              • Instruction Fuzzy Hash: 8E516E346441449BDB10FBA6CC82E9E73B5EBD6308B24863BE810772A5DB3CAD55CB5C
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004A162C, Relevance: 7.6, APIs: 5, Instructions: 80memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 382 4a162c-4a1652 GetSystemInfo VirtualQuery 383 4a1658 382->383 384 4a16f7-4a16fe 382->384 385 4a16eb-4a16f1 383->385 385->384 386 4a165d-4a1664 385->386 387 4a1666-4a166a 386->387 388 4a16d7-4a16e9 VirtualQuery 386->388 387->388 389 4a166c-4a1677 387->389 388->384 388->385 390 4a1688-4a169d VirtualProtect 389->390 391 4a1679-4a167c 389->391 392 4a169f 390->392 393 4a16a4-4a16a6 390->393 391->390 394 4a167e-4a1681 391->394 392->393 395 4a16b5-4a16b8 393->395 394->390 396 4a1683-4a1686 394->396 397 4a16ba-4a16bf 395->397 398 4a16a8-4a16b1 call 4a1624 395->398 396->390 396->393 397->388 400 4a16c1-4a16d2 VirtualProtect 397->400 398->395 400->388
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E004A162C(void* __eax) {
				char _v44;
				struct _SYSTEM_INFO _v80;
				long _v84;
				char _v88;
				long _t22;
				int _t28;
				void* _t37;
				struct _MEMORY_BASIC_INFORMATION* _t40;
				long _t41;
				void** _t42;

				_t42 =  &(_v80.dwPageSize);
				 *_t42 = __eax;
				_t40 =  &_v44;
				GetSystemInfo( &_v80); // executed
				_t22 = VirtualQuery( *_t42, _t40, 0x1c);
				if(_t22 == 0) {
					L17:
					return _t22;
				} else {
					while(1) {
						_t22 = _t40->AllocationBase;
						if(_t22 !=  *_t42) {
							goto L17;
						}
						if(_t40->State != 0x1000 || (_t40->Protect & 0x00000001) != 0) {
							L15:
							_t22 = VirtualQuery(_t40->BaseAddress + _t40->RegionSize, _t40, 0x1c);
							if(_t22 == 0) {
								goto L17;
							}
							continue;
						} else {
							_v88 = 0;
							_t41 = _t40->Protect;
							if(_t41 == 1 || _t41 == 2 || _t41 == 0x10 || _t41 == 0x20) {
								_t28 = VirtualProtect(_t40->BaseAddress, _t40->RegionSize, 0x40,  &_v84); // executed
								if(_t28 != 0) {
									_v88 = 1;
								}
							}
							_t37 = 0;
							while(_t37 < _t40->RegionSize) {
								E004A1624(_t40->BaseAddress + _t37);
								_t37 = _t37 + _v80.dwPageSize;
							}
							if(_v88 != 0) {
								VirtualProtect( *_t40, _t40->RegionSize, _v84,  &_v84); // executed
							}
							goto L15;
						}
					}
					goto L17;
				}
			}













                                                                                                                                              0x004a1630
                                                                                                                                              0x004a1633
                                                                                                                                              0x004a1636
                                                                                                                                              0x004a163f
                                                                                                                                              0x004a164b
                                                                                                                                              0x004a1652
                                                                                                                                              0x004a16fe
                                                                                                                                              0x004a16fe
                                                                                                                                              0x004a1658
                                                                                                                                              0x004a16eb
                                                                                                                                              0x004a16eb
                                                                                                                                              0x004a16f1
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004a1664
                                                                                                                                              0x004a16d7
                                                                                                                                              0x004a16e2
                                                                                                                                              0x004a16e9
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004a166c
                                                                                                                                              0x004a166c
                                                                                                                                              0x004a1671
                                                                                                                                              0x004a1677
                                                                                                                                              0x004a1696
                                                                                                                                              0x004a169d
                                                                                                                                              0x004a169f
                                                                                                                                              0x004a169f
                                                                                                                                              0x004a169d
                                                                                                                                              0x004a16a4
                                                                                                                                              0x004a16b5
                                                                                                                                              0x004a16ac
                                                                                                                                              0x004a16b1
                                                                                                                                              0x004a16b1
                                                                                                                                              0x004a16bf
                                                                                                                                              0x004a16d2
                                                                                                                                              0x004a16d2
                                                                                                                                              0x00000000
                                                                                                                                              0x004a16bf
                                                                                                                                              0x004a1664
                                                                                                                                              0x00000000
                                                                                                                                              0x004a16eb

                                                                                                                                              APIs
                                                                                                                                              • GetSystemInfo.KERNEL32(?), ref: 004A163F
                                                                                                                                              • VirtualQuery.KERNEL32(?,?,0000001C,?), ref: 004A164B
                                                                                                                                              • VirtualProtect.KERNEL32(?,?,00000040,0000001C,?,?,0000001C), ref: 004A1696
                                                                                                                                              • VirtualProtect.KERNEL32(?,?,?,0000001C,?,?,00000040,0000001C,?,?,0000001C), ref: 004A16D2
                                                                                                                                              • VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C,?), ref: 004A16E2
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Virtual$ProtectQuery$InfoSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2441996862-0
                                                                                                                                              • Opcode ID: 5b3962b5c6332dcebc7121228b8a4b3e3461861da3638e45f5f22f4c152fd88c
                                                                                                                                              • Instruction ID: 121c490457b7ae1f12085ab2edba84d2aabbc21e4026ddd200c69c56977e63ec
                                                                                                                                              • Opcode Fuzzy Hash: 5b3962b5c6332dcebc7121228b8a4b3e3461861da3638e45f5f22f4c152fd88c
                                                                                                                                              • Instruction Fuzzy Hash: D5216971504344ABD720EA59CD84EABB7E8AF66314F4C4C1EF694C32A1D33AE844CB66
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040B3B8, Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                              			E0040B3B8(char __eax, void* __ebx, intOrPtr* __edx, void* __eflags) {
				char _v8;
				short _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* _t29;
				void* _t40;
				intOrPtr* _t44;
				intOrPtr _t55;
				void* _t61;

				_push(__ebx);
				_v24 = 0;
				_v20 = 0;
				_t44 = __edx;
				_v8 = __eax;
				E00407AD8(_v8);
				_push(_t61);
				_push(0x40b478);
				_push( *[fs:eax]);
				 *[fs:eax] = _t61 + 0xffffffec;
				_t21 =  &_v16;
				L00403730();
				GetLocaleInfoW( &_v16 & 0x0000ffff, 3, _t21, 4);
				E0040856C( &_v20, 4,  &_v16);
				E0040871C(_t44, _v20, _v8);
				_t29 = E0040B268( *_t44, _t44); // executed
				if(_t29 == 0) {
					_v12 = 0;
					E0040856C( &_v24, 4,  &_v16);
					E0040871C(_t44, _v24, _v8);
					_t40 = E0040B268( *_t44, _t44); // executed
					if(_t40 == 0) {
						E004079F4(_t44);
					}
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(E0040B47F);
				E00407A54( &_v24, 2);
				return E004079F4( &_v8);
			}













                                                                                                                                              0x0040b3be
                                                                                                                                              0x0040b3c1
                                                                                                                                              0x0040b3c4
                                                                                                                                              0x0040b3c7
                                                                                                                                              0x0040b3c9
                                                                                                                                              0x0040b3cf
                                                                                                                                              0x0040b3d6
                                                                                                                                              0x0040b3d7
                                                                                                                                              0x0040b3dc
                                                                                                                                              0x0040b3df
                                                                                                                                              0x0040b3e4
                                                                                                                                              0x0040b3ea
                                                                                                                                              0x0040b3f3
                                                                                                                                              0x0040b403
                                                                                                                                              0x0040b410
                                                                                                                                              0x0040b417
                                                                                                                                              0x0040b41e
                                                                                                                                              0x0040b420
                                                                                                                                              0x0040b431
                                                                                                                                              0x0040b43e
                                                                                                                                              0x0040b445
                                                                                                                                              0x0040b44c
                                                                                                                                              0x0040b450
                                                                                                                                              0x0040b450
                                                                                                                                              0x0040b44c
                                                                                                                                              0x0040b457
                                                                                                                                              0x0040b45a
                                                                                                                                              0x0040b45d
                                                                                                                                              0x0040b46a
                                                                                                                                              0x0040b477

                                                                                                                                              APIs
                                                                                                                                              • GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,0040B478,?,?), ref: 0040B3EA
                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,0040B478,?,?), ref: 0040B3F3
                                                                                                                                                • Part of subcall function 0040B268: FindFirstFileW.KERNEL32(00000000,?,00000000,0040B2C6,?,?), ref: 0040B29B
                                                                                                                                                • Part of subcall function 0040B268: FindClose.KERNEL32(00000000,00000000,?,00000000,0040B2C6,?,?), ref: 0040B2AB
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3216391948-0
                                                                                                                                              • Opcode ID: 7c11227e8b53d5cf57ab3c00df66d88cc61cce9a5cb76bffb90c21d47624e2da
                                                                                                                                              • Instruction ID: 9155c5fd2a6d7a32e17c8bb0479b116e8c2ecdb55d1a06f7ce78c4880fdbda1e
                                                                                                                                              • Opcode Fuzzy Hash: 7c11227e8b53d5cf57ab3c00df66d88cc61cce9a5cb76bffb90c21d47624e2da
                                                                                                                                              • Instruction Fuzzy Hash: B9117570A041499BDB00EFA5C942AAEB3B8EF44304F50407FB544B72D2DB385F04CA6D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040B268, Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 46%
                                                                                                                                              			E0040B268(char __eax, signed int __ebx) {
				char _v8;
				struct _WIN32_FIND_DATAW _v600;
				void* _t15;
				intOrPtr _t24;
				void* _t27;

				_push(__ebx);
				_v8 = __eax;
				E00407AD8(_v8);
				_push(_t27);
				_push(0x40b2c6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t27 + 0xfffffdac;
				_t15 = FindFirstFileW(E004084C8(_v8),  &_v600); // executed
				if((__ebx & 0xffffff00 | _t15 != 0xffffffff) != 0) {
					FindClose(_t15);
				}
				_pop(_t24);
				 *[fs:eax] = _t24;
				_push(E0040B2CD);
				return E004079F4( &_v8);
			}








                                                                                                                                              0x0040b271
                                                                                                                                              0x0040b272
                                                                                                                                              0x0040b278
                                                                                                                                              0x0040b27f
                                                                                                                                              0x0040b280
                                                                                                                                              0x0040b285
                                                                                                                                              0x0040b288
                                                                                                                                              0x0040b29b
                                                                                                                                              0x0040b2a8
                                                                                                                                              0x0040b2ab
                                                                                                                                              0x0040b2ab
                                                                                                                                              0x0040b2b2
                                                                                                                                              0x0040b2b5
                                                                                                                                              0x0040b2b8
                                                                                                                                              0x0040b2c5

                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000000,0040B2C6,?,?), ref: 0040B29B
                                                                                                                                              • FindClose.KERNEL32(00000000,00000000,?,00000000,0040B2C6,?,?), ref: 0040B2AB
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                              • Opcode ID: dcd63df1445c4785f46ad18630efca613813575deacfdb2e7f3fde81f5b7913b
                                                                                                                                              • Instruction ID: af97b761f8286923e3e8c7c54c75c770fa091db835a787e0331ac1096eca1aa4
                                                                                                                                              • Opcode Fuzzy Hash: dcd63df1445c4785f46ad18630efca613813575deacfdb2e7f3fde81f5b7913b
                                                                                                                                              • Instruction Fuzzy Hash: 56F0BE70914248AECB21EB75CC5295EB7ACEB44310BA005BAB804F32D1EB38AF009A5C
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040AE8C, Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              C-Code - Quality: 78%
                                                                                                                                              			E0040AE8C(char __eax, void* __ebx, void* __ecx, void* __edx) {
				char _v8;
				char* _v12;
				void* _v16;
				int _v20;
				short _v542;
				long _t51;
				long _t85;
				long _t87;
				long _t89;
				long _t91;
				long _t93;
				void* _t97;
				intOrPtr _t106;
				intOrPtr _t108;
				void* _t112;
				void* _t113;
				intOrPtr _t114;

				_t112 = _t113;
				_t114 = _t113 + 0xfffffde4;
				_t97 = __edx;
				_v8 = __eax;
				E00407AD8(_v8);
				_push(_t112);
				_push(0x40b0b1);
				_push( *[fs:eax]);
				 *[fs:eax] = _t114;
				if(_v8 != 0) {
					E0040A6C0( &_v542, E004084C8(_v8), 0x105);
				} else {
					GetModuleFileNameW(0,  &_v542, 0x105);
				}
				if(_v542 == 0) {
					L18:
					_pop(_t106);
					 *[fs:eax] = _t106;
					_push(E0040B0B8);
					return E004079F4( &_v8);
				} else {
					_v12 = 0;
					_t51 = RegOpenKeyExW(0x80000001, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
					if(_t51 == 0) {
						L10:
						_push(_t112);
						_push(0x40b094);
						_push( *[fs:eax]);
						 *[fs:eax] = _t114;
						E0040AC9C( &_v542, 0x105);
						if(RegQueryValueExW(_v16,  &_v542, 0, 0, 0,  &_v20) != 0) {
							if(RegQueryValueExW(_v16, E0040B1A4, 0, 0, 0,  &_v20) == 0) {
								_v12 = E004053F0(_v20);
								RegQueryValueExW(_v16, E0040B1A4, 0, 0, _v12,  &_v20);
								E00408530(_t97, _v12);
							}
						} else {
							_v12 = E004053F0(_v20);
							RegQueryValueExW(_v16,  &_v542, 0, 0, _v12,  &_v20);
							E00408530(_t97, _v12);
						}
						_pop(_t108);
						 *[fs:eax] = _t108;
						_push(E0040B09B);
						if(_v12 != 0) {
							E0040540C(_v12);
						}
						return RegCloseKey(_v16);
					} else {
						_t85 = RegOpenKeyExW(0x80000002, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
						if(_t85 == 0) {
							goto L10;
						} else {
							_t87 = RegOpenKeyExW(0x80000001, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
							if(_t87 == 0) {
								goto L10;
							} else {
								_t89 = RegOpenKeyExW(0x80000002, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
								if(_t89 == 0) {
									goto L10;
								} else {
									_t91 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Locales", 0, 0xf0019,  &_v16); // executed
									if(_t91 == 0) {
										goto L10;
									} else {
										_t93 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v16); // executed
										if(_t93 != 0) {
											goto L18;
										} else {
											goto L10;
										}
									}
								}
							}
						}
					}
				}
			}




















                                                                                                                                              0x0040ae8d
                                                                                                                                              0x0040ae8f
                                                                                                                                              0x0040ae96
                                                                                                                                              0x0040ae98
                                                                                                                                              0x0040ae9e
                                                                                                                                              0x0040aea5
                                                                                                                                              0x0040aea6
                                                                                                                                              0x0040aeab
                                                                                                                                              0x0040aeae
                                                                                                                                              0x0040aeb5
                                                                                                                                              0x0040aee1
                                                                                                                                              0x0040aeb7
                                                                                                                                              0x0040aec5
                                                                                                                                              0x0040aec5
                                                                                                                                              0x0040aeee
                                                                                                                                              0x0040b09b
                                                                                                                                              0x0040b09d
                                                                                                                                              0x0040b0a0
                                                                                                                                              0x0040b0a3
                                                                                                                                              0x0040b0b0
                                                                                                                                              0x0040aef4
                                                                                                                                              0x0040aef6
                                                                                                                                              0x0040af0e
                                                                                                                                              0x0040af15
                                                                                                                                              0x0040afb5
                                                                                                                                              0x0040afb7
                                                                                                                                              0x0040afb8
                                                                                                                                              0x0040afbd
                                                                                                                                              0x0040afc0
                                                                                                                                              0x0040afce
                                                                                                                                              0x0040afef
                                                                                                                                              0x0040b03e
                                                                                                                                              0x0040b048
                                                                                                                                              0x0040b060
                                                                                                                                              0x0040b06a
                                                                                                                                              0x0040b06a
                                                                                                                                              0x0040aff1
                                                                                                                                              0x0040aff9
                                                                                                                                              0x0040b013
                                                                                                                                              0x0040b01d
                                                                                                                                              0x0040b01d
                                                                                                                                              0x0040b071
                                                                                                                                              0x0040b074
                                                                                                                                              0x0040b077
                                                                                                                                              0x0040b080
                                                                                                                                              0x0040b085
                                                                                                                                              0x0040b085
                                                                                                                                              0x0040b093
                                                                                                                                              0x0040af1b
                                                                                                                                              0x0040af30
                                                                                                                                              0x0040af37
                                                                                                                                              0x00000000
                                                                                                                                              0x0040af39
                                                                                                                                              0x0040af4e
                                                                                                                                              0x0040af55
                                                                                                                                              0x00000000
                                                                                                                                              0x0040af57
                                                                                                                                              0x0040af6c
                                                                                                                                              0x0040af73
                                                                                                                                              0x00000000
                                                                                                                                              0x0040af75
                                                                                                                                              0x0040af8a
                                                                                                                                              0x0040af91
                                                                                                                                              0x00000000
                                                                                                                                              0x0040af93
                                                                                                                                              0x0040afa8
                                                                                                                                              0x0040afaf
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x0040afaf
                                                                                                                                              0x0040af91
                                                                                                                                              0x0040af73
                                                                                                                                              0x0040af55
                                                                                                                                              0x0040af37
                                                                                                                                              0x0040af15

                                                                                                                                              APIs
                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040B0B1,?,?), ref: 0040AEC5
                                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040B0B1,?,?), ref: 0040AF0E
                                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040B0B1,?,?), ref: 0040AF30
                                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000), ref: 0040AF4E
                                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 0040AF6C
                                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 0040AF8A
                                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 0040AFA8
                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,0040B094,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040B0B1), ref: 0040AFE8
                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,0040B094,?,80000001), ref: 0040B013
                                                                                                                                              • RegCloseKey.ADVAPI32(?,0040B09B,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,0040B094,?,80000001,Software\Embarcadero\Locales), ref: 0040B08E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Open$QueryValue$CloseFileModuleName
                                                                                                                                              • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                                                                                                              • API String ID: 2701450724-3496071916
                                                                                                                                              • Opcode ID: a7a4f7800a908a23690c429c9108a661baea305ffcb50fe6ed6af284978fef88
                                                                                                                                              • Instruction ID: 511bc42bdc18c233ca4c8d7f1893363b3cc50658f2258b81fe6dc99cbd1a726a
                                                                                                                                              • Opcode Fuzzy Hash: a7a4f7800a908a23690c429c9108a661baea305ffcb50fe6ed6af284978fef88
                                                                                                                                              • Instruction Fuzzy Hash: CE5121B5A50208BEEB10DAA5CC46FAFB7ACDB08704F504077BA14F61C1E7B8AA44865D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004A8383, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 103COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                              			E004A8383(void* __ebx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _t17;
				struct HWND__* _t21;
				struct HWND__* _t22;
				struct HWND__* _t25;
				intOrPtr _t26;
				intOrPtr _t28;
				intOrPtr _t36;
				intOrPtr _t39;
				int _t40;
				intOrPtr _t41;
				intOrPtr _t43;
				struct HWND__* _t46;
				intOrPtr _t47;
				intOrPtr _t50;
				intOrPtr _t60;
				intOrPtr _t62;
				intOrPtr _t68;
				intOrPtr _t69;
				intOrPtr _t70;
				void* _t73;
				void* _t74;

				_t74 = __eflags;
				_t72 = __esi;
				_t71 = __edi;
				_t52 = __ebx;
				_pop(_t62);
				 *[fs:eax] = _t62;
				_t17 =  *0x4b3718; // 0x0
				 *0x4b3718 = 0;
				E00405CC8(_t17);
				_t21 = E0040E748(0, L"STATIC", 0,  *0x4b0634, 0, 0, 0, 0, 0, 0, 0); // executed
				 *0x4ac450 = _t21;
				_t22 =  *0x4ac450; // 0x50230
				 *0x4b3710 = SetWindowLongW(_t22, 0xfffffffc, E004A13B0);
				_t25 =  *0x4ac450; // 0x50230
				 *(_t73 - 0x58) = _t25;
				 *((char*)(_t73 - 0x54)) = 0;
				_t26 =  *0x4b3720; // 0x4d4678
				_t4 = _t26 + 0x20; // 0x3fbbeea
				 *((intOrPtr*)(_t73 - 0x50)) =  *_t4;
				 *((char*)(_t73 - 0x4c)) = 0;
				_t28 =  *0x4b3720; // 0x4d4678
				_t7 = _t28 + 0x24; // 0xc8000
				 *((intOrPtr*)(_t73 - 0x48)) =  *_t7;
				 *((char*)(_t73 - 0x44)) = 0;
				E0041A99C(L"/SL5=\"$%x,%d,%d,", 2, _t73 - 0x58, _t73 - 0x40);
				_push( *((intOrPtr*)(_t73 - 0x40)));
				_push( *0x4b3714);
				_push(0x4a8660);
				E00422AB8(_t73 - 0x5c, __ebx, __esi, _t74);
				_push( *((intOrPtr*)(_t73 - 0x5c)));
				E004087A4(_t73 - 0x3c, __ebx, 4, __edi, __esi);
				_t36 =  *0x4b372c; // 0x0, executed
				E004A143C(_t36, _t52, 0x4ac44c,  *((intOrPtr*)(_t73 - 0x3c)), _t71, _t72, __fp0); // executed
				if( *0x4ac448 != 0xffffffff) {
					_t50 =  *0x4ac448; // 0x0
					E004A1320(_t50);
				}
				_pop(_t68);
				 *[fs:eax] = _t68;
				_push(E004A8534);
				_t39 =  *0x4b3718; // 0x0
				_t40 = E00405CC8(_t39);
				if( *0x4b372c != 0) {
					_t70 =  *0x4b372c; // 0x0
					_t40 = E004A0ECC(0, _t70, 0xfa, 0x32); // executed
				}
				if( *0x4b3724 != 0) {
					_t47 =  *0x4b3724; // 0x0
					_t40 = RemoveDirectoryW(E004084C8(_t47)); // executed
				}
				if( *0x4ac450 != 0) {
					_t46 =  *0x4ac450; // 0x50230
					_t40 = DestroyWindow(_t46); // executed
				}
				if( *0x4b3708 != 0) {
					_t41 =  *0x4b3708; // 0x0
					_t60 =  *0x4b370c; // 0xa
					_t69 =  *0x426aa4; // 0x426aa8
					E00408DAC(_t41, _t60, _t69);
					_t43 =  *0x4b3708; // 0x0
					E0040540C(_t43);
					 *0x4b3708 = 0;
					return 0;
				}
				return _t40;
			}
























                                                                                                                                              0x004a8383
                                                                                                                                              0x004a8383
                                                                                                                                              0x004a8383
                                                                                                                                              0x004a8383
                                                                                                                                              0x004a8385
                                                                                                                                              0x004a8388
                                                                                                                                              0x004a83b3
                                                                                                                                              0x004a83ba
                                                                                                                                              0x004a83c0
                                                                                                                                              0x004a83e7
                                                                                                                                              0x004a83ec
                                                                                                                                              0x004a83f8
                                                                                                                                              0x004a8403
                                                                                                                                              0x004a840c
                                                                                                                                              0x004a8411
                                                                                                                                              0x004a8414
                                                                                                                                              0x004a8418
                                                                                                                                              0x004a841d
                                                                                                                                              0x004a8420
                                                                                                                                              0x004a8423
                                                                                                                                              0x004a8427
                                                                                                                                              0x004a842c
                                                                                                                                              0x004a842f
                                                                                                                                              0x004a8432
                                                                                                                                              0x004a8443
                                                                                                                                              0x004a8448
                                                                                                                                              0x004a844b
                                                                                                                                              0x004a8451
                                                                                                                                              0x004a8459
                                                                                                                                              0x004a845e
                                                                                                                                              0x004a8469
                                                                                                                                              0x004a8476
                                                                                                                                              0x004a847b
                                                                                                                                              0x004a8487
                                                                                                                                              0x004a8489
                                                                                                                                              0x004a848e
                                                                                                                                              0x004a848e
                                                                                                                                              0x004a8495
                                                                                                                                              0x004a8498
                                                                                                                                              0x004a849b
                                                                                                                                              0x004a84a0
                                                                                                                                              0x004a84a5
                                                                                                                                              0x004a84b1
                                                                                                                                              0x004a84bf
                                                                                                                                              0x004a84c7
                                                                                                                                              0x004a84c7
                                                                                                                                              0x004a84d3
                                                                                                                                              0x004a84d5
                                                                                                                                              0x004a84e0
                                                                                                                                              0x004a84e0
                                                                                                                                              0x004a84ec
                                                                                                                                              0x004a84ee
                                                                                                                                              0x004a84f4
                                                                                                                                              0x004a84f4
                                                                                                                                              0x004a8500
                                                                                                                                              0x004a8502
                                                                                                                                              0x004a8507
                                                                                                                                              0x004a850d
                                                                                                                                              0x004a8513
                                                                                                                                              0x004a8518
                                                                                                                                              0x004a851d
                                                                                                                                              0x004a8524
                                                                                                                                              0x00000000
                                                                                                                                              0x004a8524
                                                                                                                                              0x004a8529

                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0040E748: CreateWindowExW.USER32 ref: 0040E787
                                                                                                                                              • SetWindowLongW.USER32 ref: 004A83FE
                                                                                                                                                • Part of subcall function 00422AB8: GetCommandLineW.KERNEL32(00000000,00422AFA,?,?,00000000,?,004A845E,004A8660,?), ref: 00422ACE
                                                                                                                                                • Part of subcall function 004A143C: CreateProcessW.KERNEL32 ref: 004A14AC
                                                                                                                                                • Part of subcall function 004A143C: CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004A153C,00000000,004A152C,00000000), ref: 004A14C0
                                                                                                                                                • Part of subcall function 004A143C: MsgWaitForMultipleObjects.USER32 ref: 004A14D9
                                                                                                                                                • Part of subcall function 004A143C: GetExitCodeProcess.KERNEL32 ref: 004A14ED
                                                                                                                                                • Part of subcall function 004A143C: CloseHandle.KERNEL32(?,?,004AC44C,00000001,?,00000000,000000FF,000004FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004A14F6
                                                                                                                                              • RemoveDirectoryW.KERNEL32(00000000,004A8534), ref: 004A84E0
                                                                                                                                              • DestroyWindow.USER32(00050230,004A8534), ref: 004A84F4
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$CloseCreateHandleProcess$CodeCommandDestroyDirectoryExitLineLongMultipleObjectsRemoveWait
                                                                                                                                              • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC$xFM
                                                                                                                                              • API String ID: 3586484885-847750361
                                                                                                                                              • Opcode ID: a11fbe756f7f2081050fdb452eeb39d84f723be55f3184d7a3272a2ac561a8e7
                                                                                                                                              • Instruction ID: ad17a008a8a74016f0247325cd10a11e66cc17c3673bb36b701d74231778c7e7
                                                                                                                                              • Opcode Fuzzy Hash: a11fbe756f7f2081050fdb452eeb39d84f723be55f3184d7a3272a2ac561a8e7
                                                                                                                                              • Instruction Fuzzy Hash: F3416FB4A042049FDB14DFAAED95B597BF0E76A305F10863AE4009B2A1DF78AD41CB5C
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040426C, Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 150 40426c-40427b 151 404281-404285 150->151 152 404364-404367 150->152 153 404287-40428e 151->153 154 4042e8-4042f1 151->154 155 404454-404458 152->155 156 40436d-404377 152->156 160 404290-40429b 153->160 161 4042bc-4042be 153->161 154->153 159 4042f3-4042fc 154->159 157 403cf8-403d1d call 403c48 155->157 158 40445e-404463 155->158 162 404328-404335 156->162 163 404379-404385 156->163 183 403d39-403d40 157->183 184 403d1f-403d2e VirtualFree 157->184 159->154 166 4042fe-404312 Sleep 159->166 169 4042a4-4042b9 160->169 170 40429d-4042a2 160->170 164 4042c0-4042d1 161->164 165 4042d3 161->165 162->163 167 404337-404340 162->167 171 404387-40438a 163->171 172 4043bc-4043ca 163->172 164->165 174 4042d6-4042e3 164->174 165->174 166->153 176 404318-404323 Sleep 166->176 167->162 177 404342-404356 Sleep 167->177 173 40438e-404392 171->173 172->173 175 4043cc-4043d1 call 403ac0 172->175 179 4043d4-4043e1 173->179 180 404394-40439a 173->180 174->156 175->173 176->154 177->163 182 404358-40435f Sleep 177->182 179->180 191 4043e3-4043ea call 403ac0 179->191 187 4043ec-4043f6 180->187 188 40439c-4043ba call 403b00 180->188 182->162 189 403d42-403d5e VirtualQuery VirtualFree 183->189 185 403d30-403d32 184->185 186 403d34-403d37 184->186 192 403d73-403d75 185->192 186->192 197 404424-404451 call 403b60 187->197 198 4043f8-404420 VirtualFree 187->198 194 403d60-403d63 189->194 195 403d65-403d6b 189->195 191->180 202 403d77-403d87 192->202 203 403d8a-403d9a 192->203 194->192 195->192 201 403d6d-403d71 195->201 201->189 202->203
                                                                                                                                              C-Code - Quality: 91%
                                                                                                                                              			E0040426C(void* __eax, signed int __edi, void* __ebp) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				signed int __ebx;
				void* _t58;
				signed int _t61;
				int _t65;
				signed int _t67;
				void _t70;
				int _t71;
				signed int _t78;
				void* _t79;
				signed int _t81;
				intOrPtr _t82;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				signed int _t92;
				void* _t96;
				signed int _t99;
				void* _t103;
				intOrPtr _t104;
				void* _t106;
				void* _t108;
				signed int _t113;
				void* _t115;
				void* _t116;

				_t56 = __eax;
				_t89 =  *(__eax - 4);
				_t78 =  *0x4ad059; // 0x0
				if((_t89 & 0x00000007) != 0) {
					__eflags = _t89 & 0x00000005;
					if((_t89 & 0x00000005) != 0) {
						_pop(_t78);
						__eflags = _t89 & 0x00000003;
						if((_t89 & 0x00000003) == 0) {
							_push(_t78);
							_push(__edi);
							_t116 = _t115 + 0xffffffdc;
							_t103 = __eax - 0x10;
							E00403C48();
							_t58 = _t103;
							 *_t116 =  *_t58;
							_v48 =  *((intOrPtr*)(_t58 + 4));
							_t92 =  *(_t58 + 0xc);
							if((_t92 & 0x00000008) != 0) {
								_t79 = _t103;
								_t113 = _t92 & 0xfffffff0;
								_t99 = 0;
								__eflags = 0;
								while(1) {
									VirtualQuery(_t79,  &_v44, 0x1c);
									_t61 = VirtualFree(_t79, 0, 0x8000);
									__eflags = _t61;
									if(_t61 == 0) {
										_t99 = _t99 | 0xffffffff;
										goto L10;
									}
									_t104 = _v44.RegionSize;
									__eflags = _t113 - _t104;
									if(_t113 > _t104) {
										_t113 = _t113 - _t104;
										_t79 = _t79 + _t104;
										continue;
									}
									goto L10;
								}
							} else {
								_t65 = VirtualFree(_t103, 0, 0x8000); // executed
								if(_t65 == 0) {
									_t99 = __edi | 0xffffffff;
								} else {
									_t99 = 0;
								}
							}
							L10:
							if(_t99 == 0) {
								 *_v48 =  *_t116;
								 *( *_t116 + 4) = _v48;
							}
							 *0x4afb78 = 0;
							return _t99;
						} else {
							return 0xffffffff;
						}
					} else {
						goto L31;
					}
				} else {
					__eflags = __bl;
					__ebx =  *__edx;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L14;
							}
							asm("pause");
							__eflags =  *0x4ad989;
							if(__eflags != 0) {
								continue;
							} else {
								Sleep(0);
								__edx = __edx;
								__ecx = __ecx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__eflags != 0) {
									Sleep(0xa);
									__edx = __edx;
									__ecx = __ecx;
									continue;
								}
							}
							goto L14;
						}
					}
					L14:
					_t14 = __edx + 0x14;
					 *_t14 =  *(__edx + 0x14) - 1;
					__eflags =  *_t14;
					__eax =  *(__edx + 0x10);
					if( *_t14 == 0) {
						__eflags = __eax;
						if(__eax == 0) {
							L20:
							 *(__ebx + 0x14) = __eax;
						} else {
							__eax =  *(__edx + 0xc);
							__ecx =  *(__edx + 8);
							 *(__eax + 8) = __ecx;
							 *(__ecx + 0xc) = __eax;
							__eax = 0;
							__eflags =  *((intOrPtr*)(__ebx + 0x18)) - __edx;
							if( *((intOrPtr*)(__ebx + 0x18)) == __edx) {
								goto L20;
							}
						}
						 *__ebx = __al;
						__eax = __edx;
						__edx =  *(__edx - 4);
						__bl =  *0x4ad059; // 0x0
						L31:
						__eflags = _t78;
						_t81 = _t89 & 0xfffffff0;
						_push(_t101);
						_t106 = _t56;
						if(__eflags != 0) {
							while(1) {
								_t67 = 0x100;
								asm("lock cmpxchg [0x4adae8], ah");
								if(__eflags == 0) {
									goto L32;
								}
								asm("pause");
								__eflags =  *0x4ad989;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									_t67 = 0x100;
									asm("lock cmpxchg [0x4adae8], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L32;
							}
						}
						L32:
						__eflags = (_t106 - 4)[_t81] & 0x00000001;
						_t87 = (_t106 - 4)[_t81];
						if(((_t106 - 4)[_t81] & 0x00000001) != 0) {
							_t67 = _t81 + _t106;
							_t88 = _t87 & 0xfffffff0;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E00403AC0(_t67);
							}
						} else {
							_t88 = _t87 | 0x00000008;
							__eflags = _t88;
							(_t106 - 4)[_t81] = _t88;
						}
						__eflags =  *(_t106 - 4) & 0x00000008;
						if(( *(_t106 - 4) & 0x00000008) != 0) {
							_t88 =  *(_t106 - 8);
							_t106 = _t106 - _t88;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E00403AC0(_t106);
							}
						}
						__eflags = _t81 - 0x13ffe0;
						if(_t81 == 0x13ffe0) {
							__eflags =  *0x4adaf0 - 0x13ffe0;
							if( *0x4adaf0 != 0x13ffe0) {
								_t82 = _t106 + 0x13ffe0;
								E00403B60(_t67);
								 *((intOrPtr*)(_t82 - 4)) = 2;
								 *0x4adaf0 = 0x13ffe0;
								 *0x4adaec = _t82;
								 *0x4adae8 = 0;
								__eflags = 0;
								return 0;
							} else {
								_t108 = _t106 - 0x10;
								_t70 =  *_t108;
								_t96 =  *(_t108 + 4);
								 *(_t70 + 4) = _t96;
								 *_t96 = _t70;
								 *0x4adae8 = 0;
								_t71 = VirtualFree(_t108, 0, 0x8000);
								__eflags = _t71 - 1;
								asm("sbb eax, eax");
								return _t71;
							}
						} else {
							 *(_t106 - 4) = _t81 + 3;
							 *(_t106 - 8 + _t81) = _t81;
							E00403B00(_t106, _t88, _t81);
							 *0x4adae8 = 0;
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = __eax;
						 *(__edx + 0x10) = __ecx;
						 *(__ecx - 4) = __eax;
						if(__eflags == 0) {
							__ecx =  *(__ebx + 8);
							 *(__edx + 0xc) = __ebx;
							 *(__edx + 8) = __ecx;
							 *(__ecx + 0xc) = __edx;
							 *(__ebx + 8) = __edx;
							 *__ebx = 0;
							__eax = 0;
							__eflags = 0;
							_pop(__ebx);
							return 0;
						} else {
							__eax = 0;
							__eflags = 0;
							 *__ebx = __al;
							_pop(__ebx);
							return 0;
						}
					}
				}
			}





























                                                                                                                                              0x0040426c
                                                                                                                                              0x0040426c
                                                                                                                                              0x00404275
                                                                                                                                              0x0040427b
                                                                                                                                              0x00404364
                                                                                                                                              0x00404367
                                                                                                                                              0x00404454
                                                                                                                                              0x00404455
                                                                                                                                              0x00404458
                                                                                                                                              0x00403cf8
                                                                                                                                              0x00403cfa
                                                                                                                                              0x00403cfc
                                                                                                                                              0x00403d01
                                                                                                                                              0x00403d04
                                                                                                                                              0x00403d09
                                                                                                                                              0x00403d0d
                                                                                                                                              0x00403d13
                                                                                                                                              0x00403d17
                                                                                                                                              0x00403d1d
                                                                                                                                              0x00403d39
                                                                                                                                              0x00403d3d
                                                                                                                                              0x00403d40
                                                                                                                                              0x00403d40
                                                                                                                                              0x00403d42
                                                                                                                                              0x00403d4a
                                                                                                                                              0x00403d57
                                                                                                                                              0x00403d5c
                                                                                                                                              0x00403d5e
                                                                                                                                              0x00403d60
                                                                                                                                              0x00403d63
                                                                                                                                              0x00403d63
                                                                                                                                              0x00403d65
                                                                                                                                              0x00403d69
                                                                                                                                              0x00403d6b
                                                                                                                                              0x00403d6d
                                                                                                                                              0x00403d6f
                                                                                                                                              0x00000000
                                                                                                                                              0x00403d6f
                                                                                                                                              0x00000000
                                                                                                                                              0x00403d6b
                                                                                                                                              0x00403d1f
                                                                                                                                              0x00403d27
                                                                                                                                              0x00403d2e
                                                                                                                                              0x00403d34
                                                                                                                                              0x00403d30
                                                                                                                                              0x00403d30
                                                                                                                                              0x00403d30
                                                                                                                                              0x00403d2e
                                                                                                                                              0x00403d73
                                                                                                                                              0x00403d75
                                                                                                                                              0x00403d7e
                                                                                                                                              0x00403d87
                                                                                                                                              0x00403d87
                                                                                                                                              0x00403d8a
                                                                                                                                              0x00403d9a
                                                                                                                                              0x0040445e
                                                                                                                                              0x00404463
                                                                                                                                              0x00404463
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00404281
                                                                                                                                              0x00404281
                                                                                                                                              0x00404283
                                                                                                                                              0x00404285
                                                                                                                                              0x004042e8
                                                                                                                                              0x004042e8
                                                                                                                                              0x004042ed
                                                                                                                                              0x004042f1
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004042f3
                                                                                                                                              0x004042f5
                                                                                                                                              0x004042fc
                                                                                                                                              0x00000000
                                                                                                                                              0x004042fe
                                                                                                                                              0x00404302
                                                                                                                                              0x00404307
                                                                                                                                              0x00404308
                                                                                                                                              0x00404309
                                                                                                                                              0x0040430e
                                                                                                                                              0x00404312
                                                                                                                                              0x0040431c
                                                                                                                                              0x00404321
                                                                                                                                              0x00404322
                                                                                                                                              0x00000000
                                                                                                                                              0x00404322
                                                                                                                                              0x00404312
                                                                                                                                              0x00000000
                                                                                                                                              0x004042fc
                                                                                                                                              0x004042e8
                                                                                                                                              0x00404287
                                                                                                                                              0x00404287
                                                                                                                                              0x00404287
                                                                                                                                              0x00404287
                                                                                                                                              0x0040428b
                                                                                                                                              0x0040428e
                                                                                                                                              0x004042bc
                                                                                                                                              0x004042be
                                                                                                                                              0x004042d3
                                                                                                                                              0x004042d3
                                                                                                                                              0x004042c0
                                                                                                                                              0x004042c0
                                                                                                                                              0x004042c3
                                                                                                                                              0x004042c6
                                                                                                                                              0x004042c9
                                                                                                                                              0x004042cc
                                                                                                                                              0x004042ce
                                                                                                                                              0x004042d1
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004042d1
                                                                                                                                              0x004042d6
                                                                                                                                              0x004042d8
                                                                                                                                              0x004042da
                                                                                                                                              0x004042dd
                                                                                                                                              0x0040436d
                                                                                                                                              0x00404370
                                                                                                                                              0x00404372
                                                                                                                                              0x00404374
                                                                                                                                              0x00404375
                                                                                                                                              0x00404377
                                                                                                                                              0x00404328
                                                                                                                                              0x00404328
                                                                                                                                              0x0040432d
                                                                                                                                              0x00404335
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00404337
                                                                                                                                              0x00404339
                                                                                                                                              0x00404340
                                                                                                                                              0x00000000
                                                                                                                                              0x00404342
                                                                                                                                              0x00404344
                                                                                                                                              0x00404349
                                                                                                                                              0x0040434e
                                                                                                                                              0x00404356
                                                                                                                                              0x0040435a
                                                                                                                                              0x00000000
                                                                                                                                              0x0040435a
                                                                                                                                              0x00404356
                                                                                                                                              0x00000000
                                                                                                                                              0x00404340
                                                                                                                                              0x00404328
                                                                                                                                              0x00404379
                                                                                                                                              0x00404379
                                                                                                                                              0x00404381
                                                                                                                                              0x00404385
                                                                                                                                              0x004043bc
                                                                                                                                              0x004043bf
                                                                                                                                              0x004043c2
                                                                                                                                              0x004043c4
                                                                                                                                              0x004043ca
                                                                                                                                              0x004043cc
                                                                                                                                              0x004043cc
                                                                                                                                              0x00404387
                                                                                                                                              0x00404387
                                                                                                                                              0x00404387
                                                                                                                                              0x0040438a
                                                                                                                                              0x0040438a
                                                                                                                                              0x0040438e
                                                                                                                                              0x00404392
                                                                                                                                              0x004043d4
                                                                                                                                              0x004043d7
                                                                                                                                              0x004043d9
                                                                                                                                              0x004043db
                                                                                                                                              0x004043e1
                                                                                                                                              0x004043e5
                                                                                                                                              0x004043e5
                                                                                                                                              0x004043e1
                                                                                                                                              0x00404394
                                                                                                                                              0x0040439a
                                                                                                                                              0x004043ec
                                                                                                                                              0x004043f6
                                                                                                                                              0x00404424
                                                                                                                                              0x0040442a
                                                                                                                                              0x0040442f
                                                                                                                                              0x00404436
                                                                                                                                              0x00404440
                                                                                                                                              0x00404446
                                                                                                                                              0x0040444d
                                                                                                                                              0x00404451
                                                                                                                                              0x004043f8
                                                                                                                                              0x004043f8
                                                                                                                                              0x004043fb
                                                                                                                                              0x004043fd
                                                                                                                                              0x00404400
                                                                                                                                              0x00404403
                                                                                                                                              0x00404405
                                                                                                                                              0x00404414
                                                                                                                                              0x00404419
                                                                                                                                              0x0040441c
                                                                                                                                              0x00404420
                                                                                                                                              0x00404420
                                                                                                                                              0x0040439c
                                                                                                                                              0x0040439f
                                                                                                                                              0x004043a2
                                                                                                                                              0x004043aa
                                                                                                                                              0x004043af
                                                                                                                                              0x004043b6
                                                                                                                                              0x004043ba
                                                                                                                                              0x004043ba
                                                                                                                                              0x00404290
                                                                                                                                              0x00404290
                                                                                                                                              0x00404292
                                                                                                                                              0x00404298
                                                                                                                                              0x0040429b
                                                                                                                                              0x004042a4
                                                                                                                                              0x004042a7
                                                                                                                                              0x004042aa
                                                                                                                                              0x004042ad
                                                                                                                                              0x004042b0
                                                                                                                                              0x004042b3
                                                                                                                                              0x004042b6
                                                                                                                                              0x004042b6
                                                                                                                                              0x004042b8
                                                                                                                                              0x004042b9
                                                                                                                                              0x0040429d
                                                                                                                                              0x0040429d
                                                                                                                                              0x0040429d
                                                                                                                                              0x0040429f
                                                                                                                                              0x004042a1
                                                                                                                                              0x004042a2
                                                                                                                                              0x004042a2
                                                                                                                                              0x0040429b
                                                                                                                                              0x0040428e

                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,00000000,0040BEB4,0040BF1A,?,00000000,?,?,0040C23D,00000000,?,00000000,0040C73E,00000000), ref: 00404302
                                                                                                                                              • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,0040BEB4,0040BF1A,?,00000000,?,?,0040C23D,00000000,?,00000000,0040C73E), ref: 0040431C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Sleep
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3472027048-0
                                                                                                                                              • Opcode ID: 6990eeb09af798ff89c122cab0389b867fa95b1857629a1b42165b3db1f08a53
                                                                                                                                              • Instruction ID: 42852a627608553f2d1d5efabc9574773b40d1f12e789e067a733302d184c96b
                                                                                                                                              • Opcode Fuzzy Hash: 6990eeb09af798ff89c122cab0389b867fa95b1857629a1b42165b3db1f08a53
                                                                                                                                              • Instruction Fuzzy Hash: 4071F1B17042008BE715DF29C884B16BFD8AF86715F1882BFE945AB3D2D6B8CD41C789
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004A80CC, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 165windowCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                              			E004A80CC(void* __ebx, void* __edi, void* __esi, void* __fp0) {
				intOrPtr _t26;
				intOrPtr _t31;
				intOrPtr _t37;
				intOrPtr _t38;
				intOrPtr _t42;
				intOrPtr _t44;
				intOrPtr _t47;
				intOrPtr _t51;
				intOrPtr _t53;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr _t59;
				intOrPtr _t61;
				WCHAR* _t63;
				intOrPtr _t69;
				intOrPtr _t74;
				int _t75;
				intOrPtr _t76;
				intOrPtr _t78;
				struct HWND__* _t81;
				intOrPtr _t82;
				intOrPtr _t86;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t99;
				intOrPtr _t101;
				intOrPtr _t107;
				intOrPtr _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				void* _t120;
				intOrPtr _t121;

				_t119 = __esi;
				_t118 = __edi;
				_t85 = __ebx;
				_pop(_t101);
				_pop(_t88);
				 *[fs:eax] = _t101;
				E004A138C(_t88);
				if( *0x4ac440 == 0) {
					if(( *0x4b3701 & 0x00000001) == 0 &&  *0x4ac441 == 0) {
						_t61 =  *0x4ac674; // 0x4b2d04
						_t4 = _t61 + 0x2b4; // 0x0
						_t63 = E004084C8( *_t4);
						_t88 = _t120 - 0x28;
						_t101 =  *0x4b35d8; // 0x0
						E00426DFC(0xb1, _t120 - 0x28, _t101);
						if(MessageBoxW(0, E004084C8( *((intOrPtr*)(_t120 - 0x28))), _t63, 0x24) != 6) {
							 *0x4ac44c = 2;
							E0041F358();
						}
					}
					E004056B0();
					E004A0D04(_t120 - 0x2c, _t85, _t101, _t118, _t119); // executed
					E00407DD4(0x4b3724,  *((intOrPtr*)(_t120 - 0x2c)));
					_t26 =  *0x4b3714; // 0x0
					E00422848(_t26, _t88, _t120 - 0x34);
					E004225BC( *((intOrPtr*)(_t120 - 0x34)), _t85, _t120 - 0x30, L".tmp", _t118, _t119);
					_push( *((intOrPtr*)(_t120 - 0x30)));
					_t31 =  *0x4b3724; // 0x0
					E00422554(_t31, _t120 - 0x38);
					_pop(_t90);
					E0040871C(0x4b3728, _t90,  *((intOrPtr*)(_t120 - 0x38)));
					_t107 =  *0x4b3728; // 0x0
					E00407DD4(0x4b372c, _t107);
					_t37 =  *0x4b3720; // 0x4d4678
					_t15 = _t37 + 0x14; // 0x3fcfead
					_t38 =  *0x4b3718; // 0x0
					E00423BDC(_t38,  *_t15);
					_push(_t120);
					_push(0x4a838d);
					_push( *[fs:edx]);
					 *[fs:edx] = _t121;
					 *0x4b3770 = 0;
					_t42 = E00423BF4(1, 0, 1, 0); // executed
					 *0x4b371c = _t42;
					_push(_t120);
					_push(0x4a837c);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					_t44 =  *0x4b3720; // 0x4d4678
					_t16 = _t44 + 0x18; // 0x285888
					 *0x4b3770 = E004053F0( *_t16);
					_t47 =  *0x4b3720; // 0x4d4678
					_t17 = _t47 + 0x18; // 0x285888
					_t86 =  *0x4b3770; // 0x7fc20010
					E00405864(_t86,  *_t17);
					_push(_t120);
					_push(0x4a82cb);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					_t51 =  *0x424bcc; // 0x424c24
					_t93 =  *0x4b3718; // 0x0
					_t53 = E0042463C(_t93, 1, _t51); // executed
					 *0x4b3774 = _t53;
					_push(_t120);
					_push(0x4a82ba);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					_t55 =  *0x4b3720; // 0x4d4678
					_t18 = _t55 + 0x18; // 0x285888
					_t56 =  *0x4b3774; // 0x2713da0
					E00424918(_t56,  *_t18, _t86);
					_pop(_t114);
					 *[fs:eax] = _t114;
					_push(E004A82C1);
					_t59 =  *0x4b3774; // 0x2713da0
					return E00405CC8(_t59);
				} else {
					_t69 =  *0x4ac674; // 0x4b2d04
					_t1 = _t69 + 0x18c; // 0x0
					E004A1754( *_t1, __ebx, __edi, __esi);
					 *0x4ac44c = 0;
					_pop(_t115);
					 *[fs:eax] = _t115;
					_push(E004A8534);
					_t74 =  *0x4b3718; // 0x0
					_t75 = E00405CC8(_t74);
					if( *0x4b372c != 0) {
						_t117 =  *0x4b372c; // 0x0
						_t75 = E004A0ECC(0, _t117, 0xfa, 0x32); // executed
					}
					if( *0x4b3724 != 0) {
						_t82 =  *0x4b3724; // 0x0
						_t75 = RemoveDirectoryW(E004084C8(_t82)); // executed
					}
					if( *0x4ac450 != 0) {
						_t81 =  *0x4ac450; // 0x50230
						_t75 = DestroyWindow(_t81); // executed
					}
					if( *0x4b3708 != 0) {
						_t76 =  *0x4b3708; // 0x0
						_t99 =  *0x4b370c; // 0xa
						_t116 =  *0x426aa4; // 0x426aa8
						E00408DAC(_t76, _t99, _t116);
						_t78 =  *0x4b3708; // 0x0
						E0040540C(_t78);
						 *0x4b3708 = 0;
						return 0;
					}
					return _t75;
				}
			}




































                                                                                                                                              0x004a80cc
                                                                                                                                              0x004a80cc
                                                                                                                                              0x004a80cc
                                                                                                                                              0x004a80ce
                                                                                                                                              0x004a80d0
                                                                                                                                              0x004a80d1
                                                                                                                                              0x004a80f1
                                                                                                                                              0x004a80fd
                                                                                                                                              0x004a8122
                                                                                                                                              0x004a812f
                                                                                                                                              0x004a8134
                                                                                                                                              0x004a813a
                                                                                                                                              0x004a8140
                                                                                                                                              0x004a8143
                                                                                                                                              0x004a814b
                                                                                                                                              0x004a8163
                                                                                                                                              0x004a8165
                                                                                                                                              0x004a816f
                                                                                                                                              0x004a816f
                                                                                                                                              0x004a8163
                                                                                                                                              0x004a8174
                                                                                                                                              0x004a817c
                                                                                                                                              0x004a8189
                                                                                                                                              0x004a8191
                                                                                                                                              0x004a8196
                                                                                                                                              0x004a81a6
                                                                                                                                              0x004a81ae
                                                                                                                                              0x004a81b2
                                                                                                                                              0x004a81b7
                                                                                                                                              0x004a81c4
                                                                                                                                              0x004a81c5
                                                                                                                                              0x004a81cf
                                                                                                                                              0x004a81d5
                                                                                                                                              0x004a81da
                                                                                                                                              0x004a81df
                                                                                                                                              0x004a81e2
                                                                                                                                              0x004a81e7
                                                                                                                                              0x004a81ee
                                                                                                                                              0x004a81ef
                                                                                                                                              0x004a81f4
                                                                                                                                              0x004a81f7
                                                                                                                                              0x004a81fc
                                                                                                                                              0x004a8214
                                                                                                                                              0x004a8219
                                                                                                                                              0x004a8220
                                                                                                                                              0x004a8221
                                                                                                                                              0x004a8226
                                                                                                                                              0x004a8229
                                                                                                                                              0x004a822c
                                                                                                                                              0x004a8231
                                                                                                                                              0x004a8239
                                                                                                                                              0x004a823e
                                                                                                                                              0x004a8243
                                                                                                                                              0x004a8246
                                                                                                                                              0x004a8250
                                                                                                                                              0x004a8257
                                                                                                                                              0x004a8258
                                                                                                                                              0x004a825d
                                                                                                                                              0x004a8260
                                                                                                                                              0x004a8263
                                                                                                                                              0x004a8269
                                                                                                                                              0x004a8276
                                                                                                                                              0x004a827b
                                                                                                                                              0x004a8282
                                                                                                                                              0x004a8283
                                                                                                                                              0x004a8288
                                                                                                                                              0x004a828b
                                                                                                                                              0x004a828e
                                                                                                                                              0x004a8293
                                                                                                                                              0x004a8298
                                                                                                                                              0x004a829d
                                                                                                                                              0x004a82a4
                                                                                                                                              0x004a82a7
                                                                                                                                              0x004a82aa
                                                                                                                                              0x004a82af
                                                                                                                                              0x004a82b9
                                                                                                                                              0x004a80ff
                                                                                                                                              0x004a80ff
                                                                                                                                              0x004a8104
                                                                                                                                              0x004a810a
                                                                                                                                              0x004a8111
                                                                                                                                              0x004a8495
                                                                                                                                              0x004a8498
                                                                                                                                              0x004a849b
                                                                                                                                              0x004a84a0
                                                                                                                                              0x004a84a5
                                                                                                                                              0x004a84b1
                                                                                                                                              0x004a84bf
                                                                                                                                              0x004a84c7
                                                                                                                                              0x004a84c7
                                                                                                                                              0x004a84d3
                                                                                                                                              0x004a84d5
                                                                                                                                              0x004a84e0
                                                                                                                                              0x004a84e0
                                                                                                                                              0x004a84ec
                                                                                                                                              0x004a84ee
                                                                                                                                              0x004a84f4
                                                                                                                                              0x004a84f4
                                                                                                                                              0x004a8500
                                                                                                                                              0x004a8502
                                                                                                                                              0x004a8507
                                                                                                                                              0x004a850d
                                                                                                                                              0x004a8513
                                                                                                                                              0x004a8518
                                                                                                                                              0x004a851d
                                                                                                                                              0x004a8524
                                                                                                                                              0x00000000
                                                                                                                                              0x004a8524
                                                                                                                                              0x004a8529
                                                                                                                                              0x004a8529

                                                                                                                                              APIs
                                                                                                                                              • MessageBoxW.USER32(00000000,00000000,00000000,00000024), ref: 004A815B
                                                                                                                                                • Part of subcall function 004A1754: MessageBoxW.USER32(00000000,00000000,Setup,00000010), ref: 004A17BE
                                                                                                                                              • RemoveDirectoryW.KERNEL32(00000000,004A8534), ref: 004A84E0
                                                                                                                                              • DestroyWindow.USER32(00050230,004A8534), ref: 004A84F4
                                                                                                                                                • Part of subcall function 004A0ECC: Sleep.KERNEL32(?,?,?,?,0000000D,?,004A84CC,000000FA,00000032,004A8534), ref: 004A0EEB
                                                                                                                                                • Part of subcall function 004A0ECC: GetLastError.KERNEL32(?,?,?,0000000D,?,004A84CC,000000FA,00000032,004A8534), ref: 004A0F0E
                                                                                                                                                • Part of subcall function 004A0ECC: GetLastError.KERNEL32(?,?,?,0000000D,?,004A84CC,000000FA,00000032,004A8534), ref: 004A0F18
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLastMessage$DestroyDirectoryRemoveSleepWindow
                                                                                                                                              • String ID: $LB$.tmp$xFM
                                                                                                                                              • API String ID: 3858953238-2608661962
                                                                                                                                              • Opcode ID: f43bd58ab390326026b5c830374453e98346b79b57d4fe5b5190d731510edfc5
                                                                                                                                              • Instruction ID: f755fe4bfd509cc25c2ddd0c8339d8558b2a0affd53895b10bdf613ffe7a07dc
                                                                                                                                              • Opcode Fuzzy Hash: f43bd58ab390326026b5c830374453e98346b79b57d4fe5b5190d731510edfc5
                                                                                                                                              • Instruction Fuzzy Hash: 92615BF4640240AFDB11EF6AEC92A567BE5E75A305F50867AF800973A1CE38AD41CB1C
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004A143C, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77processCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              C-Code - Quality: 61%
                                                                                                                                              			E004A143C(void* __eax, void* __ebx, DWORD* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				struct _STARTUPINFOW _v76;
				void* _v88;
				void* _v92;
				int _t23;
				intOrPtr _t49;
				DWORD* _t51;
				void* _t56;

				_v8 = 0;
				_t51 = __ecx;
				_t53 = __edx;
				_t41 = __eax;
				_push(_t56);
				_push(0x4a1511);
				_push( *[fs:eax]);
				 *[fs:eax] = _t56 + 0xffffffa8;
				_push(0x4a152c);
				_push(__eax);
				_push(E004A153C);
				_push(__edx);
				E004087A4( &_v8, __eax, 4, __ecx, __edx);
				E00405864( &_v76, 0x44);
				_v76.cb = 0x44;
				_t23 = CreateProcessW(0, E004084C8(_v8), 0, 0, 0, 0, 0, 0,  &_v76,  &_v92); // executed
				_t58 = _t23;
				if(_t23 == 0) {
					E004A1064(0x72, _t41, 0, _t53, _t58);
				}
				CloseHandle(_v88);
				do {
					E004A1410();
				} while (MsgWaitForMultipleObjects(1,  &_v92, 0, 0xffffffff, 0x4ff) == 1);
				E004A1410();
				GetExitCodeProcess(_v92, _t51); // executed
				CloseHandle(_v92);
				_pop(_t49);
				 *[fs:eax] = _t49;
				_push(E004A1518);
				return E004079F4( &_v8);
			}











                                                                                                                                              0x004a1447
                                                                                                                                              0x004a144a
                                                                                                                                              0x004a144c
                                                                                                                                              0x004a144e
                                                                                                                                              0x004a1452
                                                                                                                                              0x004a1453
                                                                                                                                              0x004a1458
                                                                                                                                              0x004a145b
                                                                                                                                              0x004a145e
                                                                                                                                              0x004a1463
                                                                                                                                              0x004a1464
                                                                                                                                              0x004a1469
                                                                                                                                              0x004a1472
                                                                                                                                              0x004a1481
                                                                                                                                              0x004a1486
                                                                                                                                              0x004a14ac
                                                                                                                                              0x004a14b1
                                                                                                                                              0x004a14b3
                                                                                                                                              0x004a14b7
                                                                                                                                              0x004a14b7
                                                                                                                                              0x004a14c0
                                                                                                                                              0x004a14c5
                                                                                                                                              0x004a14c5
                                                                                                                                              0x004a14de
                                                                                                                                              0x004a14e3
                                                                                                                                              0x004a14ed
                                                                                                                                              0x004a14f6
                                                                                                                                              0x004a14fd
                                                                                                                                              0x004a1500
                                                                                                                                              0x004a1503
                                                                                                                                              0x004a1510

                                                                                                                                              APIs
                                                                                                                                              • CreateProcessW.KERNEL32 ref: 004A14AC
                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004A153C,00000000,004A152C,00000000), ref: 004A14C0
                                                                                                                                              • MsgWaitForMultipleObjects.USER32 ref: 004A14D9
                                                                                                                                              • GetExitCodeProcess.KERNEL32 ref: 004A14ED
                                                                                                                                              • CloseHandle.KERNEL32(?,?,004AC44C,00000001,?,00000000,000000FF,000004FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004A14F6
                                                                                                                                                • Part of subcall function 004A1064: GetLastError.KERNEL32(00000000,004A110B,?,?,00000000), ref: 004A1087
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
                                                                                                                                              • String ID: D
                                                                                                                                              • API String ID: 3356880605-2746444292
                                                                                                                                              • Opcode ID: 3f53cdb1fe7aa8bb8f06de78268ae7764ae86d97b50b59418d3b709dbb49c709
                                                                                                                                              • Instruction ID: 47d237310cf9ec714f0c62a9dd1f60edaf51b76bd8e3ac122ecf0cee1fcf75e2
                                                                                                                                              • Opcode Fuzzy Hash: 3f53cdb1fe7aa8bb8f06de78268ae7764ae86d97b50b59418d3b709dbb49c709
                                                                                                                                              • Instruction Fuzzy Hash: 6211A571A442087ADB00EBE68C42F9F7BACDF59714F50453BB604E72D2DA789900862D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004A7A8C, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 56COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              C-Code - Quality: 60%
                                                                                                                                              			E004A7A8C(void* __ebx, void* __ecx, void* __edx, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _t16;
				intOrPtr _t32;
				intOrPtr _t41;

				_t27 = __ebx;
				_push(0);
				_push(0);
				_push(0);
				_push(_t41);
				_push(0x4a7b56);
				_push( *[fs:eax]);
				 *[fs:eax] = _t41;
				 *0x4b30d4 =  *0x4b30d4 - 1;
				if( *0x4b30d4 < 0) {
					 *0x4b30d8 = E0040E4A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"Wow64DisableWow64FsRedirection");
					 *0x4b30dc = E0040E4A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"Wow64RevertWow64FsRedirection");
					if( *0x4b30d8 == 0 ||  *0x4b30dc == 0) {
						_t16 = 0;
					} else {
						_t16 = 1;
					}
					 *0x4b30e0 = _t16;
					E00422C38( &_v12);
					E00422554(_v12,  &_v8);
					E004086C4( &_v8, L"shell32.dll");
					E00421124(_v8, _t27, 0x8000); // executed
					E004231E0(0x4c783afb,  &_v16);
				}
				_pop(_t32);
				 *[fs:eax] = _t32;
				_push(0x4a7b5d);
				return E00407A54( &_v16, 3);
			}









                                                                                                                                              0x004a7a8c
                                                                                                                                              0x004a7a8f
                                                                                                                                              0x004a7a91
                                                                                                                                              0x004a7a93
                                                                                                                                              0x004a7a97
                                                                                                                                              0x004a7a98
                                                                                                                                              0x004a7a9d
                                                                                                                                              0x004a7aa0
                                                                                                                                              0x004a7aa3
                                                                                                                                              0x004a7aaa
                                                                                                                                              0x004a7ac5
                                                                                                                                              0x004a7adf
                                                                                                                                              0x004a7aeb
                                                                                                                                              0x004a7af6
                                                                                                                                              0x004a7afa
                                                                                                                                              0x004a7afa
                                                                                                                                              0x004a7afa
                                                                                                                                              0x004a7afc
                                                                                                                                              0x004a7b04
                                                                                                                                              0x004a7b0f
                                                                                                                                              0x004a7b1c
                                                                                                                                              0x004a7b29
                                                                                                                                              0x004a7b36
                                                                                                                                              0x004a7b36
                                                                                                                                              0x004a7b3d
                                                                                                                                              0x004a7b40
                                                                                                                                              0x004a7b43
                                                                                                                                              0x004a7b55

                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004A7B56,?,00000000,00000000,00000000), ref: 004A7ABA
                                                                                                                                                • Part of subcall function 0040E4A8: GetProcAddress.KERNEL32(?,0B), ref: 0040E4D2
                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004A7B56,?,00000000,00000000,00000000), ref: 004A7AD4
                                                                                                                                                • Part of subcall function 0040E4A8: GetProcAddress.KERNEL32(?,00000000), ref: 0040E50B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                              • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                                                                                                              • API String ID: 1646373207-2130885113
                                                                                                                                              • Opcode ID: d416b1431fee2575f17526f7277d42f002a328a02d6f7a5176ac1df516150c71
                                                                                                                                              • Instruction ID: 2c4302aebef363acd514d918e3102629efdcfdb161d7c116b5a2cbd6c4c890f7
                                                                                                                                              • Opcode Fuzzy Hash: d416b1431fee2575f17526f7277d42f002a328a02d6f7a5176ac1df516150c71
                                                                                                                                              • Instruction Fuzzy Hash: 8B118270708204BFD720FB67DC52B5D77A4DB6A708FA0887BE40066291DA7C6A459A3D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00403EE8, Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 313 403ee8-403efa 314 403f00-403f10 313->314 315 404148-40414d 313->315 316 403f12-403f1f 314->316 317 403f68-403f71 314->317 318 404260-404263 315->318 319 404153-404164 315->319 324 403f21-403f2e 316->324 325 403f38-403f44 316->325 317->316 326 403f73-403f7f 317->326 322 403c94-403cbd VirtualAlloc 318->322 323 404269-40426b 318->323 320 404166-404182 319->320 321 40410c-404119 319->321 327 404190-40419f 320->327 328 404184-40418c 320->328 321->320 333 40411b-404124 321->333 329 403cef-403cf5 322->329 330 403cbf-403cec call 403c48 322->330 331 403f30-403f34 324->331 332 403f58-403f65 324->332 334 403f46-403f54 325->334 335 403fbc-403fc5 325->335 326->316 336 403f81-403f8d 326->336 340 4041a1-4041b5 327->340 341 4041b8-4041c0 327->341 338 4041ec-404202 328->338 330->329 333->321 344 404126-40413a Sleep 333->344 342 404000-40400a 335->342 343 403fc7-403fd4 335->343 336->316 337 403f8f-403f9b 336->337 337->317 345 403f9d-403fad Sleep 337->345 352 404204-404212 338->352 353 40421b-404227 338->353 340->338 347 4041c2-4041da 341->347 348 4041dc-4041de call 403bcc 341->348 350 40407c-404088 342->350 351 40400c-404037 342->351 343->342 349 403fd6-403fdf 343->349 344->320 354 40413c-404143 Sleep 344->354 345->316 357 403fb3-403fba Sleep 345->357 358 4041e3-4041eb 347->358 348->358 349->343 359 403fe1-403ff5 Sleep 349->359 355 4040b0-4040bf call 403bcc 350->355 356 40408a-40409c 350->356 361 404050-40405e 351->361 362 404039-404047 351->362 352->353 363 404214 352->363 364 404248 353->364 365 404229-40423c 353->365 354->321 375 4040d1-40410a 355->375 380 4040c1-4040cb 355->380 366 4040a0-4040ae 356->366 367 40409e 356->367 357->317 359->342 370 403ff7-403ffe Sleep 359->370 372 404060-40407a call 403b00 361->372 373 4040cc 361->373 362->361 371 404049 362->371 363->353 368 40424d-40425f 364->368 365->368 374 40423e-404243 call 403b00 365->374 366->375 367->366 370->343 371->361 372->375 373->375 374->368
                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                              			E00403EE8(signed int __eax) {
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* _t96;
				void** _t99;
				signed int _t104;
				signed int _t109;
				signed int _t110;
				intOrPtr* _t114;
				void* _t116;
				void* _t121;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				unsigned int _t141;
				signed int _t142;
				void* _t144;
				void* _t147;
				intOrPtr _t148;
				signed int _t150;
				long _t156;
				intOrPtr _t159;
				signed int _t162;

				_t95 = __eax;
				_t129 =  *0x4ad059; // 0x0
				if(__eax > 0xa2c) {
					__eflags = __eax - 0x40a2c;
					if(__eax > 0x40a2c) {
						_pop(_t120);
						__eflags = __eax;
						if(__eax >= 0) {
							_push(_t120);
							_t162 = __eax;
							_t2 = _t162 + 0x10010; // 0x10110
							_t156 = _t2 - 0x00000001 + 0x00000004 & 0xffff0000;
							_t96 = VirtualAlloc(0, _t156, 0x101000, 4); // executed
							_t121 = _t96;
							if(_t121 != 0) {
								_t147 = _t121;
								 *((intOrPtr*)(_t147 + 8)) = _t162;
								 *(_t147 + 0xc) = _t156 | 0x00000004;
								E00403C48();
								_t99 =  *0x4afb80; // 0x4afb7c
								 *_t147 = 0x4afb7c;
								 *0x4afb80 = _t121;
								 *(_t147 + 4) = _t99;
								 *_t99 = _t121;
								 *0x4afb78 = 0;
								_t121 = _t121 + 0x10;
							}
							return _t121;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t67 = _t95 + 0xd3; // 0x1d3
						_t125 = (_t67 & 0xffffff00) + 0x30;
						__eflags = _t129;
						if(__eflags != 0) {
							while(1) {
								asm("lock cmpxchg [0x4adae8], ah");
								if(__eflags == 0) {
									goto L42;
								}
								asm("pause");
								__eflags =  *0x4ad989;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									asm("lock cmpxchg [0x4adae8], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L42;
							}
						}
						L42:
						_t68 = _t125 - 0xb30; // -2445
						_t141 = _t68;
						_t142 = _t141 >> 0xd;
						_t131 = _t141 >> 8;
						_t104 = 0xffffffff << _t131 &  *(0x4adaf8 + _t142 * 4);
						__eflags = 0xffffffff;
						if(0xffffffff == 0) {
							_t132 = _t142;
							__eflags = 0xfffffffe << _t132 &  *0x4adaf4;
							if((0xfffffffe << _t132 &  *0x4adaf4) == 0) {
								_t133 =  *0x4adaf0; // 0x0
								_t134 = _t133 - _t125;
								__eflags = _t134;
								if(_t134 < 0) {
									_t109 = E00403BCC(_t125);
								} else {
									_t110 =  *0x4adaec; // 0x2703c70
									_t109 = _t110 - _t125;
									 *0x4adaec = _t109;
									 *0x4adaf0 = _t134;
									 *(_t109 - 4) = _t125 | 0x00000002;
								}
								 *0x4adae8 = 0;
								return _t109;
							} else {
								asm("bsf edx, eax");
								asm("bsf ecx, eax");
								_t135 = _t132 | _t142 << 0x00000005;
								goto L50;
							}
						} else {
							asm("bsf eax, eax");
							_t135 = _t131 & 0xffffffe0 | _t104;
							L50:
							_push(_t152);
							_push(_t145);
							_t148 = 0x4adb78 + _t135 * 8;
							_t159 =  *((intOrPtr*)(_t148 + 4));
							_t114 =  *((intOrPtr*)(_t159 + 4));
							 *((intOrPtr*)(_t148 + 4)) = _t114;
							 *_t114 = _t148;
							__eflags = _t148 - _t114;
							if(_t148 == _t114) {
								asm("rol eax, cl");
								_t80 = 0x4adaf8 + _t142 * 4;
								 *_t80 =  *(0x4adaf8 + _t142 * 4) & 0xfffffffe;
								__eflags =  *_t80;
								if( *_t80 == 0) {
									asm("btr [0x4adaf4], edx");
								}
							}
							_t150 = 0xfffffff0 &  *(_t159 - 4);
							_t144 = 0xfffffff0 - _t125;
							__eflags = 0xfffffff0;
							if(0xfffffff0 == 0) {
								_t89 =  &((_t159 - 4)[0xfffffffffffffffc]);
								 *_t89 =  *(_t159 - 4 + _t150) & 0x000000f7;
								__eflags =  *_t89;
							} else {
								_t116 = _t125 + _t159;
								 *((intOrPtr*)(_t116 - 4)) = 0xfffffffffffffff3;
								 *(0xfffffff0 + _t116 - 8) = 0xfffffff0;
								__eflags = 0xfffffff0 - 0xb30;
								if(0xfffffff0 >= 0xb30) {
									E00403B00(_t116, 0xfffffffffffffff3, _t144);
								}
							}
							_t93 = _t125 + 2; // 0x1a5
							 *(_t159 - 4) = _t93;
							 *0x4adae8 = 0;
							return _t159;
						}
					}
				} else {
					__eflags = __cl;
					_t6 = __edx + 0x4ad990; // 0xc8c8c8c8
					__eax =  *_t6 & 0x000000ff;
					__ebx = 0x4a9080 + ( *_t6 & 0x000000ff) * 8;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L5;
							}
							__ebx = __ebx + 0x20;
							__eflags = __ebx;
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__ebx != 0) {
								__ebx = __ebx + 0x20;
								__eflags = __ebx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__ebx != 0) {
									__ebx = __ebx - 0x40;
									asm("pause");
									__eflags =  *0x4ad989;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [ebx], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
								}
							}
							goto L5;
						}
					}
					L5:
					__edx =  *(__ebx + 8);
					__eax =  *(__edx + 0x10);
					__ecx = 0xfffffff8;
					__eflags = __edx - __ebx;
					if(__edx == __ebx) {
						__edx =  *(__ebx + 0x18);
						__ecx =  *(__ebx + 2) & 0x0000ffff;
						__ecx = ( *(__ebx + 2) & 0x0000ffff) + __eax;
						__eflags = __eax -  *(__ebx + 0x14);
						if(__eax >  *(__ebx + 0x14)) {
							_push(__esi);
							_push(__edi);
							__eflags =  *0x4ad059;
							if(__eflags != 0) {
								while(1) {
									__eax = 0x100;
									asm("lock cmpxchg [0x4adae8], ah");
									if(__eflags == 0) {
										goto L22;
									}
									asm("pause");
									__eflags =  *0x4ad989;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [0x4adae8], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
									goto L22;
								}
							}
							L22:
							 *(__ebx + 1) =  *(__ebx + 1) &  *0x4adaf4;
							__eflags =  *(__ebx + 1) &  *0x4adaf4;
							if(( *(__ebx + 1) &  *0x4adaf4) == 0) {
								__ecx =  *(__ebx + 4) & 0x0000ffff;
								__edi =  *0x4adaf0; // 0x0
								__eflags = __edi - ( *(__ebx + 4) & 0x0000ffff);
								if(__edi < ( *(__ebx + 4) & 0x0000ffff)) {
									__eax =  *(__ebx + 6) & 0x0000ffff;
									__edi = __eax;
									__eax = E00403BCC(__eax);
									__esi = __eax;
									__eflags = __eax;
									if(__eax != 0) {
										goto L35;
									} else {
										 *0x4adae8 = __al;
										 *__ebx = __al;
										_pop(__edi);
										_pop(__esi);
										_pop(__ebx);
										return __eax;
									}
								} else {
									__esi =  *0x4adaec; // 0x2703c70
									__ecx =  *(__ebx + 6) & 0x0000ffff;
									__edx = __ecx + 0xb30;
									__eflags = __edi - __ecx + 0xb30;
									if(__edi >= __ecx + 0xb30) {
										__edi = __ecx;
									}
									__esi = __esi - __edi;
									 *0x4adaf0 =  *0x4adaf0 - __edi;
									 *0x4adaec = __esi;
									goto L35;
								}
							} else {
								asm("bsf eax, esi");
								__esi = __eax * 8;
								__ecx =  *(0x4adaf8 + __eax * 4);
								asm("bsf ecx, ecx");
								__ecx =  *(0x4adaf8 + __eax * 4) + __eax * 8 * 4;
								__edi = 0x4adb78 + ( *(0x4adaf8 + __eax * 4) + __eax * 8 * 4) * 8;
								__esi =  *(__edi + 4);
								__edx =  *(__esi + 4);
								 *(__edi + 4) = __edx;
								 *__edx = __edi;
								__eflags = __edi - __edx;
								if(__edi == __edx) {
									__edx = 0xfffffffe;
									asm("rol edx, cl");
									_t38 = 0x4adaf8 + __eax * 4;
									 *_t38 =  *(0x4adaf8 + __eax * 4) & 0xfffffffe;
									__eflags =  *_t38;
									if( *_t38 == 0) {
										asm("btr [0x4adaf4], eax");
									}
								}
								__edi = 0xfffffff0;
								__edi = 0xfffffff0 &  *(__esi - 4);
								__eflags = 0xfffffff0 - 0x10a60;
								if(0xfffffff0 < 0x10a60) {
									_t52 =  &((__esi - 4)[0xfffffffffffffffc]);
									 *_t52 = (__esi - 4)[0xfffffffffffffffc] & 0x000000f7;
									__eflags =  *_t52;
								} else {
									__edx = __edi;
									__edi =  *(__ebx + 6) & 0x0000ffff;
									__edx = __edx - __edi;
									__eax = __edi + __esi;
									__ecx = __edx + 3;
									 *(__eax - 4) = __ecx;
									 *(__edx + __eax - 8) = __edx;
									__eax = E00403B00(__eax, __ecx, __edx);
								}
								L35:
								_t56 = __edi + 6; // 0x6
								__ecx = _t56;
								 *(__esi - 4) = _t56;
								__eax = 0;
								 *0x4adae8 = __al;
								 *__esi = __ebx;
								 *((intOrPtr*)(__esi + 0x10)) = 0;
								 *((intOrPtr*)(__esi + 0x14)) = 1;
								 *(__ebx + 0x18) = __esi;
								_t61 = __esi + 0x20; // 0x2703c90
								__eax = _t61;
								__ecx =  *(__ebx + 2) & 0x0000ffff;
								__edx = __ecx + __eax;
								 *(__ebx + 0x10) = __ecx + __eax;
								__edi = __edi + __esi;
								__edi = __edi - __ecx;
								__eflags = __edi;
								 *(__ebx + 0x14) = __edi;
								 *__ebx = 0;
								 *(__eax - 4) = __esi;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __eax;
							}
						} else {
							_t19 = __edx + 0x14;
							 *_t19 =  *(__edx + 0x14) + 1;
							__eflags =  *_t19;
							 *(__ebx + 0x10) = __ecx;
							 *__ebx = 0;
							 *(__eax - 4) = __edx;
							_pop(__ebx);
							return __eax;
						}
					} else {
						 *(__edx + 0x14) =  *(__edx + 0x14) + 1;
						__ecx = 0xfffffff8 &  *(__eax - 4);
						__eflags = 0xfffffff8;
						 *(__edx + 0x10) = 0xfffffff8 &  *(__eax - 4);
						 *(__eax - 4) = __edx;
						if(0xfffffff8 == 0) {
							__ecx =  *(__edx + 8);
							 *(__ecx + 0xc) = __ebx;
							 *(__ebx + 8) = __ecx;
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						} else {
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}






























                                                                                                                                              0x00403ee8
                                                                                                                                              0x00403ef4
                                                                                                                                              0x00403efa
                                                                                                                                              0x00404148
                                                                                                                                              0x0040414d
                                                                                                                                              0x00404260
                                                                                                                                              0x00404261
                                                                                                                                              0x00404263
                                                                                                                                              0x00403c94
                                                                                                                                              0x00403c98
                                                                                                                                              0x00403c9a
                                                                                                                                              0x00403ca4
                                                                                                                                              0x00403cb4
                                                                                                                                              0x00403cb9
                                                                                                                                              0x00403cbd
                                                                                                                                              0x00403cbf
                                                                                                                                              0x00403cc1
                                                                                                                                              0x00403cc7
                                                                                                                                              0x00403cca
                                                                                                                                              0x00403ccf
                                                                                                                                              0x00403cd4
                                                                                                                                              0x00403cda
                                                                                                                                              0x00403ce0
                                                                                                                                              0x00403ce3
                                                                                                                                              0x00403ce5
                                                                                                                                              0x00403cec
                                                                                                                                              0x00403cec
                                                                                                                                              0x00403cf5
                                                                                                                                              0x00404269
                                                                                                                                              0x00404269
                                                                                                                                              0x0040426b
                                                                                                                                              0x0040426b
                                                                                                                                              0x00404153
                                                                                                                                              0x00404153
                                                                                                                                              0x0040415f
                                                                                                                                              0x00404162
                                                                                                                                              0x00404164
                                                                                                                                              0x0040410c
                                                                                                                                              0x00404111
                                                                                                                                              0x00404119
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x0040411b
                                                                                                                                              0x0040411d
                                                                                                                                              0x00404124
                                                                                                                                              0x00000000
                                                                                                                                              0x00404126
                                                                                                                                              0x00404128
                                                                                                                                              0x00404132
                                                                                                                                              0x0040413a
                                                                                                                                              0x0040413e
                                                                                                                                              0x00000000
                                                                                                                                              0x0040413e
                                                                                                                                              0x0040413a
                                                                                                                                              0x00000000
                                                                                                                                              0x00404124
                                                                                                                                              0x0040410c
                                                                                                                                              0x00404166
                                                                                                                                              0x00404166
                                                                                                                                              0x00404166
                                                                                                                                              0x0040416e
                                                                                                                                              0x00404171
                                                                                                                                              0x0040417b
                                                                                                                                              0x0040417b
                                                                                                                                              0x00404182
                                                                                                                                              0x00404195
                                                                                                                                              0x00404199
                                                                                                                                              0x0040419f
                                                                                                                                              0x004041b8
                                                                                                                                              0x004041be
                                                                                                                                              0x004041be
                                                                                                                                              0x004041c0
                                                                                                                                              0x004041de
                                                                                                                                              0x004041c2
                                                                                                                                              0x004041c2
                                                                                                                                              0x004041c7
                                                                                                                                              0x004041c9
                                                                                                                                              0x004041ce
                                                                                                                                              0x004041d7
                                                                                                                                              0x004041d7
                                                                                                                                              0x004041e3
                                                                                                                                              0x004041eb
                                                                                                                                              0x004041a1
                                                                                                                                              0x004041a1
                                                                                                                                              0x004041ab
                                                                                                                                              0x004041b3
                                                                                                                                              0x00000000
                                                                                                                                              0x004041b3
                                                                                                                                              0x00404184
                                                                                                                                              0x00404187
                                                                                                                                              0x0040418a
                                                                                                                                              0x004041ec
                                                                                                                                              0x004041ec
                                                                                                                                              0x004041ed
                                                                                                                                              0x004041ee
                                                                                                                                              0x004041f5
                                                                                                                                              0x004041f8
                                                                                                                                              0x004041fb
                                                                                                                                              0x004041fe
                                                                                                                                              0x00404200
                                                                                                                                              0x00404202
                                                                                                                                              0x00404209
                                                                                                                                              0x0040420b
                                                                                                                                              0x0040420b
                                                                                                                                              0x0040420b
                                                                                                                                              0x00404212
                                                                                                                                              0x00404214
                                                                                                                                              0x00404214
                                                                                                                                              0x00404212
                                                                                                                                              0x00404220
                                                                                                                                              0x00404225
                                                                                                                                              0x00404225
                                                                                                                                              0x00404227
                                                                                                                                              0x00404248
                                                                                                                                              0x00404248
                                                                                                                                              0x00404248
                                                                                                                                              0x00404229
                                                                                                                                              0x00404229
                                                                                                                                              0x0040422f
                                                                                                                                              0x00404232
                                                                                                                                              0x00404236
                                                                                                                                              0x0040423c
                                                                                                                                              0x0040423e
                                                                                                                                              0x0040423e
                                                                                                                                              0x0040423c
                                                                                                                                              0x0040424d
                                                                                                                                              0x00404250
                                                                                                                                              0x00404253
                                                                                                                                              0x0040425f
                                                                                                                                              0x0040425f
                                                                                                                                              0x00404182
                                                                                                                                              0x00403f00
                                                                                                                                              0x00403f00
                                                                                                                                              0x00403f02
                                                                                                                                              0x00403f02
                                                                                                                                              0x00403f09
                                                                                                                                              0x00403f10
                                                                                                                                              0x00403f68
                                                                                                                                              0x00403f68
                                                                                                                                              0x00403f6d
                                                                                                                                              0x00403f71
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00403f73
                                                                                                                                              0x00403f73
                                                                                                                                              0x00403f76
                                                                                                                                              0x00403f7b
                                                                                                                                              0x00403f7f
                                                                                                                                              0x00403f81
                                                                                                                                              0x00403f81
                                                                                                                                              0x00403f84
                                                                                                                                              0x00403f89
                                                                                                                                              0x00403f8d
                                                                                                                                              0x00403f8f
                                                                                                                                              0x00403f92
                                                                                                                                              0x00403f94
                                                                                                                                              0x00403f9b
                                                                                                                                              0x00000000
                                                                                                                                              0x00403f9d
                                                                                                                                              0x00403f9f
                                                                                                                                              0x00403fa4
                                                                                                                                              0x00403fa9
                                                                                                                                              0x00403fad
                                                                                                                                              0x00403fb5
                                                                                                                                              0x00000000
                                                                                                                                              0x00403fb5
                                                                                                                                              0x00403fad
                                                                                                                                              0x00403f9b
                                                                                                                                              0x00403f8d
                                                                                                                                              0x00000000
                                                                                                                                              0x00403f7f
                                                                                                                                              0x00403f68
                                                                                                                                              0x00403f12
                                                                                                                                              0x00403f12
                                                                                                                                              0x00403f15
                                                                                                                                              0x00403f18
                                                                                                                                              0x00403f1d
                                                                                                                                              0x00403f1f
                                                                                                                                              0x00403f38
                                                                                                                                              0x00403f3b
                                                                                                                                              0x00403f3f
                                                                                                                                              0x00403f41
                                                                                                                                              0x00403f44
                                                                                                                                              0x00403fbc
                                                                                                                                              0x00403fbd
                                                                                                                                              0x00403fbe
                                                                                                                                              0x00403fc5
                                                                                                                                              0x00403fc7
                                                                                                                                              0x00403fc7
                                                                                                                                              0x00403fcc
                                                                                                                                              0x00403fd4
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00403fd6
                                                                                                                                              0x00403fd8
                                                                                                                                              0x00403fdf
                                                                                                                                              0x00000000
                                                                                                                                              0x00403fe1
                                                                                                                                              0x00403fe3
                                                                                                                                              0x00403fe8
                                                                                                                                              0x00403fed
                                                                                                                                              0x00403ff5
                                                                                                                                              0x00403ff9
                                                                                                                                              0x00000000
                                                                                                                                              0x00403ff9
                                                                                                                                              0x00403ff5
                                                                                                                                              0x00000000
                                                                                                                                              0x00403fdf
                                                                                                                                              0x00403fc7
                                                                                                                                              0x00404000
                                                                                                                                              0x00404004
                                                                                                                                              0x00404004
                                                                                                                                              0x0040400a
                                                                                                                                              0x0040407c
                                                                                                                                              0x00404080
                                                                                                                                              0x00404086
                                                                                                                                              0x00404088
                                                                                                                                              0x004040b0
                                                                                                                                              0x004040b4
                                                                                                                                              0x004040b6
                                                                                                                                              0x004040bb
                                                                                                                                              0x004040bd
                                                                                                                                              0x004040bf
                                                                                                                                              0x00000000
                                                                                                                                              0x004040c1
                                                                                                                                              0x004040c1
                                                                                                                                              0x004040c6
                                                                                                                                              0x004040c8
                                                                                                                                              0x004040c9
                                                                                                                                              0x004040ca
                                                                                                                                              0x004040cb
                                                                                                                                              0x004040cb
                                                                                                                                              0x0040408a
                                                                                                                                              0x0040408a
                                                                                                                                              0x00404090
                                                                                                                                              0x00404094
                                                                                                                                              0x0040409a
                                                                                                                                              0x0040409c
                                                                                                                                              0x0040409e
                                                                                                                                              0x0040409e
                                                                                                                                              0x004040a0
                                                                                                                                              0x004040a2
                                                                                                                                              0x004040a8
                                                                                                                                              0x00000000
                                                                                                                                              0x004040a8
                                                                                                                                              0x0040400c
                                                                                                                                              0x0040400c
                                                                                                                                              0x0040400f
                                                                                                                                              0x00404016
                                                                                                                                              0x0040401d
                                                                                                                                              0x00404020
                                                                                                                                              0x00404023
                                                                                                                                              0x0040402a
                                                                                                                                              0x0040402d
                                                                                                                                              0x00404030
                                                                                                                                              0x00404033
                                                                                                                                              0x00404035
                                                                                                                                              0x00404037
                                                                                                                                              0x00404039
                                                                                                                                              0x0040403e
                                                                                                                                              0x00404040
                                                                                                                                              0x00404040
                                                                                                                                              0x00404040
                                                                                                                                              0x00404047
                                                                                                                                              0x00404049
                                                                                                                                              0x00404049
                                                                                                                                              0x00404047
                                                                                                                                              0x00404050
                                                                                                                                              0x00404055
                                                                                                                                              0x00404058
                                                                                                                                              0x0040405e
                                                                                                                                              0x004040cc
                                                                                                                                              0x004040cc
                                                                                                                                              0x004040cc
                                                                                                                                              0x00404060
                                                                                                                                              0x00404060
                                                                                                                                              0x00404062
                                                                                                                                              0x00404066
                                                                                                                                              0x00404068
                                                                                                                                              0x0040406b
                                                                                                                                              0x0040406e
                                                                                                                                              0x00404071
                                                                                                                                              0x00404075
                                                                                                                                              0x00404075
                                                                                                                                              0x004040d1
                                                                                                                                              0x004040d1
                                                                                                                                              0x004040d1
                                                                                                                                              0x004040d4
                                                                                                                                              0x004040d7
                                                                                                                                              0x004040d9
                                                                                                                                              0x004040de
                                                                                                                                              0x004040e0
                                                                                                                                              0x004040e3
                                                                                                                                              0x004040ea
                                                                                                                                              0x004040ed
                                                                                                                                              0x004040ed
                                                                                                                                              0x004040f0
                                                                                                                                              0x004040f4
                                                                                                                                              0x004040f7
                                                                                                                                              0x004040fa
                                                                                                                                              0x004040fc
                                                                                                                                              0x004040fc
                                                                                                                                              0x004040fe
                                                                                                                                              0x00404101
                                                                                                                                              0x00404104
                                                                                                                                              0x00404107
                                                                                                                                              0x00404108
                                                                                                                                              0x00404109
                                                                                                                                              0x0040410a
                                                                                                                                              0x0040410a
                                                                                                                                              0x00403f46
                                                                                                                                              0x00403f46
                                                                                                                                              0x00403f46
                                                                                                                                              0x00403f46
                                                                                                                                              0x00403f4a
                                                                                                                                              0x00403f4d
                                                                                                                                              0x00403f50
                                                                                                                                              0x00403f53
                                                                                                                                              0x00403f54
                                                                                                                                              0x00403f54
                                                                                                                                              0x00403f21
                                                                                                                                              0x00403f21
                                                                                                                                              0x00403f25
                                                                                                                                              0x00403f25
                                                                                                                                              0x00403f28
                                                                                                                                              0x00403f2b
                                                                                                                                              0x00403f2e
                                                                                                                                              0x00403f58
                                                                                                                                              0x00403f5b
                                                                                                                                              0x00403f5e
                                                                                                                                              0x00403f61
                                                                                                                                              0x00403f64
                                                                                                                                              0x00403f65
                                                                                                                                              0x00403f30
                                                                                                                                              0x00403f30
                                                                                                                                              0x00403f33
                                                                                                                                              0x00403f34
                                                                                                                                              0x00403f34
                                                                                                                                              0x00403f2e
                                                                                                                                              0x00403f1f

                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNEL32(00000000,000000FF,00404788,00000000,0040BF5B,00000000,0040C469,00000000,0040C72B,00000000,0040C761), ref: 00403F9F
                                                                                                                                              • Sleep.KERNEL32(0000000A,00000000,000000FF,00404788,00000000,0040BF5B,00000000,0040C469,00000000,0040C72B,00000000,0040C761), ref: 00403FB5
                                                                                                                                              • Sleep.KERNEL32(00000000,00000000,?,000000FF,00404788,00000000,0040BF5B,00000000,0040C469,00000000,0040C72B,00000000,0040C761), ref: 00403FE3
                                                                                                                                              • Sleep.KERNEL32(0000000A,00000000,00000000,?,000000FF,00404788,00000000,0040BF5B,00000000,0040C469,00000000,0040C72B,00000000,0040C761), ref: 00403FF9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Sleep
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3472027048-0
                                                                                                                                              • Opcode ID: de0d06ab3528a7223025f1b9446eacc1668a16eaa8b8f8de44a1672ae8a3e8ae
                                                                                                                                              • Instruction ID: 40858f6e4be6ca8b0a26f9524243d71a381fde2c256961902b301cd5bde9a830
                                                                                                                                              • Opcode Fuzzy Hash: de0d06ab3528a7223025f1b9446eacc1668a16eaa8b8f8de44a1672ae8a3e8ae
                                                                                                                                              • Instruction Fuzzy Hash: F6C146B2A052118BCB19CF68E884356BFE4ABC6311F1882BFE516AB7D1C774D941C79C
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00407724, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93threadCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 402 407724-407738 403 40773a-407746 call 407604 call 40768c 402->403 404 40774b-407752 402->404 403->404 406 407754-40775f GetCurrentThreadId 404->406 407 407775-407779 404->407 406->407 409 407761-407770 call 40735c call 407660 406->409 410 40777b-407782 407->410 411 40779d-4077a1 407->411 409->407 410->411 416 407784-40779b 410->416 412 4077a3-4077a6 411->412 413 4077ad-4077b1 411->413 412->413 417 4077a8-4077aa 412->417 418 4077d0-4077d9 call 407384 413->418 419 4077b3-4077bc call 405494 413->419 416->411 417->413 428 4077e0-4077e5 418->428 429 4077db-4077de 418->429 419->418 430 4077be-4077ce call 405cc8 call 405494 419->430 431 407801-40780c call 40735c 428->431 432 4077e7-4077f5 call 40b780 428->432 429->428 429->431 430->418 441 407811-407815 431->441 442 40780e 431->442 432->431 440 4077f7-4077f9 432->440 440->431 444 4077fb-4077fc FreeLibrary 440->444 445 407817-407819 call 407660 441->445 446 40781e-407821 441->446 442->441 444->431 445->446 447 407823-40782a 446->447 448 40783a 446->448 450 407832-407835 ExitProcess 447->450 451 40782c 447->451 451->450
                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                              			E00407724() {
				void* _t20;
				void* _t23;
				intOrPtr _t31;
				intOrPtr* _t33;
				void* _t46;
				struct HINSTANCE__* _t49;
				void* _t56;

				if( *0x4a9004 != 0) {
					E00407604();
					E0040768C(_t46);
					 *0x4a9004 = 0;
				}
				if( *0x4afbcc != 0 && GetCurrentThreadId() ==  *0x4afbf4) {
					E0040735C(0x4afbc8);
					E00407660(0x4afbc8);
				}
				if( *0x004AFBC0 != 0 ||  *0x4ad054 == 0) {
					L8:
					if( *((char*)(0x4afbc0)) == 2 &&  *0x4a9000 == 0) {
						 *0x004AFBA4 = 0;
					}
					if( *((char*)(0x4afbc0)) != 0) {
						L14:
						E00407384();
						if( *((char*)(0x4afbc0)) <= 1 ||  *0x4a9000 != 0) {
							_t15 =  *0x004AFBA8;
							if( *0x004AFBA8 != 0) {
								E0040B780(_t15);
								_t31 =  *((intOrPtr*)(0x4afba8));
								_t8 = _t31 + 0x10; // 0x400000
								_t49 =  *_t8;
								_t9 = _t31 + 4; // 0x400000
								if(_t49 !=  *_t9 && _t49 != 0) {
									FreeLibrary(_t49);
								}
							}
						}
						E0040735C(0x4afb98);
						if( *((char*)(0x4afbc0)) == 1) {
							 *0x004AFBBC();
						}
						if( *((char*)(0x4afbc0)) != 0) {
							E00407660(0x4afb98);
						}
						if( *0x4afb98 == 0) {
							if( *0x4ad038 != 0) {
								 *0x4ad038();
							}
							ExitProcess( *0x4a9000); // executed
						}
						memcpy(0x4afb98,  *0x4afb98, 0xc << 2);
						_t56 = _t56 + 0xc;
						0x4a9000 = 0x4a9000;
						0x4afb98 = 0x4afb98;
						goto L8;
					} else {
						_t20 = E00405494();
						_t44 = _t20;
						if(_t20 == 0) {
							goto L14;
						} else {
							goto L13;
						}
						do {
							L13:
							E00405CC8(_t44);
							_t23 = E00405494();
							_t44 = _t23;
						} while (_t23 != 0);
						goto L14;
					}
				} else {
					do {
						_t33 =  *0x4ad054; // 0x0
						 *0x4ad054 = 0;
						 *_t33();
					} while ( *0x4ad054 != 0);
					L8:
					while(1) {
					}
				}
			}










                                                                                                                                              0x00407738
                                                                                                                                              0x0040773a
                                                                                                                                              0x0040773f
                                                                                                                                              0x00407746
                                                                                                                                              0x00407746
                                                                                                                                              0x00407752
                                                                                                                                              0x00407766
                                                                                                                                              0x00407770
                                                                                                                                              0x00407770
                                                                                                                                              0x00407779
                                                                                                                                              0x0040779d
                                                                                                                                              0x004077a1
                                                                                                                                              0x004077aa
                                                                                                                                              0x004077aa
                                                                                                                                              0x004077b1
                                                                                                                                              0x004077d0
                                                                                                                                              0x004077d0
                                                                                                                                              0x004077d9
                                                                                                                                              0x004077e0
                                                                                                                                              0x004077e5
                                                                                                                                              0x004077e7
                                                                                                                                              0x004077ec
                                                                                                                                              0x004077ef
                                                                                                                                              0x004077ef
                                                                                                                                              0x004077f2
                                                                                                                                              0x004077f5
                                                                                                                                              0x004077fc
                                                                                                                                              0x004077fc
                                                                                                                                              0x004077f5
                                                                                                                                              0x004077e5
                                                                                                                                              0x00407803
                                                                                                                                              0x0040780c
                                                                                                                                              0x0040780e
                                                                                                                                              0x0040780e
                                                                                                                                              0x00407815
                                                                                                                                              0x00407819
                                                                                                                                              0x00407819
                                                                                                                                              0x00407821
                                                                                                                                              0x0040782a
                                                                                                                                              0x0040782c
                                                                                                                                              0x0040782c
                                                                                                                                              0x00407835
                                                                                                                                              0x00407835
                                                                                                                                              0x00407847
                                                                                                                                              0x00407847
                                                                                                                                              0x00407849
                                                                                                                                              0x0040784a
                                                                                                                                              0x00000000
                                                                                                                                              0x004077b3
                                                                                                                                              0x004077b3
                                                                                                                                              0x004077b8
                                                                                                                                              0x004077bc
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004077be
                                                                                                                                              0x004077be
                                                                                                                                              0x004077c0
                                                                                                                                              0x004077c5
                                                                                                                                              0x004077ca
                                                                                                                                              0x004077cc
                                                                                                                                              0x00000000
                                                                                                                                              0x004077be
                                                                                                                                              0x00407784
                                                                                                                                              0x00407784
                                                                                                                                              0x00407784
                                                                                                                                              0x0040778d
                                                                                                                                              0x00407792
                                                                                                                                              0x00407794
                                                                                                                                              0x00000000
                                                                                                                                              0x0040779d
                                                                                                                                              0x00000000
                                                                                                                                              0x0040779d

                                                                                                                                              APIs
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00407754
                                                                                                                                              • FreeLibrary.KERNEL32(00400000,?,?,?,0040785E,004054DF,00405526,?,?,0040553F,?,?,?,?,0045354A,00000000), ref: 004077FC
                                                                                                                                              • ExitProcess.KERNEL32(00000000,?,?,?,0040785E,004054DF,00405526,?,?,0040553F,?,?,?,?,0045354A,00000000), ref: 00407835
                                                                                                                                                • Part of subcall function 0040768C: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407744,?,?,?,0040785E,004054DF,00405526,?,?,0040553F), ref: 004076C5
                                                                                                                                                • Part of subcall function 0040768C: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407744,?,?,?,0040785E,004054DF,00405526,?,?), ref: 004076CB
                                                                                                                                                • Part of subcall function 0040768C: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407744,?,?,?), ref: 004076E6
                                                                                                                                                • Part of subcall function 0040768C: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407744,?,?), ref: 004076EC
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                                                                                              • String ID: MZP
                                                                                                                                              • API String ID: 3490077880-2889622443
                                                                                                                                              • Opcode ID: 27687baf6def8bf591ad0f3cbfb324307bfd436381f9ba0853c27a150f62d65a
                                                                                                                                              • Instruction ID: 4d6c15ac86d8b360ffdfc55aea4b1fc84de7d629047560fa0690051ca5318a6c
                                                                                                                                              • Opcode Fuzzy Hash: 27687baf6def8bf591ad0f3cbfb324307bfd436381f9ba0853c27a150f62d65a
                                                                                                                                              • Instruction Fuzzy Hash: DA319220E086415AE731AB79C48875B7AE46B06358F14883BD441A37D2D77CF884CB6F
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040771C, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86threadCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 452 40771c-407738 453 40773a-407746 call 407604 call 40768c 452->453 454 40774b-407752 452->454 453->454 456 407754-40775f GetCurrentThreadId 454->456 457 407775-407779 454->457 456->457 459 407761-407770 call 40735c call 407660 456->459 460 40777b-407782 457->460 461 40779d-4077a1 457->461 459->457 460->461 466 407784-40779b 460->466 462 4077a3-4077a6 461->462 463 4077ad-4077b1 461->463 462->463 467 4077a8-4077aa 462->467 468 4077d0-4077d9 call 407384 463->468 469 4077b3-4077bc call 405494 463->469 466->461 467->463 478 4077e0-4077e5 468->478 479 4077db-4077de 468->479 469->468 480 4077be-4077ce call 405cc8 call 405494 469->480 481 407801-40780c call 40735c 478->481 482 4077e7-4077f5 call 40b780 478->482 479->478 479->481 480->468 491 407811-407815 481->491 492 40780e 481->492 482->481 490 4077f7-4077f9 482->490 490->481 494 4077fb-4077fc FreeLibrary 490->494 495 407817-407819 call 407660 491->495 496 40781e-407821 491->496 492->491 494->481 495->496 497 407823-40782a 496->497 498 40783a 496->498 500 407832-407835 ExitProcess 497->500 501 40782c 497->501 501->500
                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                              			E0040771C() {
				intOrPtr* _t14;
				void* _t23;
				void* _t26;
				intOrPtr _t34;
				intOrPtr* _t36;
				void* _t50;
				struct HINSTANCE__* _t53;
				void* _t62;

				 *((intOrPtr*)(_t14 +  *_t14)) =  *((intOrPtr*)(_t14 +  *_t14)) + _t14 +  *_t14;
				if( *0x4a9004 != 0) {
					E00407604();
					E0040768C(_t50);
					 *0x4a9004 = 0;
				}
				if( *0x4afbcc != 0 && GetCurrentThreadId() ==  *0x4afbf4) {
					E0040735C(0x4afbc8);
					E00407660(0x4afbc8);
				}
				if( *0x004AFBC0 != 0 ||  *0x4ad054 == 0) {
					L9:
					if( *((char*)(0x4afbc0)) == 2 &&  *0x4a9000 == 0) {
						 *0x004AFBA4 = 0;
					}
					if( *((char*)(0x4afbc0)) != 0) {
						L15:
						E00407384();
						if( *((char*)(0x4afbc0)) <= 1 ||  *0x4a9000 != 0) {
							_t18 =  *0x004AFBA8;
							if( *0x004AFBA8 != 0) {
								E0040B780(_t18);
								_t34 =  *((intOrPtr*)(0x4afba8));
								_t8 = _t34 + 0x10; // 0x400000
								_t53 =  *_t8;
								_t9 = _t34 + 4; // 0x400000
								if(_t53 !=  *_t9 && _t53 != 0) {
									FreeLibrary(_t53);
								}
							}
						}
						E0040735C(0x4afb98);
						if( *((char*)(0x4afbc0)) == 1) {
							 *0x004AFBBC();
						}
						if( *((char*)(0x4afbc0)) != 0) {
							E00407660(0x4afb98);
						}
						if( *0x4afb98 == 0) {
							if( *0x4ad038 != 0) {
								 *0x4ad038();
							}
							ExitProcess( *0x4a9000); // executed
						}
						memcpy(0x4afb98,  *0x4afb98, 0xc << 2);
						_t62 = _t62 + 0xc;
						0x4a9000 = 0x4a9000;
						0x4afb98 = 0x4afb98;
						goto L9;
					} else {
						_t23 = E00405494();
						_t48 = _t23;
						if(_t23 == 0) {
							goto L15;
						} else {
							goto L14;
						}
						do {
							L14:
							E00405CC8(_t48);
							_t26 = E00405494();
							_t48 = _t26;
						} while (_t26 != 0);
						goto L15;
					}
				} else {
					do {
						_t36 =  *0x4ad054; // 0x0
						 *0x4ad054 = 0;
						 *_t36();
					} while ( *0x4ad054 != 0);
					L9:
					while(1) {
					}
				}
			}











                                                                                                                                              0x0040771e
                                                                                                                                              0x00407738
                                                                                                                                              0x0040773a
                                                                                                                                              0x0040773f
                                                                                                                                              0x00407746
                                                                                                                                              0x00407746
                                                                                                                                              0x00407752
                                                                                                                                              0x00407766
                                                                                                                                              0x00407770
                                                                                                                                              0x00407770
                                                                                                                                              0x00407779
                                                                                                                                              0x0040779d
                                                                                                                                              0x004077a1
                                                                                                                                              0x004077aa
                                                                                                                                              0x004077aa
                                                                                                                                              0x004077b1
                                                                                                                                              0x004077d0
                                                                                                                                              0x004077d0
                                                                                                                                              0x004077d9
                                                                                                                                              0x004077e0
                                                                                                                                              0x004077e5
                                                                                                                                              0x004077e7
                                                                                                                                              0x004077ec
                                                                                                                                              0x004077ef
                                                                                                                                              0x004077ef
                                                                                                                                              0x004077f2
                                                                                                                                              0x004077f5
                                                                                                                                              0x004077fc
                                                                                                                                              0x004077fc
                                                                                                                                              0x004077f5
                                                                                                                                              0x004077e5
                                                                                                                                              0x00407803
                                                                                                                                              0x0040780c
                                                                                                                                              0x0040780e
                                                                                                                                              0x0040780e
                                                                                                                                              0x00407815
                                                                                                                                              0x00407819
                                                                                                                                              0x00407819
                                                                                                                                              0x00407821
                                                                                                                                              0x0040782a
                                                                                                                                              0x0040782c
                                                                                                                                              0x0040782c
                                                                                                                                              0x00407835
                                                                                                                                              0x00407835
                                                                                                                                              0x00407847
                                                                                                                                              0x00407847
                                                                                                                                              0x00407849
                                                                                                                                              0x0040784a
                                                                                                                                              0x00000000
                                                                                                                                              0x004077b3
                                                                                                                                              0x004077b3
                                                                                                                                              0x004077b8
                                                                                                                                              0x004077bc
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004077be
                                                                                                                                              0x004077be
                                                                                                                                              0x004077c0
                                                                                                                                              0x004077c5
                                                                                                                                              0x004077ca
                                                                                                                                              0x004077cc
                                                                                                                                              0x00000000
                                                                                                                                              0x004077be
                                                                                                                                              0x00407784
                                                                                                                                              0x00407784
                                                                                                                                              0x00407784
                                                                                                                                              0x0040778d
                                                                                                                                              0x00407792
                                                                                                                                              0x00407794
                                                                                                                                              0x00000000
                                                                                                                                              0x0040779d
                                                                                                                                              0x00000000
                                                                                                                                              0x0040779d

                                                                                                                                              APIs
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00407754
                                                                                                                                              • FreeLibrary.KERNEL32(00400000,?,?,?,0040785E,004054DF,00405526,?,?,0040553F,?,?,?,?,0045354A,00000000), ref: 004077FC
                                                                                                                                              • ExitProcess.KERNEL32(00000000,?,?,?,0040785E,004054DF,00405526,?,?,0040553F,?,?,?,?,0045354A,00000000), ref: 00407835
                                                                                                                                                • Part of subcall function 0040768C: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407744,?,?,?,0040785E,004054DF,00405526,?,?,0040553F), ref: 004076C5
                                                                                                                                                • Part of subcall function 0040768C: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407744,?,?,?,0040785E,004054DF,00405526,?,?), ref: 004076CB
                                                                                                                                                • Part of subcall function 0040768C: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407744,?,?,?), ref: 004076E6
                                                                                                                                                • Part of subcall function 0040768C: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407744,?,?), ref: 004076EC
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                                                                                              • String ID: MZP
                                                                                                                                              • API String ID: 3490077880-2889622443
                                                                                                                                              • Opcode ID: c0169702aa9a0112fec964110138e5601fa374416d594b0021619e1349d772d7
                                                                                                                                              • Instruction ID: 94527550a85b6d0efb8c992dbc1059f00de0a519c92a8f1d7b957efcc6585d4e
                                                                                                                                              • Opcode Fuzzy Hash: c0169702aa9a0112fec964110138e5601fa374416d594b0021619e1349d772d7
                                                                                                                                              • Instruction Fuzzy Hash: 8E315C20E087419AE731AB79848875B3BE06B16358F14883BE441A77D2D77CF884CB6F
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004A0D04, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 82COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                              			E004A0D04(void* __eax, long __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char* _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				int _t30;
				intOrPtr _t63;
				void* _t71;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t76;

				_t71 = __edi;
				_t54 = __ebx;
				_t75 = _t76;
				_t55 = 4;
				do {
					_push(0);
					_push(0);
					_t55 = _t55 - 1;
				} while (_t55 != 0);
				_push(_t55);
				_push(__ebx);
				_t73 = __eax;
				_t78 = 0;
				_push(_t75);
				_push(0x4a0df9);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				while(1) {
					E00422C64( &_v12, _t54, _t55, _t78); // executed
					_t55 = L".tmp";
					E004A0BE8(0, _t54, L".tmp", _v12, _t71, _t73,  &_v8); // executed
					_t30 = CreateDirectoryW(E004084C8(_v8), 0); // executed
					if(_t30 != 0) {
						break;
					}
					_t54 = GetLastError();
					_t78 = _t54 - 0xb7;
					if(_t54 != 0xb7) {
						E00426DFC(0x3b,  &_v32, _v8);
						_v28 = _v32;
						E00419F38( &_v36, _t54, 0);
						_v24 = _v36;
						E004231E0(_t54,  &_v40);
						_v20 = _v40;
						E00426DCC(0x70, 2,  &_v28,  &_v16);
						_t55 = _v16;
						E0041F384(_v16, 1);
						E004070F0();
					}
				}
				E00407DD4(_t73, _v8);
				__eflags = 0;
				_pop(_t63);
				 *[fs:eax] = _t63;
				_push(E004A0E00);
				E00407A54( &_v40, 3);
				return E00407A54( &_v16, 3);
			}


















                                                                                                                                              0x004a0d04
                                                                                                                                              0x004a0d04
                                                                                                                                              0x004a0d05
                                                                                                                                              0x004a0d07
                                                                                                                                              0x004a0d0c
                                                                                                                                              0x004a0d0c
                                                                                                                                              0x004a0d0e
                                                                                                                                              0x004a0d10
                                                                                                                                              0x004a0d10
                                                                                                                                              0x004a0d13
                                                                                                                                              0x004a0d14
                                                                                                                                              0x004a0d16
                                                                                                                                              0x004a0d18
                                                                                                                                              0x004a0d1a
                                                                                                                                              0x004a0d1b
                                                                                                                                              0x004a0d20
                                                                                                                                              0x004a0d23
                                                                                                                                              0x004a0d26
                                                                                                                                              0x004a0d2d
                                                                                                                                              0x004a0d35
                                                                                                                                              0x004a0d3c
                                                                                                                                              0x004a0d4c
                                                                                                                                              0x004a0d53
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004a0d5a
                                                                                                                                              0x004a0d5c
                                                                                                                                              0x004a0d62
                                                                                                                                              0x004a0d70
                                                                                                                                              0x004a0d78
                                                                                                                                              0x004a0d84
                                                                                                                                              0x004a0d8c
                                                                                                                                              0x004a0d94
                                                                                                                                              0x004a0d9c
                                                                                                                                              0x004a0da9
                                                                                                                                              0x004a0dae
                                                                                                                                              0x004a0db8
                                                                                                                                              0x004a0dbd
                                                                                                                                              0x004a0dbd
                                                                                                                                              0x004a0d62
                                                                                                                                              0x004a0dcc
                                                                                                                                              0x004a0dd1
                                                                                                                                              0x004a0dd3
                                                                                                                                              0x004a0dd6
                                                                                                                                              0x004a0dd9
                                                                                                                                              0x004a0de6
                                                                                                                                              0x004a0df8

                                                                                                                                              APIs
                                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,?,00000000,004A0DF9,?,?,?,00000003,00000000,00000000,?,004A8181), ref: 004A0D4C
                                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,?,00000000,004A0DF9,?,?,?,00000003,00000000,00000000,?,004A8181), ref: 004A0D55
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                                              • String ID: $OA$.tmp
                                                                                                                                              • API String ID: 1375471231-3378223631
                                                                                                                                              • Opcode ID: c1f69d4ac7ed32912a2b85f44ff5ab6aba8f1595c1b5cc6fac2d72c7c5252cf6
                                                                                                                                              • Instruction ID: b2ec1cbb6bf4e9aaf38cbd7c23de4c70b0fa0b963ef3ce0e2719d642a434da45
                                                                                                                                              • Opcode Fuzzy Hash: c1f69d4ac7ed32912a2b85f44ff5ab6aba8f1595c1b5cc6fac2d72c7c5252cf6
                                                                                                                                              • Instruction Fuzzy Hash: 04217675A002099FDB00EBA1C841ADFB3B9EB59304F50457BF901B7381DA786E058B69
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004A7000, Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                              			E004A7000(void* __ecx, void* __edx) {
				intOrPtr _t19;
				intOrPtr _t22;

				_push(_t22);
				_push(0x4a70d7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t22;
				 *0x4ad98c =  *0x4ad98c - 1;
				if( *0x4ad98c < 0) {
					E00405B54();
					E004051A8();
					SetThreadLocale(0x400); // executed
					E0040A5C4();
					 *0x4a900c = 2;
					 *0x4ad01c = 0x4036b0;
					 *0x4ad020 = 0x4036b8;
					 *0x4ad05a = 2;
					 *0x4ad060 = E0040CDE0();
					 *0x4ad008 = E004098F4;
					E00405BAC(E00405B90());
					 *0x4ad068 = 0xd7b0;
					 *0x4ad344 = 0xd7b0;
					 *0x4ad620 = 0xd7b0;
					 *0x4ad050 = GetCommandLineW();
					 *0x4ad04c = E00403810();
					 *0x4ad97c = GetACP();
					 *0x4ad980 = 0x4b0;
					 *0x4ad044 = GetCurrentThreadId();
					E0040CDF4();
				}
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(0x4a70de);
				return 0;
			}





                                                                                                                                              0x004a7005
                                                                                                                                              0x004a7006
                                                                                                                                              0x004a700b
                                                                                                                                              0x004a700e
                                                                                                                                              0x004a7011
                                                                                                                                              0x004a7018
                                                                                                                                              0x004a701e
                                                                                                                                              0x004a7023
                                                                                                                                              0x004a702d
                                                                                                                                              0x004a7032
                                                                                                                                              0x004a7037
                                                                                                                                              0x004a703e
                                                                                                                                              0x004a7048
                                                                                                                                              0x004a7052
                                                                                                                                              0x004a705e
                                                                                                                                              0x004a7063
                                                                                                                                              0x004a7072
                                                                                                                                              0x004a7077
                                                                                                                                              0x004a7080
                                                                                                                                              0x004a7089
                                                                                                                                              0x004a7097
                                                                                                                                              0x004a70a1
                                                                                                                                              0x004a70ab
                                                                                                                                              0x004a70b0
                                                                                                                                              0x004a70bf
                                                                                                                                              0x004a70c4
                                                                                                                                              0x004a70c4
                                                                                                                                              0x004a70cb
                                                                                                                                              0x004a70ce
                                                                                                                                              0x004a70d1
                                                                                                                                              0x004a70d6

                                                                                                                                              APIs
                                                                                                                                              • SetThreadLocale.KERNEL32(00000400,00000000,004A70D7), ref: 004A702D
                                                                                                                                                • Part of subcall function 0040A5C4: InitializeCriticalSection.KERNEL32(004AFC10,004A7037,00000400,00000000,004A70D7), ref: 0040A5C9
                                                                                                                                                • Part of subcall function 0040A5C4: GetVersion.KERNEL32(004AFC10,004A7037,00000400,00000000,004A70D7), ref: 0040A5D7
                                                                                                                                                • Part of subcall function 0040A5C4: GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadPreferredUILanguages,004AFC10,004A7037,00000400,00000000,004A70D7), ref: 0040A5FE
                                                                                                                                                • Part of subcall function 0040A5C4: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A604
                                                                                                                                                • Part of subcall function 0040A5C4: GetModuleHandleW.KERNEL32(kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004AFC10,004A7037,00000400,00000000,004A70D7), ref: 0040A618
                                                                                                                                                • Part of subcall function 0040A5C4: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A61E
                                                                                                                                                • Part of subcall function 0040A5C4: GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadUILanguage,00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004AFC10,004A7037,00000400,00000000,004A70D7), ref: 0040A632
                                                                                                                                                • Part of subcall function 0040A5C4: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A638
                                                                                                                                                • Part of subcall function 0040CDE0: GetSystemInfo.KERNEL32 ref: 0040CDE4
                                                                                                                                              • GetCommandLineW.KERNEL32(00000400,00000000,004A70D7), ref: 004A7092
                                                                                                                                                • Part of subcall function 00403810: GetStartupInfoW.KERNEL32 ref: 00403821
                                                                                                                                              • GetACP.KERNEL32(00000400,00000000,004A70D7), ref: 004A70A6
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 004A70BA
                                                                                                                                                • Part of subcall function 0040CDF4: GetVersion.KERNEL32(004A70C9,00000400,00000000,004A70D7), ref: 0040CDF4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProc$InfoThreadVersion$CommandCriticalCurrentInitializeLineLocaleSectionStartupSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2740004594-0
                                                                                                                                              • Opcode ID: 751076c4bcae2fa5cb3ef74472dc0559afb380b7e743fee50856c719e0d04cff
                                                                                                                                              • Instruction ID: 2d6e9566c0f1ba9e301420735f22e2aaacda25799cb94ec5fa4b9a8b87f6e037
                                                                                                                                              • Opcode Fuzzy Hash: 751076c4bcae2fa5cb3ef74472dc0559afb380b7e743fee50856c719e0d04cff
                                                                                                                                              • Instruction Fuzzy Hash: EC1100B0808740A9E711BF72AC0660A3FA8FB4770DF41883EE10567AA2D7BD5545DF6E
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040E748, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 551 40e748-40e79c call 405720 CreateWindowExW call 405710
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E0040E748(long __eax, WCHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32, long _a36) {
				WCHAR* _v8;
				void* _t13;
				struct HWND__* _t24;
				WCHAR* _t29;
				long _t32;

				_v8 = _t29;
				_t32 = __eax;
				_t13 = E00405720();
				_t24 = CreateWindowExW(_t32, __edx, _v8, _a36, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4); // executed
				E00405710(_t13);
				return _t24;
			}








                                                                                                                                              0x0040e74f
                                                                                                                                              0x0040e754
                                                                                                                                              0x0040e756
                                                                                                                                              0x0040e787
                                                                                                                                              0x0040e790
                                                                                                                                              0x0040e79c

                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateWindow
                                                                                                                                              • String ID: InnoSetupLdrWindow$STATIC
                                                                                                                                              • API String ID: 716092398-2209255943
                                                                                                                                              • Opcode ID: 308ffab18e31b1134490d17498aac611e849f0f3c6d244726fd98e92013085e1
                                                                                                                                              • Instruction ID: f84a80031f046bc7831efab5cf97239724a0ea78ac17ff57204b8c6211417fe6
                                                                                                                                              • Opcode Fuzzy Hash: 308ffab18e31b1134490d17498aac611e849f0f3c6d244726fd98e92013085e1
                                                                                                                                              • Instruction Fuzzy Hash: 59F097B6600118BF8B40DE9DDC85DDB77ECEB4C264B054529FA0CD3201D634ED108BB4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004A0ECC, Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 556 4a0ecc-4a0edd 557 4a0edf-4a0ee0 556->557 558 4a0f26-4a0f2b 556->558 559 4a0ee2-4a0ee5 557->559 560 4a0ef2-4a0ef5 559->560 561 4a0ee7-4a0ef0 Sleep 559->561 562 4a0f00-4a0f05 call 427040 560->562 563 4a0ef7-4a0efb Sleep 560->563 561->562 565 4a0f0a-4a0f0c 562->565 563->562 565->558 566 4a0f0e-4a0f16 GetLastError 565->566 566->558 567 4a0f18-4a0f20 GetLastError 566->567 567->558 568 4a0f22-4a0f24 567->568 568->558 568->559
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E004A0ECC(long __eax, intOrPtr __edx, long _a4, long _a8) {
				intOrPtr _v8;
				long _t5;
				long _t9;
				void* _t10;
				void* _t13;
				void* _t15;
				void* _t16;

				_t5 = __eax;
				_v8 = __edx;
				_t9 = __eax;
				_t15 = _t10 - 1;
				if(_t15 < 0) {
					L10:
					return _t5;
				}
				_t16 = _t15 + 1;
				_t13 = 0;
				while(1) {
					_t19 = _t13 - 1;
					if(_t13 != 1) {
						__eflags = _t13 - 1;
						if(__eflags > 0) {
							Sleep(_a4);
						}
					} else {
						Sleep(_a8);
					}
					_t5 = E00427040(_t9, _v8, _t19); // executed
					if(_t5 != 0) {
						goto L10;
					}
					_t5 = GetLastError();
					if(_t5 == 2) {
						goto L10;
					}
					_t5 = GetLastError();
					if(_t5 == 3) {
						goto L10;
					}
					_t13 = _t13 + 1;
					_t16 = _t16 - 1;
					if(_t16 != 0) {
						continue;
					}
					goto L10;
				}
				goto L10;
			}










                                                                                                                                              0x004a0ecc
                                                                                                                                              0x004a0ed3
                                                                                                                                              0x004a0ed6
                                                                                                                                              0x004a0eda
                                                                                                                                              0x004a0edd
                                                                                                                                              0x004a0f2b
                                                                                                                                              0x004a0f2b
                                                                                                                                              0x004a0f2b
                                                                                                                                              0x004a0edf
                                                                                                                                              0x004a0ee0
                                                                                                                                              0x004a0ee2
                                                                                                                                              0x004a0ee2
                                                                                                                                              0x004a0ee5
                                                                                                                                              0x004a0ef2
                                                                                                                                              0x004a0ef5
                                                                                                                                              0x004a0efb
                                                                                                                                              0x004a0efb
                                                                                                                                              0x004a0ee7
                                                                                                                                              0x004a0eeb
                                                                                                                                              0x004a0eeb
                                                                                                                                              0x004a0f05
                                                                                                                                              0x004a0f0c
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004a0f0e
                                                                                                                                              0x004a0f16
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004a0f18
                                                                                                                                              0x004a0f20
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004a0f22
                                                                                                                                              0x004a0f23
                                                                                                                                              0x004a0f24
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004a0f24
                                                                                                                                              0x00000000

                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNEL32(?,?,?,?,0000000D,?,004A84CC,000000FA,00000032,004A8534), ref: 004A0EEB
                                                                                                                                              • Sleep.KERNEL32(?,?,?,?,0000000D,?,004A84CC,000000FA,00000032,004A8534), ref: 004A0EFB
                                                                                                                                              • GetLastError.KERNEL32(?,?,?,0000000D,?,004A84CC,000000FA,00000032,004A8534), ref: 004A0F0E
                                                                                                                                              • GetLastError.KERNEL32(?,?,?,0000000D,?,004A84CC,000000FA,00000032,004A8534), ref: 004A0F18
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLastSleep
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1458359878-0
                                                                                                                                              • Opcode ID: cc2d4a94ccb7c0f067045319ffe32a9e8ea37e82b0256121e0719bcc797ceef4
                                                                                                                                              • Instruction ID: fcbe09275aa41918487a0acd76f4d80e315746382495138c44c41daec09aced7
                                                                                                                                              • Opcode Fuzzy Hash: cc2d4a94ccb7c0f067045319ffe32a9e8ea37e82b0256121e0719bcc797ceef4
                                                                                                                                              • Instruction Fuzzy Hash: A9F02B32B002241B6B30E95E9C4592F628CDAB7378B10052FF545E7302D4BDCC4152E8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00420060, Relevance: 4.6, APIs: 3, Instructions: 93COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 63%
                                                                                                                                              			E00420060(void* __eax, void* __ebx, signed int* __ecx, signed int* __edx, void* __edi, void* __esi, signed int* _a4) {
				char _v8;
				char _v9;
				int _v16;
				void* _v20;
				void* _v24;
				int _v28;
				int _t33;
				int _t43;
				int _t64;
				intOrPtr _t72;
				intOrPtr _t74;
				signed int* _t77;
				signed int* _t79;
				void* _t81;
				void* _t82;
				intOrPtr _t83;

				_t81 = _t82;
				_t83 = _t82 + 0xffffffe8;
				_v8 = 0;
				_t77 = __ecx;
				_t79 = __edx;
				_push(_t81);
				_push(0x420160);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83;
				_v9 = 0;
				E00407E1C( &_v8, __eax);
				E00407F84( &_v8);
				_t33 = GetFileVersionInfoSizeW(E004084C8(_v8),  &_v16); // executed
				_t64 = _t33;
				if(_t64 == 0) {
					_pop(_t72);
					 *[fs:eax] = _t72;
					_push(0x420167);
					return E004079F4( &_v8);
				} else {
					_v20 = E004053F0(_t64);
					_push(_t81);
					_push(0x420143);
					_push( *[fs:edx]);
					 *[fs:edx] = _t83;
					_t43 = GetFileVersionInfoW(E004084C8(_v8), _v16, _t64, _v20); // executed
					if(_t43 != 0 && VerQueryValueW(_v20, 0x420174,  &_v24,  &_v28) != 0) {
						 *_t79 =  *(_v24 + 0x10) >> 0x00000010 & 0x0000ffff;
						 *_t77 =  *(_v24 + 0x10) & 0x0000ffff;
						 *_a4 =  *(_v24 + 0x14) >> 0x00000010 & 0x0000ffff;
						_v9 = 1;
					}
					_pop(_t74);
					 *[fs:eax] = _t74;
					_push(0x42014a);
					return E0040540C(_v20);
				}
			}



















                                                                                                                                              0x00420061
                                                                                                                                              0x00420063
                                                                                                                                              0x0042006b
                                                                                                                                              0x0042006e
                                                                                                                                              0x00420070
                                                                                                                                              0x00420076
                                                                                                                                              0x00420077
                                                                                                                                              0x0042007c
                                                                                                                                              0x0042007f
                                                                                                                                              0x00420082
                                                                                                                                              0x0042008b
                                                                                                                                              0x00420093
                                                                                                                                              0x004200a5
                                                                                                                                              0x004200aa
                                                                                                                                              0x004200ae
                                                                                                                                              0x0042014c
                                                                                                                                              0x0042014f
                                                                                                                                              0x00420152
                                                                                                                                              0x0042015f
                                                                                                                                              0x004200b4
                                                                                                                                              0x004200bb
                                                                                                                                              0x004200c0
                                                                                                                                              0x004200c1
                                                                                                                                              0x004200c6
                                                                                                                                              0x004200c9
                                                                                                                                              0x004200de
                                                                                                                                              0x004200e5
                                                                                                                                              0x0042010d
                                                                                                                                              0x00420116
                                                                                                                                              0x00420127
                                                                                                                                              0x00420129
                                                                                                                                              0x00420129
                                                                                                                                              0x0042012f
                                                                                                                                              0x00420132
                                                                                                                                              0x00420135
                                                                                                                                              0x00420142
                                                                                                                                              0x00420142

                                                                                                                                              APIs
                                                                                                                                              • GetFileVersionInfoSizeW.VERSION(00000000,?,00000000,00420160), ref: 004200A5
                                                                                                                                              • GetFileVersionInfoW.VERSION(00000000,?,00000000,?,00000000,00420143,?,00000000,?,00000000,00420160), ref: 004200DE
                                                                                                                                              • VerQueryValueW.VERSION(?,00420174,?,?,00000000,?,00000000,?,00000000,00420143,?,00000000,?,00000000,00420160), ref: 004200F8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileInfoVersion$QuerySizeValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2179348866-0
                                                                                                                                              • Opcode ID: d183af1ef0636e6162bc8df42a0a4f5a0591cd6bdf26b12374301618c02b16f2
                                                                                                                                              • Instruction ID: 7a7f4719427165232ba07bab02eb7f8b2be03f671c4adb6f55d937d41512f1e4
                                                                                                                                              • Opcode Fuzzy Hash: d183af1ef0636e6162bc8df42a0a4f5a0591cd6bdf26b12374301618c02b16f2
                                                                                                                                              • Instruction Fuzzy Hash: 69312171A042199FDB01DFA9D9419BFB7F8EB48300B9144BAF404E3292DB79DD10D765
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040B484, Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                              			E0040B484(intOrPtr __eax, void* __ebx, signed int __ecx, signed int __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _t41;
				signed short _t43;
				signed short _t46;
				signed int _t60;
				intOrPtr _t68;
				void* _t79;
				signed int* _t81;
				intOrPtr _t84;

				_t79 = __edi;
				_t61 = __ecx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t81 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00407AD8(_v8);
				E00407AD8(_v12);
				_push(_t84);
				_push(0x40b59b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t84;
				E004079F4(__ecx);
				if(_v12 == 0) {
					L14:
					_pop(_t68);
					 *[fs:eax] = _t68;
					_push(E0040B5A2);
					return E00407A54( &_v28, 6);
				}
				E00407E1C( &_v20, _v12);
				_t41 = _v12;
				if(_t41 != 0) {
					_t41 =  *(_t41 - 4);
				}
				_t60 = _t41;
				if(_t60 < 1) {
					L7:
					_t43 = E0040B1A8(_v8, _t60, _t61,  &_v16, _t81); // executed
					if(_v16 == 0) {
						L00403730();
						E0040AB58(_t43, _t60,  &_v24, _t79, _t81);
						_t46 = E0040B2D4(_v20, _t60, _t81, _v24, _t79, _t81); // executed
						__eflags =  *_t81;
						if( *_t81 == 0) {
							__eflags =  *0x4afc0c;
							if( *0x4afc0c == 0) {
								L00403738();
								E0040AB58(_t46, _t60,  &_v28, _t79, _t81);
								E0040B2D4(_v20, _t60, _t81, _v28, _t79, _t81);
							}
						}
						__eflags =  *_t81;
						if(__eflags == 0) {
							E0040B3B8(_v20, _t60, _t81, __eflags); // executed
						}
					} else {
						E0040B2D4(_v20, _t60, _t81, _v16, _t79, _t81);
					}
					goto L14;
				}
				while( *((short*)(_v12 + _t60 * 2 - 2)) != 0x2e) {
					_t60 = _t60 - 1;
					__eflags = _t60;
					if(_t60 != 0) {
						continue;
					}
					goto L7;
				}
				_t61 = _t60;
				E0040888C(_v12, _t60, 1,  &_v20);
				goto L7;
			}

















                                                                                                                                              0x0040b484
                                                                                                                                              0x0040b484
                                                                                                                                              0x0040b487
                                                                                                                                              0x0040b489
                                                                                                                                              0x0040b48b
                                                                                                                                              0x0040b48d
                                                                                                                                              0x0040b48f
                                                                                                                                              0x0040b491
                                                                                                                                              0x0040b493
                                                                                                                                              0x0040b494
                                                                                                                                              0x0040b495
                                                                                                                                              0x0040b497
                                                                                                                                              0x0040b49a
                                                                                                                                              0x0040b4a0
                                                                                                                                              0x0040b4a8
                                                                                                                                              0x0040b4af
                                                                                                                                              0x0040b4b0
                                                                                                                                              0x0040b4b5
                                                                                                                                              0x0040b4b8
                                                                                                                                              0x0040b4bd
                                                                                                                                              0x0040b4c6
                                                                                                                                              0x0040b580
                                                                                                                                              0x0040b582
                                                                                                                                              0x0040b585
                                                                                                                                              0x0040b588
                                                                                                                                              0x0040b59a
                                                                                                                                              0x0040b59a
                                                                                                                                              0x0040b4d2
                                                                                                                                              0x0040b4d7
                                                                                                                                              0x0040b4dc
                                                                                                                                              0x0040b4e1
                                                                                                                                              0x0040b4e1
                                                                                                                                              0x0040b4e3
                                                                                                                                              0x0040b4e8
                                                                                                                                              0x0040b50f
                                                                                                                                              0x0040b515
                                                                                                                                              0x0040b51e
                                                                                                                                              0x0040b52f
                                                                                                                                              0x0040b537
                                                                                                                                              0x0040b544
                                                                                                                                              0x0040b549
                                                                                                                                              0x0040b54c
                                                                                                                                              0x0040b54e
                                                                                                                                              0x0040b555
                                                                                                                                              0x0040b557
                                                                                                                                              0x0040b55f
                                                                                                                                              0x0040b56c
                                                                                                                                              0x0040b56c
                                                                                                                                              0x0040b555
                                                                                                                                              0x0040b571
                                                                                                                                              0x0040b574
                                                                                                                                              0x0040b57b
                                                                                                                                              0x0040b57b
                                                                                                                                              0x0040b520
                                                                                                                                              0x0040b528
                                                                                                                                              0x0040b528
                                                                                                                                              0x00000000
                                                                                                                                              0x0040b51e
                                                                                                                                              0x0040b4ea
                                                                                                                                              0x0040b50a
                                                                                                                                              0x0040b50b
                                                                                                                                              0x0040b50d
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x0040b50d
                                                                                                                                              0x0040b4f9
                                                                                                                                              0x0040b503
                                                                                                                                              0x00000000

                                                                                                                                              APIs
                                                                                                                                              • GetUserDefaultUILanguage.KERNEL32(00000000,0040B59B,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040B622,00000000,?,00000105), ref: 0040B52F
                                                                                                                                              • GetSystemDefaultUILanguage.KERNEL32(00000000,0040B59B,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040B622,00000000,?,00000105), ref: 0040B557
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DefaultLanguage$SystemUser
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 384301227-0
                                                                                                                                              • Opcode ID: a5df62239bc9b8b5aa42d2ad25163fdcfd826da8443722874e4a27fbb09cfcac
                                                                                                                                              • Instruction ID: 18846fc7009ae5a4e71a55a4188c0930fdf68c345da51b172561767d210bf349
                                                                                                                                              • Opcode Fuzzy Hash: a5df62239bc9b8b5aa42d2ad25163fdcfd826da8443722874e4a27fbb09cfcac
                                                                                                                                              • Instruction Fuzzy Hash: A5310170A10249ABDB10EF95C881AAEB7B5EF44308F5044BBE800B33D1D778AE458B9D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040B5A8, Relevance: 3.1, APIs: 2, Instructions: 55libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                              			E0040B5A8(void* __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				short _v530;
				char _v536;
				char _v540;
				void* _t44;
				intOrPtr _t45;
				void* _t49;
				void* _t52;

				_v536 = 0;
				_v540 = 0;
				_v8 = 0;
				_t49 = __eax;
				_push(_t52);
				_push(0x40b662);
				_push( *[fs:eax]);
				 *[fs:eax] = _t52 + 0xfffffde8;
				GetModuleFileNameW(0,  &_v530, 0x105);
				E00408530( &_v536, _t49);
				_push(_v536);
				E0040856C( &_v540, 0x105,  &_v530);
				_pop(_t44); // executed
				E0040B484(_v540, 0,  &_v8, _t44, __edi, _t49); // executed
				if(_v8 != 0) {
					LoadLibraryExW(E004084C8(_v8), 0, 2);
				}
				_pop(_t45);
				 *[fs:eax] = _t45;
				_push(E0040B669);
				E00407A54( &_v540, 2);
				return E004079F4( &_v8);
			}











                                                                                                                                              0x0040b5b5
                                                                                                                                              0x0040b5bb
                                                                                                                                              0x0040b5c1
                                                                                                                                              0x0040b5c4
                                                                                                                                              0x0040b5c8
                                                                                                                                              0x0040b5c9
                                                                                                                                              0x0040b5ce
                                                                                                                                              0x0040b5d1
                                                                                                                                              0x0040b5e4
                                                                                                                                              0x0040b5f1
                                                                                                                                              0x0040b5fc
                                                                                                                                              0x0040b60e
                                                                                                                                              0x0040b61c
                                                                                                                                              0x0040b61d
                                                                                                                                              0x0040b626
                                                                                                                                              0x0040b635
                                                                                                                                              0x0040b63a
                                                                                                                                              0x0040b63e
                                                                                                                                              0x0040b641
                                                                                                                                              0x0040b644
                                                                                                                                              0x0040b654
                                                                                                                                              0x0040b661

                                                                                                                                              APIs
                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040B662,?,?,00000000), ref: 0040B5E4
                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040B662,?,?,00000000), ref: 0040B635
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileLibraryLoadModuleName
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1159719554-0
                                                                                                                                              • Opcode ID: 71a3d84090ee24f64dbd202d4203489a3ae5a06853d229489dca3004faea58dc
                                                                                                                                              • Instruction ID: b80f15a0147bad070475b0dcf22c8b753a80f6822e4b0def75fc5cb61c98f3c2
                                                                                                                                              • Opcode Fuzzy Hash: 71a3d84090ee24f64dbd202d4203489a3ae5a06853d229489dca3004faea58dc
                                                                                                                                              • Instruction Fuzzy Hash: AC118270A4421CABDB14EB60CD86BDE77B8DB04704F5144BAF408B32D1DB785F848A99
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00427040, Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 60%
                                                                                                                                              			E00427040(void* __eax, void* __edx, void* __eflags) {
				int _v8;
				char _v16;
				long _v20;
				int _t13;
				intOrPtr _t27;
				void* _t32;
				void* _t34;
				intOrPtr _t35;

				_t32 = _t34;
				_t35 = _t34 + 0xfffffff0;
				if(E00426FF4(__eax,  &_v16) != 0) {
					_push(_t32);
					_push(0x42709d);
					_push( *[fs:eax]);
					 *[fs:eax] = _t35;
					_t13 = DeleteFileW(E004084C8(__edx)); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(E004270A4);
					return E00427030( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}











                                                                                                                                              0x00427041
                                                                                                                                              0x00427043
                                                                                                                                              0x00427058
                                                                                                                                              0x00427063
                                                                                                                                              0x00427064
                                                                                                                                              0x00427069
                                                                                                                                              0x0042706c
                                                                                                                                              0x00427077
                                                                                                                                              0x0042707c
                                                                                                                                              0x00427084
                                                                                                                                              0x00427089
                                                                                                                                              0x0042708c
                                                                                                                                              0x0042708f
                                                                                                                                              0x0042709c
                                                                                                                                              0x0042705a
                                                                                                                                              0x0042705c
                                                                                                                                              0x004270b5
                                                                                                                                              0x004270b5

                                                                                                                                              APIs
                                                                                                                                              • DeleteFileW.KERNEL32(00000000,00000000,0042709D,?,0000000D,00000000), ref: 00427077
                                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,0042709D,?,0000000D,00000000), ref: 0042707F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DeleteErrorFileLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2018770650-0
                                                                                                                                              • Opcode ID: a0fbf55be5ffcd09f305ae54ec4c1657f6674b1495f27545fe34e85a0120edfe
                                                                                                                                              • Instruction ID: 9cbfc24df38639fe3e45efe1b64bd3214acbd9b2112ca2de374008e0d0b065ce
                                                                                                                                              • Opcode Fuzzy Hash: a0fbf55be5ffcd09f305ae54ec4c1657f6674b1495f27545fe34e85a0120edfe
                                                                                                                                              • Instruction Fuzzy Hash: 54F0C831B08318ABDB00DB7AAC4189DB7E8DB49714B9149BBF814E3241EA785D144698
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00421124, Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                              			E00421124(void* __eax, void* __ebx, int __edx) {
				struct HINSTANCE__* _v12;
				int _v16;
				int _t4;
				struct HINSTANCE__* _t9;
				void* _t12;
				intOrPtr _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;

				_t18 = _t19;
				_t20 = _t19 + 0xfffffff4;
				_t12 = __eax;
				_t4 = SetErrorMode(__edx); // executed
				_v16 = _t4;
				_push(_t18);
				_push(0x421196);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				asm("fnstcw word [ebp-0x2]");
				_push(_t18);
				_push(0x421178);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				_t9 = LoadLibraryW(E004084C8(_t12)); // executed
				_v12 = _t9;
				_pop(_t16);
				 *[fs:eax] = _t16;
				_push(0x42117f);
				asm("fclex");
				asm("fldcw word [ebp-0x2]");
				return 0;
			}












                                                                                                                                              0x00421125
                                                                                                                                              0x00421127
                                                                                                                                              0x0042112b
                                                                                                                                              0x0042112e
                                                                                                                                              0x00421133
                                                                                                                                              0x00421138
                                                                                                                                              0x00421139
                                                                                                                                              0x0042113e
                                                                                                                                              0x00421141
                                                                                                                                              0x00421144
                                                                                                                                              0x00421149
                                                                                                                                              0x0042114a
                                                                                                                                              0x0042114f
                                                                                                                                              0x00421152
                                                                                                                                              0x0042115d
                                                                                                                                              0x00421162
                                                                                                                                              0x00421167
                                                                                                                                              0x0042116a
                                                                                                                                              0x0042116d
                                                                                                                                              0x00421172
                                                                                                                                              0x00421174
                                                                                                                                              0x00421177

                                                                                                                                              APIs
                                                                                                                                              • SetErrorMode.KERNEL32 ref: 0042112E
                                                                                                                                              • LoadLibraryW.KERNEL32(00000000,00000000,00421178,?,00000000,00421196), ref: 0042115D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLibraryLoadMode
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2987862817-0
                                                                                                                                              • Opcode ID: 58c8085b5dd36ac0ba48c9e98c217b3e8311cd8d6350e3969bf77500e8c19a68
                                                                                                                                              • Instruction ID: 6692b858657e05fdd79fffc9be95ae21615ec1a40954b736760fd61b652abef3
                                                                                                                                              • Opcode Fuzzy Hash: 58c8085b5dd36ac0ba48c9e98c217b3e8311cd8d6350e3969bf77500e8c19a68
                                                                                                                                              • Instruction Fuzzy Hash: 05F08270A14744BEDB125F769C5283BBAACE71DB047924CB6F910A26D1E63D4820C568
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004052D4, Relevance: 2.6, APIs: 2, Instructions: 63COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E004052D4() {
				intOrPtr _t13;
				intOrPtr* _t14;
				int _t18;
				intOrPtr* _t23;
				void* _t25;
				void* _t26;
				void* _t28;
				void* _t31;

				_t28 =  *0x004ADADC;
				while(_t28 != 0x4adad8) {
					_t2 = _t28 + 4; // 0x4adad8
					VirtualFree(_t28, 0, 0x8000); // executed
					_t28 =  *_t2;
				}
				_t25 = 0x37;
				_t13 = 0x4a9080;
				do {
					 *((intOrPtr*)(_t13 + 0xc)) = _t13;
					 *((intOrPtr*)(_t13 + 8)) = _t13;
					 *((intOrPtr*)(_t13 + 0x10)) = 1;
					 *((intOrPtr*)(_t13 + 0x14)) = 0;
					_t13 = _t13 + 0x20;
					_t25 = _t25 - 1;
				} while (_t25 != 0);
				 *0x4adad8 = 0x4adad8;
				 *0x004ADADC = 0x4adad8;
				_t26 = 0x400;
				_t23 = 0x4adb78;
				do {
					_t14 = _t23;
					 *_t14 = _t14;
					_t8 = _t14 + 4; // 0x4adb78
					 *_t8 = _t14;
					_t23 = _t23 + 8;
					_t26 = _t26 - 1;
				} while (_t26 != 0);
				 *0x4adaf4 = 0;
				E00405864(0x4adaf8, 0x80);
				_t18 = 0;
				 *0x4adaf0 = 0;
				_t31 =  *0x004AFB80;
				while(_t31 != 0x4afb7c) {
					_t10 = _t31 + 4; // 0x4afb7c
					_t18 = VirtualFree(_t31, 0, 0x8000);
					_t31 =  *_t10;
				}
				 *0x4afb7c = 0x4afb7c;
				 *0x004AFB80 = 0x4afb7c;
				return _t18;
			}











                                                                                                                                              0x004052e2
                                                                                                                                              0x004052f9
                                                                                                                                              0x004052e7
                                                                                                                                              0x004052f2
                                                                                                                                              0x004052f7
                                                                                                                                              0x004052f7
                                                                                                                                              0x004052fd
                                                                                                                                              0x00405302
                                                                                                                                              0x00405307
                                                                                                                                              0x00405309
                                                                                                                                              0x0040530e
                                                                                                                                              0x00405311
                                                                                                                                              0x0040531a
                                                                                                                                              0x0040531d
                                                                                                                                              0x00405320
                                                                                                                                              0x00405320
                                                                                                                                              0x00405323
                                                                                                                                              0x00405325
                                                                                                                                              0x00405328
                                                                                                                                              0x0040532d
                                                                                                                                              0x00405332
                                                                                                                                              0x00405332
                                                                                                                                              0x00405334
                                                                                                                                              0x00405336
                                                                                                                                              0x00405336
                                                                                                                                              0x00405339
                                                                                                                                              0x0040533c
                                                                                                                                              0x0040533c
                                                                                                                                              0x00405341
                                                                                                                                              0x00405352
                                                                                                                                              0x00405357
                                                                                                                                              0x00405359
                                                                                                                                              0x0040535e
                                                                                                                                              0x00405375
                                                                                                                                              0x00405363
                                                                                                                                              0x0040536e
                                                                                                                                              0x00405373
                                                                                                                                              0x00405373
                                                                                                                                              0x00405379
                                                                                                                                              0x0040537b
                                                                                                                                              0x00405382

                                                                                                                                              APIs
                                                                                                                                              • VirtualFree.KERNEL32(004ADAD8,00000000,00008000,?,?,?,?,004053D4,0040CEB2,00000000,0040CED0), ref: 004052F2
                                                                                                                                              • VirtualFree.KERNEL32(004AFB7C,00000000,00008000,004ADAD8,00000000,00008000,?,?,?,?,004053D4,0040CEB2,00000000,0040CED0), ref: 0040536E
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1263568516-0
                                                                                                                                              • Opcode ID: aca56245cc52c82a7b3f341d1c8cf7e92a798c0e1fefa8615c437f19d7d6098e
                                                                                                                                              • Instruction ID: f25e8dfbfec68b3d20904660ccd9f243b5161469b6c6478f3192385b195fbe5f
                                                                                                                                              • Opcode Fuzzy Hash: aca56245cc52c82a7b3f341d1c8cf7e92a798c0e1fefa8615c437f19d7d6098e
                                                                                                                                              • Instruction Fuzzy Hash: BE1160B1A056008BC7689F199840B17BBE4EB89754F15C0BFE54AEB791D778AC01CF9C
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004231E0, Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E004231E0(long __eax, void* __edx) {
				short _v2052;
				signed int _t7;
				void* _t10;
				signed int _t16;
				void* _t17;

				_t10 = __edx;
				_t7 = FormatMessageW(0x3200, 0, __eax, 0,  &_v2052, 0x400, 0); // executed
				while(_t7 > 0) {
					_t16 =  *(_t17 + _t7 * 2 - 2) & 0x0000ffff;
					if(_t16 <= 0x20) {
						L1:
						_t7 = _t7 - 1;
						__eflags = _t7;
						continue;
					} else {
						_t20 = _t16 - 0x2e;
						if(_t16 == 0x2e) {
							goto L1;
						}
					}
					break;
				}
				return E00407B7C(_t10, _t7, _t17, _t20);
			}








                                                                                                                                              0x004231e7
                                                                                                                                              0x004231ff
                                                                                                                                              0x00423207
                                                                                                                                              0x0042320b
                                                                                                                                              0x00423214
                                                                                                                                              0x00423206
                                                                                                                                              0x00423206
                                                                                                                                              0x00423206
                                                                                                                                              0x00000000
                                                                                                                                              0x00423216
                                                                                                                                              0x00423216
                                                                                                                                              0x0042321a
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x0042321a
                                                                                                                                              0x00000000
                                                                                                                                              0x00423214
                                                                                                                                              0x0042322d

                                                                                                                                              APIs
                                                                                                                                              • FormatMessageW.KERNEL32(00003200,00000000,00000000,00000000,?,00000400,00000000,00000000,00423B12,00000000,00423B63,?,00423D1C), ref: 004231FF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FormatMessage
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1306739567-0
                                                                                                                                              • Opcode ID: 8a8ded29896a6a3d6e4ee71bfed8fc8627356091e34a13b4e2479e8e8f3ea2c7
                                                                                                                                              • Instruction ID: 3693045bc5da979ae713bd01a88bcb338427aee45f74c8d87c3cec6a1377aca4
                                                                                                                                              • Opcode Fuzzy Hash: 8a8ded29896a6a3d6e4ee71bfed8fc8627356091e34a13b4e2479e8e8f3ea2c7
                                                                                                                                              • Instruction Fuzzy Hash: 6CE0D86079833162E32416495C03B77241AD7D0B02FE4443AB6509E3D6D6BDA959917E
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042290C, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 31%
                                                                                                                                              			E0042290C(void* __eax, void* __ebx, void* __ecx, void* __eflags) {
				char _v8;
				intOrPtr _t21;
				intOrPtr _t24;

				_push(0);
				_push(_t24);
				_push(0x422952);
				_push( *[fs:eax]);
				 *[fs:eax] = _t24;
				E004228A0(__eax, __ecx,  &_v8, __eflags);
				GetFileAttributesW(E004084C8(_v8)); // executed
				_pop(_t21);
				 *[fs:eax] = _t21;
				_push(E00422959);
				return E004079F4( &_v8);
			}






                                                                                                                                              0x0042290f
                                                                                                                                              0x00422916
                                                                                                                                              0x00422917
                                                                                                                                              0x0042291c
                                                                                                                                              0x0042291f
                                                                                                                                              0x00422927
                                                                                                                                              0x00422935
                                                                                                                                              0x0042293e
                                                                                                                                              0x00422941
                                                                                                                                              0x00422944
                                                                                                                                              0x00422951

                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,00000000,00422952,?,?,00000000,?,00422965,00422CD6,00000000,00422D1B,?,?,00000000,00000000), ref: 00422935
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesFile
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                              • Opcode ID: 9695cc5852d01956a8356376f89e56037d2dc4f0e8c31fee9d54d063763669a7
                                                                                                                                              • Instruction ID: adf724cbc0e9ec99664fb7122883241a88969a7a5422e81553629d77d99d79d0
                                                                                                                                              • Opcode Fuzzy Hash: 9695cc5852d01956a8356376f89e56037d2dc4f0e8c31fee9d54d063763669a7
                                                                                                                                              • Instruction Fuzzy Hash: B1E09271704304BFE711EA72DD52A1AB7ACE788704FE1487AF500E3681EABCAE149558
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040A31C, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E0040A31C(void* __eax) {
				short _v532;
				void* __ebx;
				void* __esi;
				intOrPtr _t14;
				void* _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t16 = __eax;
				_t22 =  *((intOrPtr*)(__eax + 0x10));
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					GetModuleFileNameW( *(__eax + 4),  &_v532, 0x20a);
					_t14 = E0040B5A8(_t21, _t16, _t18, _t19, _t22); // executed
					_t20 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t20;
					if(_t20 == 0) {
						 *((intOrPtr*)(_t16 + 0x10)) =  *((intOrPtr*)(_t16 + 4));
					}
				}
				return  *((intOrPtr*)(_t16 + 0x10));
			}












                                                                                                                                              0x0040a324
                                                                                                                                              0x0040a326
                                                                                                                                              0x0040a32a
                                                                                                                                              0x0040a33a
                                                                                                                                              0x0040a343
                                                                                                                                              0x0040a348
                                                                                                                                              0x0040a34a
                                                                                                                                              0x0040a34f
                                                                                                                                              0x0040a354
                                                                                                                                              0x0040a354
                                                                                                                                              0x0040a34f
                                                                                                                                              0x0040a362

                                                                                                                                              APIs
                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,0000020A), ref: 0040A33A
                                                                                                                                                • Part of subcall function 0040B5A8: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040B662,?,?,00000000), ref: 0040B5E4
                                                                                                                                                • Part of subcall function 0040B5A8: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040B662,?,?,00000000), ref: 0040B635
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileModuleName$LibraryLoad
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4113206344-0
                                                                                                                                              • Opcode ID: 7766ab1267648783c04a200b04eef592fad2a77fbeaae978ffe5e046441881e1
                                                                                                                                              • Instruction ID: 6edb2253a7495ed0a954c92edacff3916eacbd1be06b1290003ff9fd73c136a7
                                                                                                                                              • Opcode Fuzzy Hash: 7766ab1267648783c04a200b04eef592fad2a77fbeaae978ffe5e046441881e1
                                                                                                                                              • Instruction Fuzzy Hash: 87E0ED71A013109FCB10DE6CC8C5A5B77D8AB08758F0449A6AD68EF386D375DD2487D5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00423C9C, Relevance: 1.5, APIs: 1, Instructions: 26fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E00423C9C(signed int __ecx, void* __edx, signed char _a4, signed char _a8) {
				void* _t17;

				_t17 = CreateFileW(E004084C8(__edx),  *(0x4ab2e0 + (_a8 & 0x000000ff) * 4),  *(0x4ab2ec + (_a4 & 0x000000ff) * 4), 0,  *(0x4ab2fc + (__ecx & 0x000000ff) * 4), 0x80, 0); // executed
				return _t17;
			}




                                                                                                                                              0x00423cd9
                                                                                                                                              0x00423ce1

                                                                                                                                              APIs
                                                                                                                                              • CreateFileW.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 00423CD9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateFile
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                              • Opcode ID: cd066e086ef1ed4415b0417d4103bee30a162689a27a68c38112519e4c91ff9d
                                                                                                                                              • Instruction ID: 1c9d4f23c8aa800b19e68a1bac3b745927229ba282ea9ea95d81522d104b03bb
                                                                                                                                              • Opcode Fuzzy Hash: cd066e086ef1ed4415b0417d4103bee30a162689a27a68c38112519e4c91ff9d
                                                                                                                                              • Instruction Fuzzy Hash: 77E012622442282AD240969E7C51F667F9CD75A755F404063F984D72C2C5659A1086E8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00423DCC, Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E00423DCC(intOrPtr* __eax) {
				int _t4;
				intOrPtr* _t7;

				_t7 = __eax;
				_t4 = SetEndOfFile( *(__eax + 4)); // executed
				if(_t4 == 0) {
					return E00423BA0( *_t7);
				}
				return _t4;
			}





                                                                                                                                              0x00423dcd
                                                                                                                                              0x00423dd3
                                                                                                                                              0x00423dda
                                                                                                                                              0x00000000
                                                                                                                                              0x00423dde
                                                                                                                                              0x00423de4

                                                                                                                                              APIs
                                                                                                                                              • SetEndOfFile.KERNEL32(?,7FC20010,004A833A,00000000), ref: 00423DD3
                                                                                                                                                • Part of subcall function 00423BA0: GetLastError.KERNEL32(004236F0,00423C43,?,?,00000000,?,004A7F5A,00000001,00000000,00000002,00000000,004A857E,?,00000000,004A85C2), ref: 00423BA3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorFileLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 734332943-0
                                                                                                                                              • Opcode ID: 0765ad1251f4f9bf448c2ca066bd2935a303bcba73d1fbfb61790bf244085abd
                                                                                                                                              • Instruction ID: cfa778f694ab93f521f9cbfb4fa9891c4931fcabf1aeac7c02125d20c1f19662
                                                                                                                                              • Opcode Fuzzy Hash: 0765ad1251f4f9bf448c2ca066bd2935a303bcba73d1fbfb61790bf244085abd
                                                                                                                                              • Instruction Fuzzy Hash: EAC04C61710110478B40AEBAE9C1A1666E85A582057804866B504DB206E66DD9148618
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040CDE0, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E0040CDE0() {
				intOrPtr _v16;
				struct _SYSTEM_INFO* _t3;

				GetSystemInfo(_t3); // executed
				return _v16;
			}





                                                                                                                                              0x0040cde4
                                                                                                                                              0x0040cdf0

                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InfoSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 31276548-0
                                                                                                                                              • Opcode ID: 64025997c8bef7f1ab34438094cc35a0f72d67f734e29c1609a2ef977955ad2c
                                                                                                                                              • Instruction ID: 4f21eec972071caf62eebbeb90550a79e4d7a8082c8b53f17589c9beddeb5e45
                                                                                                                                              • Opcode Fuzzy Hash: 64025997c8bef7f1ab34438094cc35a0f72d67f734e29c1609a2ef977955ad2c
                                                                                                                                              • Instruction Fuzzy Hash: CDA012984088002AC404AB194C4340F39C819C1114FC40224745CB62C2E61D866403DB
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00403BCC, Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E00403BCC(signed int __eax) {
				void* _t4;
				intOrPtr _t7;
				signed int _t8;
				void** _t10;
				void* _t12;
				void* _t14;

				_t8 = __eax;
				E00403B60(__eax);
				_t4 = VirtualAlloc(0, 0x13fff0, 0x1000, 4); // executed
				if(_t4 == 0) {
					 *0x4adaf0 = 0;
					return 0;
				} else {
					_t10 =  *0x4adadc; // 0x4adad8
					_t14 = _t4;
					 *_t14 = 0x4adad8;
					 *0x4adadc = _t4;
					 *(_t14 + 4) = _t10;
					 *_t10 = _t4;
					_t12 = _t14 + 0x13fff0;
					 *((intOrPtr*)(_t12 - 4)) = 2;
					 *0x4adaf0 = 0x13ffe0 - _t8;
					_t7 = _t12 - _t8;
					 *0x4adaec = _t7;
					 *(_t7 - 4) = _t8 | 0x00000002;
					return _t7;
				}
			}









                                                                                                                                              0x00403bce
                                                                                                                                              0x00403bd0
                                                                                                                                              0x00403be3
                                                                                                                                              0x00403bea
                                                                                                                                              0x00403c3c
                                                                                                                                              0x00403c45
                                                                                                                                              0x00403bec
                                                                                                                                              0x00403bec
                                                                                                                                              0x00403bf2
                                                                                                                                              0x00403bf4
                                                                                                                                              0x00403bfa
                                                                                                                                              0x00403bff
                                                                                                                                              0x00403c02
                                                                                                                                              0x00403c06
                                                                                                                                              0x00403c11
                                                                                                                                              0x00403c1e
                                                                                                                                              0x00403c26
                                                                                                                                              0x00403c28
                                                                                                                                              0x00403c35
                                                                                                                                              0x00403c39
                                                                                                                                              0x00403c39

                                                                                                                                              APIs
                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,000001A3,004041E3,000000FF,00404788,00000000,0040BF5B,00000000,0040C469,00000000,0040C72B,00000000), ref: 00403BE3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                              • Opcode ID: 3bdf8bd4fda1bd36d4237db231ebe1dbc8cc1a3380dd60ea691b8e259bfce746
                                                                                                                                              • Instruction ID: 39403439fc8b110e22d936a7dc32f3b39bb41696391bc635e89da5ad8fc0de99
                                                                                                                                              • Opcode Fuzzy Hash: 3bdf8bd4fda1bd36d4237db231ebe1dbc8cc1a3380dd60ea691b8e259bfce746
                                                                                                                                              • Instruction Fuzzy Hash: 74F08CF2F082504FD7149F789D407417EE8E70A315B10817EE94AEBB95D7B488018B88
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00403CF6, Relevance: 1.3, APIs: 1, Instructions: 41COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 96%
                                                                                                                                              			E00403CF6(void* __eax) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				void* _t13;
				int _t20;
				void* _t22;
				signed int _t26;
				signed int _t29;
				signed int _t30;
				void* _t34;
				intOrPtr _t35;
				signed int _t39;
				void* _t41;
				void* _t42;

				_push(_t29);
				_t42 = _t41 + 0xffffffdc;
				_t34 = __eax - 0x10;
				E00403C48();
				_t13 = _t34;
				 *_t42 =  *_t13;
				_v48 =  *((intOrPtr*)(_t13 + 4));
				_t26 =  *(_t13 + 0xc);
				if((_t26 & 0x00000008) != 0) {
					_t22 = _t34;
					_t39 = _t26 & 0xfffffff0;
					_t30 = 0;
					while(1) {
						VirtualQuery(_t22,  &_v44, 0x1c);
						if(VirtualFree(_t22, 0, 0x8000) == 0) {
							break;
						}
						_t35 = _v44.RegionSize;
						if(_t39 > _t35) {
							_t39 = _t39 - _t35;
							_t22 = _t22 + _t35;
							continue;
						}
						goto L10;
					}
					_t30 = _t30 | 0xffffffff;
				} else {
					_t20 = VirtualFree(_t34, 0, 0x8000); // executed
					if(_t20 == 0) {
						_t30 = _t29 | 0xffffffff;
					} else {
						_t30 = 0;
					}
				}
				L10:
				if(_t30 == 0) {
					 *_v48 =  *_t42;
					 *( *_t42 + 4) = _v48;
				}
				 *0x4afb78 = 0;
				return _t30;
			}
















                                                                                                                                              0x00403cfa
                                                                                                                                              0x00403cfc
                                                                                                                                              0x00403d01
                                                                                                                                              0x00403d04
                                                                                                                                              0x00403d09
                                                                                                                                              0x00403d0d
                                                                                                                                              0x00403d13
                                                                                                                                              0x00403d17
                                                                                                                                              0x00403d1d
                                                                                                                                              0x00403d39
                                                                                                                                              0x00403d3d
                                                                                                                                              0x00403d40
                                                                                                                                              0x00403d42
                                                                                                                                              0x00403d4a
                                                                                                                                              0x00403d5e
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00403d65
                                                                                                                                              0x00403d6b
                                                                                                                                              0x00403d6d
                                                                                                                                              0x00403d6f
                                                                                                                                              0x00000000
                                                                                                                                              0x00403d6f
                                                                                                                                              0x00000000
                                                                                                                                              0x00403d6b
                                                                                                                                              0x00403d60
                                                                                                                                              0x00403d1f
                                                                                                                                              0x00403d27
                                                                                                                                              0x00403d2e
                                                                                                                                              0x00403d34
                                                                                                                                              0x00403d30
                                                                                                                                              0x00403d30
                                                                                                                                              0x00403d30
                                                                                                                                              0x00403d2e
                                                                                                                                              0x00403d73
                                                                                                                                              0x00403d75
                                                                                                                                              0x00403d7e
                                                                                                                                              0x00403d87
                                                                                                                                              0x00403d87
                                                                                                                                              0x00403d8a
                                                                                                                                              0x00403d9a

                                                                                                                                              APIs
                                                                                                                                              • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00403D27
                                                                                                                                              • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00403D4A
                                                                                                                                              • VirtualFree.KERNEL32(?,00000000,00008000,?,?,0000001C), ref: 00403D57
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Virtual$Free$Query
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 778034434-0
                                                                                                                                              • Opcode ID: b0456c6339b53605163a229e0112fb3a82e8289d127bf0df54443eeb5f5b923e
                                                                                                                                              • Instruction ID: ad0733c8d53d3b26cd92df12ea1f8837c747f7844e5edc0d0b0e07a6a81a6a36
                                                                                                                                              • Opcode Fuzzy Hash: b0456c6339b53605163a229e0112fb3a82e8289d127bf0df54443eeb5f5b923e
                                                                                                                                              • Instruction Fuzzy Hash: 36F06D35304A005FD311DF1AC844B17BBE9EFC5711F15C57AE888973A1D635DD018796
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 0040AC9C, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 78%
                                                                                                                                              			E0040AC9C(short* __eax, intOrPtr __edx) {
				short* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v20;
				struct _WIN32_FIND_DATAW _v612;
				short _v1134;
				signed int _t50;
				signed int _t51;
				void* _t55;
				signed int _t88;
				signed int _t89;
				intOrPtr* _t90;
				signed int _t101;
				signed int _t102;
				short* _t112;
				struct HINSTANCE__* _t113;
				short* _t115;
				short* _t116;
				void* _t117;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t113 = GetModuleHandleW(L"kernel32.dll");
				if(_t113 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t115 = _v8 + 4;
						goto L10;
					} else {
						if( *((short*)(_v8 + 2)) == 0x5c) {
							_t116 = E0040AC78(_v8 + 4);
							if( *_t116 != 0) {
								_t14 = _t116 + 2; // 0x2
								_t115 = E0040AC78(_t14);
								if( *_t115 != 0) {
									L10:
									_t88 = _t115 - _v8;
									_t89 = _t88 >> 1;
									if(_t88 < 0) {
										asm("adc ebx, 0x0");
									}
									_t43 = _t89 + 1;
									if(_t89 + 1 <= 0x105) {
										E0040A6C0( &_v1134, _v8, _t43);
										while( *_t115 != 0) {
											_t112 = E0040AC78(_t115 + 2);
											_t50 = _t112 - _t115;
											_t51 = _t50 >> 1;
											if(_t50 < 0) {
												asm("adc eax, 0x0");
											}
											if(_t51 + _t89 + 1 <= 0x105) {
												_t55 =  &_v1134 + _t89 + _t89;
												_t101 = _t112 - _t115;
												_t102 = _t101 >> 1;
												if(_t101 < 0) {
													asm("adc edx, 0x0");
												}
												E0040A6C0(_t55, _t115, _t102 + 1);
												_v20 = FindFirstFileW( &_v1134,  &_v612);
												if(_v20 != 0xffffffff) {
													FindClose(_v20);
													if(lstrlenW( &(_v612.cFileName)) + _t89 + 1 + 1 <= 0x105) {
														 *((short*)(_t117 + _t89 * 2 - 0x46a)) = 0x5c;
														E0040A6C0( &_v1134 + _t89 + _t89 + 2,  &(_v612.cFileName), 0x105 - _t89 - 1);
														_t89 = _t89 + lstrlenW( &(_v612.cFileName)) + 1;
														_t115 = _t112;
														continue;
													}
												}
											}
											goto L24;
										}
										E0040A6C0(_v8,  &_v1134, _v12);
									}
								}
							}
						}
					}
				} else {
					_t90 = GetProcAddress(_t113, "GetLongPathNameW");
					if(_t90 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v1134);
						_push(_v8);
						if( *_t90() == 0) {
							goto L4;
						} else {
							E0040A6C0(_v8,  &_v1134, _v12);
						}
					}
				}
				L24:
				return _v16;
			}






















                                                                                                                                              0x0040aca8
                                                                                                                                              0x0040acab
                                                                                                                                              0x0040acb1
                                                                                                                                              0x0040acbe
                                                                                                                                              0x0040acc2
                                                                                                                                              0x0040ad01
                                                                                                                                              0x0040ad08
                                                                                                                                              0x0040ad48
                                                                                                                                              0x00000000
                                                                                                                                              0x0040ad0a
                                                                                                                                              0x0040ad12
                                                                                                                                              0x0040ad23
                                                                                                                                              0x0040ad29
                                                                                                                                              0x0040ad2f
                                                                                                                                              0x0040ad37
                                                                                                                                              0x0040ad3d
                                                                                                                                              0x0040ad4b
                                                                                                                                              0x0040ad4d
                                                                                                                                              0x0040ad50
                                                                                                                                              0x0040ad52
                                                                                                                                              0x0040ad54
                                                                                                                                              0x0040ad54
                                                                                                                                              0x0040ad57
                                                                                                                                              0x0040ad5f
                                                                                                                                              0x0040ad70
                                                                                                                                              0x0040ae37
                                                                                                                                              0x0040ad82
                                                                                                                                              0x0040ad86
                                                                                                                                              0x0040ad88
                                                                                                                                              0x0040ad8a
                                                                                                                                              0x0040ad8c
                                                                                                                                              0x0040ad8c
                                                                                                                                              0x0040ad97
                                                                                                                                              0x0040ada7
                                                                                                                                              0x0040adab
                                                                                                                                              0x0040adad
                                                                                                                                              0x0040adaf
                                                                                                                                              0x0040adb1
                                                                                                                                              0x0040adb1
                                                                                                                                              0x0040adb7
                                                                                                                                              0x0040adcf
                                                                                                                                              0x0040add6
                                                                                                                                              0x0040addc
                                                                                                                                              0x0040adf8
                                                                                                                                              0x0040adfa
                                                                                                                                              0x0040ae21
                                                                                                                                              0x0040ae33
                                                                                                                                              0x0040ae35
                                                                                                                                              0x00000000
                                                                                                                                              0x0040ae35
                                                                                                                                              0x0040adf8
                                                                                                                                              0x0040add6
                                                                                                                                              0x00000000
                                                                                                                                              0x0040ad97
                                                                                                                                              0x0040ae4d
                                                                                                                                              0x0040ae4d
                                                                                                                                              0x0040ad5f
                                                                                                                                              0x0040ad3d
                                                                                                                                              0x0040ad29
                                                                                                                                              0x0040ad12
                                                                                                                                              0x0040acc4
                                                                                                                                              0x0040accf
                                                                                                                                              0x0040acd3
                                                                                                                                              0x00000000
                                                                                                                                              0x0040acd5
                                                                                                                                              0x0040acd5
                                                                                                                                              0x0040ace0
                                                                                                                                              0x0040ace4
                                                                                                                                              0x0040ace9
                                                                                                                                              0x00000000
                                                                                                                                              0x0040aceb
                                                                                                                                              0x0040acf7
                                                                                                                                              0x0040acf7
                                                                                                                                              0x0040ace9
                                                                                                                                              0x0040acd3
                                                                                                                                              0x0040ae52
                                                                                                                                              0x0040ae5b

                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,004163D0,?,?), ref: 0040ACB9
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 0040ACCA
                                                                                                                                              • FindFirstFileW.KERNEL32(?,?,kernel32.dll,004163D0,?,?), ref: 0040ADCA
                                                                                                                                              • FindClose.KERNEL32(?,?,?,kernel32.dll,004163D0,?,?), ref: 0040ADDC
                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,?,kernel32.dll,004163D0,?,?), ref: 0040ADE8
                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,?,?,kernel32.dll,004163D0,?,?), ref: 0040AE2D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                                                              • String ID: GetLongPathNameW$\$kernel32.dll
                                                                                                                                              • API String ID: 1930782624-3908791685
                                                                                                                                              • Opcode ID: c23059803d50ffbb69bc2ce4a2bd9c62d9d22e9847f338aa71202613e6372609
                                                                                                                                              • Instruction ID: 41d01645e24d257238dd5067bd4c9414aa615acd03712fd1fd4c25b28ebdd489
                                                                                                                                              • Opcode Fuzzy Hash: c23059803d50ffbb69bc2ce4a2bd9c62d9d22e9847f338aa71202613e6372609
                                                                                                                                              • Instruction Fuzzy Hash: 7941A331A007189BCB10EFA4CC85ADEB3B5AF44310F1885B69544F73D1E7799E518B8A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004A0E28, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42shutdownCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 91%
                                                                                                                                              			E004A0E28() {
				int _v4;
				struct _TOKEN_PRIVILEGES _v16;
				void* _v20;
				int _t7;

				if(E0042004C() != 2) {
					L5:
					_t7 = ExitWindowsEx(2, 0);
					asm("sbb eax, eax");
					return _t7 + 1;
				}
				if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v20) != 0) {
					LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v16.Privileges));
					_v16.PrivilegeCount = 1;
					_v4 = 2;
					AdjustTokenPrivileges(_v20, 0,  &_v16, 0, 0, 0);
					if(GetLastError() == 0) {
						goto L5;
					}
					return 0;
				}
				return 0;
			}







                                                                                                                                              0x004a0e33
                                                                                                                                              0x004a0e90
                                                                                                                                              0x004a0e94
                                                                                                                                              0x004a0e9c
                                                                                                                                              0x00000000
                                                                                                                                              0x004a0e9e
                                                                                                                                              0x004a0e45
                                                                                                                                              0x004a0e57
                                                                                                                                              0x004a0e5c
                                                                                                                                              0x004a0e64
                                                                                                                                              0x004a0e7e
                                                                                                                                              0x004a0e8a
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004a0e8c
                                                                                                                                              0x00000000

                                                                                                                                              APIs
                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028), ref: 004A0E38
                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004A0E3E
                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 004A0E57
                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 004A0E7E
                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 004A0E83
                                                                                                                                              • ExitWindowsEx.USER32(00000002,00000000), ref: 004A0E94
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                                              • String ID: SeShutdownPrivilege
                                                                                                                                              • API String ID: 107509674-3733053543
                                                                                                                                              • Opcode ID: fe1b067eca73296cefec74aef68d5e38e82838797bed51e4050b4c645f3bddb9
                                                                                                                                              • Instruction ID: de75dd4a19c05497f4e369505de79ffe978a6723dd01d742fb3c8f7576f479cb
                                                                                                                                              • Opcode Fuzzy Hash: fe1b067eca73296cefec74aef68d5e38e82838797bed51e4050b4c645f3bddb9
                                                                                                                                              • Instruction Fuzzy Hash: 8AF06D7068430179F720A6B28C07F2B61C89B56B48F900C2AFA85EA1C2E7BDD414526F
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004A1700, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E004A1700() {
				struct HRSRC__* _t10;
				void* _t11;
				void* _t12;

				_t10 = FindResourceW(0, 0x2b67, 0xa);
				if(_t10 == 0) {
					E004A1544();
				}
				if(SizeofResource(0, _t10) != 0x2c) {
					E004A1544();
				}
				_t11 = LoadResource(0, _t10);
				if(_t11 == 0) {
					E004A1544();
				}
				_t12 = LockResource(_t11);
				if(_t12 == 0) {
					E004A1544();
				}
				return _t12;
			}






                                                                                                                                              0x004a170f
                                                                                                                                              0x004a1713
                                                                                                                                              0x004a1715
                                                                                                                                              0x004a1715
                                                                                                                                              0x004a1725
                                                                                                                                              0x004a1727
                                                                                                                                              0x004a1727
                                                                                                                                              0x004a1734
                                                                                                                                              0x004a1738
                                                                                                                                              0x004a173a
                                                                                                                                              0x004a173a
                                                                                                                                              0x004a1745
                                                                                                                                              0x004a1749
                                                                                                                                              0x004a174b
                                                                                                                                              0x004a174b
                                                                                                                                              0x004a1753

                                                                                                                                              APIs
                                                                                                                                              • FindResourceW.KERNEL32(00000000,00002B67,0000000A,?,004A7F72,00000000,004A852A,?,00000001,00000000,00000002,00000000,004A857E,?,00000000,004A85C2), ref: 004A170A
                                                                                                                                              • SizeofResource.KERNEL32(00000000,00000000,00000000,00002B67,0000000A,?,004A7F72,00000000,004A852A,?,00000001,00000000,00000002,00000000,004A857E), ref: 004A171D
                                                                                                                                              • LoadResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,00002B67,0000000A,?,004A7F72,00000000,004A852A,?,00000001,00000000,00000002,00000000), ref: 004A172F
                                                                                                                                              • LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00002B67,0000000A,?,004A7F72,00000000,004A852A,?,00000001,00000000,00000002), ref: 004A1740
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Resource$FindLoadLockSizeof
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3473537107-0
                                                                                                                                              • Opcode ID: 0e167eaf222881e49b93fd61e2515b39df1dd1f3b826912796eb5bb1c6379618
                                                                                                                                              • Instruction ID: d09968d54a12af4fb9a7ffdc410a445be0be65e0f1a53bf5b11a7e4f68c05b11
                                                                                                                                              • Opcode Fuzzy Hash: 0e167eaf222881e49b93fd61e2515b39df1dd1f3b826912796eb5bb1c6379618
                                                                                                                                              • Instruction Fuzzy Hash: 2AE09284B8575635FA643AF71CC7B6E00094B7778DF40183BF606692E2EDACCC14122E
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040A840, Relevance: 4.6, APIs: 3, Instructions: 99COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                              			E0040A840(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr _v12;
				short _v182;
				short _v352;
				char _v356;
				char _v360;
				char _v364;
				int _t58;
				signed int _t61;
				intOrPtr _t70;
				signed short _t80;
				void* _t83;
				void* _t85;
				void* _t86;

				_t77 = __edi;
				_push(__edi);
				_v356 = 0;
				_v360 = 0;
				_v364 = 0;
				_v8 = __edx;
				_t80 = __eax;
				_push(_t83);
				_push(0x40a9a5);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83 + 0xfffffe98;
				E004079F4(_v8);
				_t85 = _t80 -  *0x4a9a08; // 0x404
				if(_t85 >= 0) {
					_t86 = _t80 -  *0x4a9c08; // 0x7c68
					if(_t86 <= 0) {
						_t77 = 0x40;
						_v12 = 0;
						if(0x40 >= _v12) {
							do {
								_t61 = _t77 + _v12 >> 1;
								if(_t80 >=  *((intOrPtr*)(0x4a9a08 + _t61 * 8))) {
									__eflags = _t80 -  *((intOrPtr*)(0x4a9a08 + _t61 * 8));
									if(__eflags <= 0) {
										E0040A760( *((intOrPtr*)(0x4a9a0c + _t61 * 8)), _t61, _v8, _t77, _t80, __eflags);
									} else {
										_v12 = _t61 + 1;
										goto L8;
									}
								} else {
									_t77 = _t61 - 1;
									goto L8;
								}
								goto L9;
								L8:
							} while (_t77 >= _v12);
						}
					}
				}
				L9:
				if( *_v8 == 0 && IsValidLocale(_t80 & 0x0000ffff, 2) != 0) {
					_t58 = _t80 & 0x0000ffff;
					GetLocaleInfoW(_t58, 0x59,  &_v182, 0x55);
					GetLocaleInfoW(_t58, 0x5a,  &_v352, 0x55);
					E0040856C( &_v356, 0x55,  &_v182);
					_push(_v356);
					_push(0x40a9c0);
					E0040856C( &_v360, 0x55,  &_v352);
					_push(_v360);
					_push(E0040A9D0);
					E0040856C( &_v364, 0x55,  &_v182);
					_push(_v364);
					E004087A4(_v8, _t58, 5, _t77, _t80);
				}
				_pop(_t70);
				 *[fs:eax] = _t70;
				_push(E0040A9AC);
				return E00407A54( &_v364, 3);
			}

















                                                                                                                                              0x0040a840
                                                                                                                                              0x0040a84b
                                                                                                                                              0x0040a84e
                                                                                                                                              0x0040a854
                                                                                                                                              0x0040a85a
                                                                                                                                              0x0040a860
                                                                                                                                              0x0040a863
                                                                                                                                              0x0040a867
                                                                                                                                              0x0040a868
                                                                                                                                              0x0040a86d
                                                                                                                                              0x0040a870
                                                                                                                                              0x0040a876
                                                                                                                                              0x0040a87b
                                                                                                                                              0x0040a882
                                                                                                                                              0x0040a884
                                                                                                                                              0x0040a88b
                                                                                                                                              0x0040a88d
                                                                                                                                              0x0040a894
                                                                                                                                              0x0040a89a
                                                                                                                                              0x0040a89c
                                                                                                                                              0x0040a8a1
                                                                                                                                              0x0040a8ab
                                                                                                                                              0x0040a8b2
                                                                                                                                              0x0040a8ba
                                                                                                                                              0x0040a8cc
                                                                                                                                              0x0040a8bc
                                                                                                                                              0x0040a8bd
                                                                                                                                              0x00000000
                                                                                                                                              0x0040a8bd
                                                                                                                                              0x0040a8ad
                                                                                                                                              0x0040a8af
                                                                                                                                              0x00000000
                                                                                                                                              0x0040a8af
                                                                                                                                              0x00000000
                                                                                                                                              0x0040a8d3
                                                                                                                                              0x0040a8d3
                                                                                                                                              0x0040a89c
                                                                                                                                              0x0040a89a
                                                                                                                                              0x0040a88b
                                                                                                                                              0x0040a8d8
                                                                                                                                              0x0040a8de
                                                                                                                                              0x0040a902
                                                                                                                                              0x0040a906
                                                                                                                                              0x0040a917
                                                                                                                                              0x0040a92d
                                                                                                                                              0x0040a932
                                                                                                                                              0x0040a938
                                                                                                                                              0x0040a94e
                                                                                                                                              0x0040a953
                                                                                                                                              0x0040a959
                                                                                                                                              0x0040a96f
                                                                                                                                              0x0040a974
                                                                                                                                              0x0040a982
                                                                                                                                              0x0040a982
                                                                                                                                              0x0040a989
                                                                                                                                              0x0040a98c
                                                                                                                                              0x0040a98f
                                                                                                                                              0x0040a9a4

                                                                                                                                              APIs
                                                                                                                                              • IsValidLocale.KERNEL32(?,00000002,00000000,0040A9A5,?,004163D0,?,00000000), ref: 0040A8EA
                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,00000059,?,00000055,?,00000002,00000000,0040A9A5,?,004163D0,?,00000000), ref: 0040A906
                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,0000005A,?,00000055,00000000,00000059,?,00000055,?,00000002,00000000,0040A9A5,?,004163D0,?,00000000), ref: 0040A917
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Locale$Info$Valid
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1826331170-0
                                                                                                                                              • Opcode ID: 64b235b34ad3b405be668a38bbcf0c4c9e16d70e7dca781f39a661cc6ac02bf3
                                                                                                                                              • Instruction ID: a21452d7453331bea184a1c788462f810345500a03990f2c05a1053d145e59cd
                                                                                                                                              • Opcode Fuzzy Hash: 64b235b34ad3b405be668a38bbcf0c4c9e16d70e7dca781f39a661cc6ac02bf3
                                                                                                                                              • Instruction Fuzzy Hash: 53319EB1A00708AAEB20EB55CC81BEF7BB9EB45701F1044BBA104B72D0D7395E91DF1A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041A5FC, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E0041A5FC(WCHAR* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				long _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				signed int _v28;
				WCHAR* _t25;
				int _t26;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr* _t37;
				intOrPtr* _t38;
				intOrPtr _t46;
				intOrPtr _t48;

				_t25 = _a4;
				if(_t25 == 0) {
					_t25 = 0;
				}
				_t26 = GetDiskFreeSpaceW(_t25,  &_v8,  &_v12,  &_v16,  &_v20);
				_v28 = _v8 * _v12;
				_v24 = 0;
				_t46 = _v24;
				_t31 = E004098FC(_v28, _t46, _v16, 0);
				_t37 = _a8;
				 *_t37 = _t31;
				 *((intOrPtr*)(_t37 + 4)) = _t46;
				_t48 = _v24;
				_t34 = E004098FC(_v28, _t48, _v20, 0);
				_t38 = _a12;
				 *_t38 = _t34;
				 *((intOrPtr*)(_t38 + 4)) = _t48;
				return _t26;
			}

















                                                                                                                                              0x0041a603
                                                                                                                                              0x0041a608
                                                                                                                                              0x0041a60a
                                                                                                                                              0x0041a60a
                                                                                                                                              0x0041a61d
                                                                                                                                              0x0041a62c
                                                                                                                                              0x0041a62f
                                                                                                                                              0x0041a63c
                                                                                                                                              0x0041a63f
                                                                                                                                              0x0041a644
                                                                                                                                              0x0041a647
                                                                                                                                              0x0041a649
                                                                                                                                              0x0041a656
                                                                                                                                              0x0041a659
                                                                                                                                              0x0041a65e
                                                                                                                                              0x0041a661
                                                                                                                                              0x0041a663
                                                                                                                                              0x0041a66c

                                                                                                                                              APIs
                                                                                                                                              • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?), ref: 0041A61D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DiskFreeSpace
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1705453755-0
                                                                                                                                              • Opcode ID: 1f81ffd3f8b7f43dd4d40be7e4fa3e48113c3a6555be2f83e13846e6c896b012
                                                                                                                                              • Instruction ID: 1ffc0297bdb4ea11008dc3bcb63dba6813c0f317fc4836b7b6f34cb81ab2f15a
                                                                                                                                              • Opcode Fuzzy Hash: 1f81ffd3f8b7f43dd4d40be7e4fa3e48113c3a6555be2f83e13846e6c896b012
                                                                                                                                              • Instruction Fuzzy Hash: 4B110CB5E00209AFDB00DF99C8819AFB7F9EFC8304B14C56AA508E7255E6319E018BA0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041E154, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E0041E154(int __eax, void* __ecx, int __edx, intOrPtr _a4) {
				short _v516;
				void* __ebp;
				int _t5;
				intOrPtr _t10;
				void* _t18;

				_t18 = __ecx;
				_t10 = _a4;
				_t5 = GetLocaleInfoW(__eax, __edx,  &_v516, 0x100);
				_t19 = _t5;
				if(_t5 <= 0) {
					return E00407DD4(_t10, _t18);
				}
				return E00407B7C(_t10, _t5 - 1,  &_v516, _t19);
			}








                                                                                                                                              0x0041e15f
                                                                                                                                              0x0041e161
                                                                                                                                              0x0041e172
                                                                                                                                              0x0041e177
                                                                                                                                              0x0041e179
                                                                                                                                              0x00000000
                                                                                                                                              0x0041e191
                                                                                                                                              0x00000000

                                                                                                                                              APIs
                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 0041E172
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InfoLocale
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2299586839-0
                                                                                                                                              • Opcode ID: 7928e8acb0f3bf95a95806c5ee37cf780a020151f3d59b515ba1fff5897a5f5c
                                                                                                                                              • Instruction ID: 7cf265298f8ae4c2c4586e2e1eef3c96f0d827603146793af8923f5675885b80
                                                                                                                                              • Opcode Fuzzy Hash: 7928e8acb0f3bf95a95806c5ee37cf780a020151f3d59b515ba1fff5897a5f5c
                                                                                                                                              • Instruction Fuzzy Hash: 73E09235B0421427E314A55A8C86EFA725C9B48340F40457FBE05D7382ED74AD4082E9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041E1A0, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                              			E0041E1A0(int __eax, signed int __ecx, int __edx) {
				short _v16;
				signed int _t5;
				signed int _t10;

				_push(__ecx);
				_t10 = __ecx;
				if(GetLocaleInfoW(__eax, __edx,  &_v16, 2) <= 0) {
					_t5 = _t10;
				} else {
					_t5 = _v16 & 0x0000ffff;
				}
				return _t5;
			}






                                                                                                                                              0x0041e1a3
                                                                                                                                              0x0041e1a4
                                                                                                                                              0x0041e1ba
                                                                                                                                              0x0041e1c2
                                                                                                                                              0x0041e1bc
                                                                                                                                              0x0041e1bc
                                                                                                                                              0x0041e1bc
                                                                                                                                              0x0041e1c8

                                                                                                                                              APIs
                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,0000000F,?,00000002,0000002C,?,?,?,0041E2A2,?,00000001,00000000,0041E4B1), ref: 0041E1B3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InfoLocale
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2299586839-0
                                                                                                                                              • Opcode ID: 43bf76aed24dc9c521354dcf3a82bfc67647264a5ffb14c8d3d6dbd711227945
                                                                                                                                              • Instruction ID: c7815ca7096205c7b25e67d21c63a0a54a6ca7704bde0e99258243124e7cf7fc
                                                                                                                                              • Opcode Fuzzy Hash: 43bf76aed24dc9c521354dcf3a82bfc67647264a5ffb14c8d3d6dbd711227945
                                                                                                                                              • Instruction Fuzzy Hash: 8AD05EBA30922036E214915B6D45DBB56DCCBC97A2F144C3BBE48C7241D224CC46D275
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004A0F30, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E004A0F30(signed int __eax) {
				short _v8;
				signed int _t6;

				_t6 = GetLocaleInfoW(__eax & 0x0000ffff, 0x20001004,  &_v8, 2);
				if(_t6 <= 0) {
					return _t6 | 0xffffffff;
				}
				return _v8;
			}





                                                                                                                                              0x004a0f46
                                                                                                                                              0x004a0f4d
                                                                                                                                              0x00000000
                                                                                                                                              0x004a0f54
                                                                                                                                              0x00000000

                                                                                                                                              APIs
                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,00000000,?,?,004A1030), ref: 004A0F46
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InfoLocale
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2299586839-0
                                                                                                                                              • Opcode ID: c33d9d24f17edf913d3c59cc52c7a948e32ac160c74623fd23b254e084f3a8be
                                                                                                                                              • Instruction ID: a387aee5510ce7cb312478dcb7dda2bca2cadc0d391de8f1265bd776c9a03677
                                                                                                                                              • Opcode Fuzzy Hash: c33d9d24f17edf913d3c59cc52c7a948e32ac160c74623fd23b254e084f3a8be
                                                                                                                                              • Instruction Fuzzy Hash: 2CD05B61504308BDF504C1965D82D76729C9709324F500616F618D51C1D6A5FE005228
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041C4F8, Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E0041C4F8() {
				struct _SYSTEMTIME* _t2;

				GetLocalTime(_t2);
				return _t2->wYear & 0x0000ffff;
			}




                                                                                                                                              0x0041c4fc
                                                                                                                                              0x0041c508

                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: LocalTime
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 481472006-0
                                                                                                                                              • Opcode ID: 432e8ebe5e08171c98f20f808d41c161dd1ffcd0287293d7c08b14c61d049f45
                                                                                                                                              • Instruction ID: 30d254df6966928add27f6c53b79b67b7018594c25d8f6651389e5cc9869a0f0
                                                                                                                                              • Opcode Fuzzy Hash: 432e8ebe5e08171c98f20f808d41c161dd1ffcd0287293d7c08b14c61d049f45
                                                                                                                                              • Instruction Fuzzy Hash: 90A0120040582001D140331A0C0313930405800624FC40F55BCF8502D5E92D013440D7
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004254D0, Relevance: .5, Instructions: 545COMMONCrypto
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E004254D0(intOrPtr* __eax, intOrPtr __ecx, intOrPtr __edx, intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				char _v25;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				char _v64;
				char* _v68;
				void* _v72;
				char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				signed int _v88;
				char _v89;
				char _v96;
				signed int _v100;
				signed int _v104;
				short* _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				char _v136;
				signed int _t370;
				void* _t375;
				signed int _t377;
				signed int _t381;
				signed int _t389;
				signed int _t395;
				signed int _t411;
				intOrPtr _t422;
				signed int _t426;
				signed int _t435;
				void* _t448;
				signed int _t458;
				char _t460;
				signed int _t474;
				char* _t503;
				signed int _t508;
				signed int _t616;
				signed int _t617;
				signed int _t618;
				signed int _t622;

				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_v20 =  *((intOrPtr*)(_v8 + 0x10));
				_v24 = 0;
				_v32 = (1 <<  *(_v8 + 8)) - 1;
				_v36 = (1 <<  *(_v8 + 4)) - 1;
				_v40 =  *_v8;
				_t617 =  *((intOrPtr*)(_v8 + 0x34));
				_t474 =  *(_v8 + 0x44);
				_v44 =  *((intOrPtr*)(_v8 + 0x38));
				_v48 =  *((intOrPtr*)(_v8 + 0x3c));
				_v52 =  *((intOrPtr*)(_v8 + 0x40));
				_v56 =  *((intOrPtr*)(_v8 + 0x48));
				_v60 =  *((intOrPtr*)(_v8 + 0x2c));
				_v64 =  *((intOrPtr*)(_v8 + 0x30));
				_v68 =  *((intOrPtr*)(_v8 + 0x1c));
				_v72 =  *((intOrPtr*)(_v8 + 0xc));
				_t616 =  *((intOrPtr*)(_v8 + 0x28));
				_v128 =  *((intOrPtr*)(_v8 + 0x20));
				_v124 =  *((intOrPtr*)(_v8 + 0x24));
				_v120 = _v12;
				_v136 =  *((intOrPtr*)(_v8 + 0x14));
				_v132 =  *((intOrPtr*)(_v8 + 0x18));
				 *_a4 = 0;
				if(_v56 == 0xffffffff) {
					return 0;
				}
				__eflags = _v72;
				if(_v72 == 0) {
					_v68 =  &_v76;
					_v72 = 1;
					_v76 =  *((intOrPtr*)(_v8 + 0x4c));
				}
				__eflags = _v56 - 0xfffffffe;
				if(_v56 != 0xfffffffe) {
					L12:
					_v108 = _v16 + _v24;
					while(1) {
						__eflags = _v56;
						if(_v56 == 0) {
							break;
						}
						__eflags = _v24 - _a8;
						if(_v24 < _a8) {
							_t458 = _t616 - _t617;
							__eflags = _t458 - _v72;
							if(_t458 >= _v72) {
								_t458 = _t458 + _v72;
								__eflags = _t458;
							}
							_t460 =  *((intOrPtr*)(_v68 + _t458));
							 *((char*)(_v68 + _t616)) = _t460;
							 *_v108 = _t460;
							_v24 = _v24 + 1;
							_v108 = _v108 + 1;
							_t616 = _t616 + 1;
							__eflags = _t616 - _v72;
							if(_t616 == _v72) {
								_t616 = 0;
								__eflags = 0;
							}
							_t116 =  &_v56;
							 *_t116 = _v56 - 1;
							__eflags =  *_t116;
							continue;
						}
						break;
					}
					__eflags = _t616;
					if(_t616 != 0) {
						_v25 =  *((intOrPtr*)(_v68 + _t616 - 1));
					} else {
						_v25 =  *((intOrPtr*)(_v68 + _v72 - 1));
					}
					__eflags = 0;
					_v116 = 0;
					_v112 = 0;
					while(1) {
						L24:
						_v108 = _v16 + _v24;
						__eflags = _v24 - _a8;
						if(_v24 >= _a8) {
							break;
						} else {
							goto L25;
						}
						while(1) {
							L25:
							_v88 = _v24 + _v60 & _v32;
							__eflags = _v116;
							if(_v116 != 0) {
								break;
							}
							__eflags = _v112;
							if(_v112 == 0) {
								_t370 = E00425228((_t474 << 4) + (_t474 << 4) + _v20 + _v88 + _v88,  &_v136);
								__eflags = _t370;
								if(_t370 != 0) {
									_t375 = E00425228(_t474 + _t474 + _v20 + 0x180,  &_v136);
									__eflags = _t375 != 1;
									if(_t375 != 1) {
										_v52 = _v48;
										_v48 = _v44;
										_v44 = _t617;
										__eflags = _t474 - 7;
										if(__eflags >= 0) {
											_t377 = 0xa;
										} else {
											_t377 = 7;
										}
										_t474 = _t377;
										_v56 = E004253D8(_v20 + 0x664, _v88,  &_v136, __eflags);
										_t503 =  &_v136;
										__eflags = _v56 - 4;
										if(_v56 >= 4) {
											_t381 = 3;
										} else {
											_t381 = _v56;
										}
										_v100 = E004252B0((_t381 << 6) + (_t381 << 6) + _v20 + 0x360, _t503, 6);
										__eflags = _v100 - 4;
										if(_v100 < 4) {
											_t618 = _v100;
										} else {
											_v104 = (_v100 >> 1) - 1;
											_t524 = _v104;
											_t622 = (_v100 & 0x00000001 | 0x00000002) << _v104;
											__eflags = _v100 - 0xe;
											if(_v100 >= 0xe) {
												_t395 = E004251C8( &_v136, _t524, _v104 + 0xfffffffc);
												_t618 = _t622 + (_t395 << 4) + E004252F4(_v20 + 0x644,  &_v136, 4);
											} else {
												_t618 = _t622 + E004252F4(_t622 + _t622 + _v20 + 0x560 - _v100 + _v100 + 0xfffffffe,  &_v136, _v104);
											}
										}
										_t617 = _t618 + 1;
										__eflags = _t617;
										if(_t617 != 0) {
											L82:
											_v56 = _v56 + 2;
											__eflags = _t617 - _v64;
											if(_t617 <= _v64) {
												__eflags = _v72 - _v64 - _v56;
												if(_v72 - _v64 <= _v56) {
													_v64 = _v72;
												} else {
													_v64 = _v64 + _v56;
												}
												while(1) {
													_t389 = _t616 - _t617;
													__eflags = _t389 - _v72;
													if(_t389 >= _v72) {
														_t389 = _t389 + _v72;
														__eflags = _t389;
													}
													_v25 =  *((intOrPtr*)(_v68 + _t389));
													 *((char*)(_v68 + _t616)) = _v25;
													_t616 = _t616 + 1;
													__eflags = _t616 - _v72;
													if(_t616 == _v72) {
														_t616 = 0;
														__eflags = 0;
													}
													_v56 = _v56 - 1;
													 *_v108 = _v25;
													_v24 = _v24 + 1;
													_v108 = _v108 + 1;
													__eflags = _v56;
													if(_v56 == 0) {
														break;
													}
													__eflags = _v24 - _a8;
													if(_v24 < _a8) {
														continue;
													}
													break;
												}
												L93:
												__eflags = _v24 - _a8;
												if(_v24 < _a8) {
													continue;
												}
												goto L94;
											}
											return 1;
										} else {
											_v56 = 0xffffffff;
											goto L94;
										}
									}
									_t411 = E00425228(_t474 + _t474 + _v20 + 0x198,  &_v136);
									__eflags = _t411;
									if(_t411 != 0) {
										__eflags = E00425228(_t474 + _t474 + _v20 + 0x1b0,  &_v136);
										if(__eflags != 0) {
											__eflags = E00425228(_t474 + _t474 + _v20 + 0x1c8,  &_v136);
											if(__eflags != 0) {
												_t422 = _v52;
												_v52 = _v48;
											} else {
												_t422 = _v48;
											}
											_v48 = _v44;
										} else {
											_t422 = _v44;
										}
										_v44 = _t617;
										_t617 = _t422;
										L65:
										_v56 = E004253D8(_v20 + 0xa68, _v88,  &_v136, __eflags);
										__eflags = _t474 - 7;
										if(_t474 >= 7) {
											_t426 = 0xb;
										} else {
											_t426 = 8;
										}
										_t474 = _t426;
										goto L82;
									}
									__eflags = E00425228((_t474 << 4) + (_t474 << 4) + _v20 + _v88 + _v88 + 0x1e0,  &_v136);
									if(__eflags != 0) {
										goto L65;
									}
									__eflags = _v64;
									if(_v64 != 0) {
										__eflags = _t474 - 7;
										if(_t474 >= 7) {
											_t508 = 0xb;
										} else {
											_t508 = 9;
										}
										_t474 = _t508;
										_t435 = _t616 - _t617;
										__eflags = _t435 - _v72;
										if(_t435 >= _v72) {
											_t435 = _t435 + _v72;
											__eflags = _t435;
										}
										_v25 =  *((intOrPtr*)(_v68 + _t435));
										 *((char*)(_v68 + _t616)) = _v25;
										_t616 = _t616 + 1;
										__eflags = _t616 - _v72;
										if(_t616 == _v72) {
											_t616 = 0;
											__eflags = 0;
										}
										 *_v108 = _v25;
										_v24 = _v24 + 1;
										__eflags = _v64 - _v72;
										if(_v64 < _v72) {
											_v64 = _v64 + 1;
										}
										goto L24;
									}
									return 1;
								}
								_t448 = (((_v24 + _v60 & _v36) << _v40) + (0 >> 8 - _v40) << 8) + (((_v24 + _v60 & _v36) << _v40) + (0 >> 8 - _v40) << 8) * 2 + (((_v24 + _v60 & _v36) << _v40) + (0 >> 8 - _v40) << 8) + (((_v24 + _v60 & _v36) << _v40) + (0 >> 8 - _v40) << 8) * 2 + _v20 + 0xe6c;
								__eflags = _t474 - 7;
								if(__eflags < 0) {
									_v25 = E00425338(_t448,  &_v136, __eflags);
								} else {
									_v96 = _t616 - _t617;
									__eflags = _v96 - _v72;
									if(__eflags >= 0) {
										_t161 =  &_v96;
										 *_t161 = _v96 + _v72;
										__eflags =  *_t161;
									}
									_v89 =  *((intOrPtr*)(_v68 + _v96));
									_v25 = E00425364(_t448, _v89,  &_v136, __eflags);
								}
								 *_v108 = _v25;
								_v24 = _v24 + 1;
								_v108 = _v108 + 1;
								__eflags = _v64 - _v72;
								if(_v64 < _v72) {
									_t180 =  &_v64;
									 *_t180 = _v64 + 1;
									__eflags =  *_t180;
								}
								 *((char*)(_v68 + _t616)) = _v25;
								_t616 = _t616 + 1;
								__eflags = _t616 - _v72;
								if(_t616 == _v72) {
									_t616 = 0;
									__eflags = 0;
								}
								__eflags = _t474 - 4;
								if(_t474 >= 4) {
									__eflags = _t474 - 0xa;
									if(_t474 >= 0xa) {
										_t474 = _t474 - 6;
									} else {
										_t474 = _t474 - 3;
									}
								} else {
									_t474 = 0;
								}
								goto L93;
							}
							return 1;
						}
						return _v116;
					}
					L94:
					 *((intOrPtr*)(_v8 + 0x20)) = _v128;
					 *((intOrPtr*)(_v8 + 0x24)) = _v124;
					 *((intOrPtr*)(_v8 + 0x28)) = _t616;
					 *((intOrPtr*)(_v8 + 0x2c)) = _v60 + _v24;
					 *((intOrPtr*)(_v8 + 0x30)) = _v64;
					 *((intOrPtr*)(_v8 + 0x34)) = _t617;
					 *((intOrPtr*)(_v8 + 0x38)) = _v44;
					 *((intOrPtr*)(_v8 + 0x3c)) = _v48;
					 *((intOrPtr*)(_v8 + 0x40)) = _v52;
					 *(_v8 + 0x44) = _t474;
					 *((intOrPtr*)(_v8 + 0x48)) = _v56;
					 *((char*)(_v8 + 0x4c)) = _v76;
					 *((intOrPtr*)(_v8 + 0x14)) = _v136;
					 *((intOrPtr*)(_v8 + 0x18)) = _v132;
					 *_a4 = _v24;
					__eflags = 0;
					return 0;
				}
				_v80 = (0x300 <<  *(_v8 + 4) + _v40) + 0x736;
				_v84 = 0;
				_v108 = _v20;
				__eflags = _v84 - _v80;
				if(_v84 >= _v80) {
					L7:
					_v52 = 1;
					_v48 = 1;
					_v44 = 1;
					_t617 = 1;
					_v60 = 0;
					_v64 = 0;
					_t474 = 0;
					_t616 = 0;
					 *((char*)(_v68 + _v72 - 1)) = 0;
					E00425188( &_v136);
					__eflags = _v116;
					if(_v116 != 0) {
						return _v116;
					}
					__eflags = _v112;
					if(_v112 == 0) {
						__eflags = 0;
						_v56 = 0;
						goto L12;
					} else {
						return 1;
					}
				} else {
					goto L6;
				}
				do {
					L6:
					 *_v108 = 0x400;
					_v84 = _v84 + 1;
					_v108 = _v108 + 2;
					__eflags = _v84 - _v80;
				} while (_v84 < _v80);
				goto L7;
			}
























































                                                                                                                                              0x004254dc
                                                                                                                                              0x004254df
                                                                                                                                              0x004254e2
                                                                                                                                              0x004254ed
                                                                                                                                              0x004254f0
                                                                                                                                              0x00425501
                                                                                                                                              0x00425512
                                                                                                                                              0x0042551a
                                                                                                                                              0x00425523
                                                                                                                                              0x00425529
                                                                                                                                              0x0042552f
                                                                                                                                              0x00425538
                                                                                                                                              0x00425541
                                                                                                                                              0x0042554a
                                                                                                                                              0x00425553
                                                                                                                                              0x0042555c
                                                                                                                                              0x00425565
                                                                                                                                              0x0042556e
                                                                                                                                              0x00425577
                                                                                                                                              0x0042557d
                                                                                                                                              0x00425586
                                                                                                                                              0x0042558c
                                                                                                                                              0x00425595
                                                                                                                                              0x004255a3
                                                                                                                                              0x004255a9
                                                                                                                                              0x004255af
                                                                                                                                              0x00000000
                                                                                                                                              0x004255b1
                                                                                                                                              0x004255b8
                                                                                                                                              0x004255bc
                                                                                                                                              0x004255c1
                                                                                                                                              0x004255c4
                                                                                                                                              0x004255d1
                                                                                                                                              0x004255d1
                                                                                                                                              0x004255d4
                                                                                                                                              0x004255d8
                                                                                                                                              0x00425679
                                                                                                                                              0x00425682
                                                                                                                                              0x004256b7
                                                                                                                                              0x004256b7
                                                                                                                                              0x004256bb
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004256c0
                                                                                                                                              0x004256c3
                                                                                                                                              0x00425689
                                                                                                                                              0x0042568b
                                                                                                                                              0x0042568e
                                                                                                                                              0x00425690
                                                                                                                                              0x00425690
                                                                                                                                              0x00425690
                                                                                                                                              0x0042569d
                                                                                                                                              0x0042569e
                                                                                                                                              0x004256a4
                                                                                                                                              0x004256a6
                                                                                                                                              0x004256a9
                                                                                                                                              0x004256ac
                                                                                                                                              0x004256ad
                                                                                                                                              0x004256b0
                                                                                                                                              0x004256b2
                                                                                                                                              0x004256b2
                                                                                                                                              0x004256b2
                                                                                                                                              0x004256b4
                                                                                                                                              0x004256b4
                                                                                                                                              0x004256b4
                                                                                                                                              0x00000000
                                                                                                                                              0x004256b4
                                                                                                                                              0x00000000
                                                                                                                                              0x004256c3
                                                                                                                                              0x004256c5
                                                                                                                                              0x004256c7
                                                                                                                                              0x004256df
                                                                                                                                              0x004256c9
                                                                                                                                              0x004256d3
                                                                                                                                              0x004256d3
                                                                                                                                              0x004256e4
                                                                                                                                              0x004256e6
                                                                                                                                              0x004256e9
                                                                                                                                              0x004256ec
                                                                                                                                              0x004256ec
                                                                                                                                              0x004256f5
                                                                                                                                              0x004256fb
                                                                                                                                              0x004256fe
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00425704
                                                                                                                                              0x00425704
                                                                                                                                              0x0042570d
                                                                                                                                              0x00425710
                                                                                                                                              0x00425714
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x0042571e
                                                                                                                                              0x00425722
                                                                                                                                              0x00425745
                                                                                                                                              0x0042574a
                                                                                                                                              0x0042574c
                                                                                                                                              0x00425825
                                                                                                                                              0x0042582a
                                                                                                                                              0x0042582b
                                                                                                                                              0x0042596b
                                                                                                                                              0x00425971
                                                                                                                                              0x00425974
                                                                                                                                              0x00425977
                                                                                                                                              0x0042597a
                                                                                                                                              0x00425983
                                                                                                                                              0x0042597c
                                                                                                                                              0x0042597c
                                                                                                                                              0x0042597c
                                                                                                                                              0x00425988
                                                                                                                                              0x004259a0
                                                                                                                                              0x004259a3
                                                                                                                                              0x004259a9
                                                                                                                                              0x004259ad
                                                                                                                                              0x004259b4
                                                                                                                                              0x004259af
                                                                                                                                              0x004259af
                                                                                                                                              0x004259af
                                                                                                                                              0x004259d0
                                                                                                                                              0x004259d3
                                                                                                                                              0x004259d7
                                                                                                                                              0x00425a50
                                                                                                                                              0x004259d9
                                                                                                                                              0x004259df
                                                                                                                                              0x004259e2
                                                                                                                                              0x004259ee
                                                                                                                                              0x004259f0
                                                                                                                                              0x004259f4
                                                                                                                                              0x00425a2a
                                                                                                                                              0x00425a4c
                                                                                                                                              0x004259f6
                                                                                                                                              0x00425a1a
                                                                                                                                              0x00425a1a
                                                                                                                                              0x004259f4
                                                                                                                                              0x00425a53
                                                                                                                                              0x00425a53
                                                                                                                                              0x00425a54
                                                                                                                                              0x00425a5f
                                                                                                                                              0x00425a5f
                                                                                                                                              0x00425a63
                                                                                                                                              0x00425a66
                                                                                                                                              0x00425a78
                                                                                                                                              0x00425a7b
                                                                                                                                              0x00425a88
                                                                                                                                              0x00425a7d
                                                                                                                                              0x00425a80
                                                                                                                                              0x00425a80
                                                                                                                                              0x00425a8b
                                                                                                                                              0x00425a8d
                                                                                                                                              0x00425a8f
                                                                                                                                              0x00425a92
                                                                                                                                              0x00425a94
                                                                                                                                              0x00425a94
                                                                                                                                              0x00425a94
                                                                                                                                              0x00425a9d
                                                                                                                                              0x00425aa6
                                                                                                                                              0x00425aa9
                                                                                                                                              0x00425aaa
                                                                                                                                              0x00425aad
                                                                                                                                              0x00425aaf
                                                                                                                                              0x00425aaf
                                                                                                                                              0x00425aaf
                                                                                                                                              0x00425ab1
                                                                                                                                              0x00425aba
                                                                                                                                              0x00425abc
                                                                                                                                              0x00425abf
                                                                                                                                              0x00425ac2
                                                                                                                                              0x00425ac6
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00425acb
                                                                                                                                              0x00425ace
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00425ace
                                                                                                                                              0x00425ad0
                                                                                                                                              0x00425ad3
                                                                                                                                              0x00425ad6
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00425ad6
                                                                                                                                              0x00000000
                                                                                                                                              0x00425a56
                                                                                                                                              0x00425a56
                                                                                                                                              0x00000000
                                                                                                                                              0x00425a56
                                                                                                                                              0x00425a54
                                                                                                                                              0x00425843
                                                                                                                                              0x00425848
                                                                                                                                              0x0042584a
                                                                                                                                              0x004258fa
                                                                                                                                              0x004258fc
                                                                                                                                              0x0042591a
                                                                                                                                              0x0042591c
                                                                                                                                              0x00425923
                                                                                                                                              0x00425929
                                                                                                                                              0x0042591e
                                                                                                                                              0x0042591e
                                                                                                                                              0x0042591e
                                                                                                                                              0x0042592f
                                                                                                                                              0x004258fe
                                                                                                                                              0x004258fe
                                                                                                                                              0x004258fe
                                                                                                                                              0x00425932
                                                                                                                                              0x00425935
                                                                                                                                              0x00425937
                                                                                                                                              0x0042594d
                                                                                                                                              0x00425950
                                                                                                                                              0x00425953
                                                                                                                                              0x0042595c
                                                                                                                                              0x00425955
                                                                                                                                              0x00425955
                                                                                                                                              0x00425955
                                                                                                                                              0x00425961
                                                                                                                                              0x00000000
                                                                                                                                              0x00425961
                                                                                                                                              0x00425871
                                                                                                                                              0x00425873
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00425879
                                                                                                                                              0x0042587d
                                                                                                                                              0x00425889
                                                                                                                                              0x0042588c
                                                                                                                                              0x00425895
                                                                                                                                              0x0042588e
                                                                                                                                              0x0042588e
                                                                                                                                              0x0042588e
                                                                                                                                              0x0042589a
                                                                                                                                              0x0042589e
                                                                                                                                              0x004258a0
                                                                                                                                              0x004258a3
                                                                                                                                              0x004258a5
                                                                                                                                              0x004258a5
                                                                                                                                              0x004258a5
                                                                                                                                              0x004258ae
                                                                                                                                              0x004258b7
                                                                                                                                              0x004258ba
                                                                                                                                              0x004258bb
                                                                                                                                              0x004258be
                                                                                                                                              0x004258c0
                                                                                                                                              0x004258c0
                                                                                                                                              0x004258c0
                                                                                                                                              0x004258c8
                                                                                                                                              0x004258ca
                                                                                                                                              0x004258d0
                                                                                                                                              0x004258d3
                                                                                                                                              0x004258d9
                                                                                                                                              0x004258d9
                                                                                                                                              0x00000000
                                                                                                                                              0x004258d3
                                                                                                                                              0x00000000
                                                                                                                                              0x0042587f
                                                                                                                                              0x0042577c
                                                                                                                                              0x00425781
                                                                                                                                              0x00425784
                                                                                                                                              0x004257c5
                                                                                                                                              0x00425786
                                                                                                                                              0x0042578a
                                                                                                                                              0x00425790
                                                                                                                                              0x00425793
                                                                                                                                              0x00425798
                                                                                                                                              0x00425798
                                                                                                                                              0x00425798
                                                                                                                                              0x00425798
                                                                                                                                              0x004257a4
                                                                                                                                              0x004257b5
                                                                                                                                              0x004257b5
                                                                                                                                              0x004257ce
                                                                                                                                              0x004257d0
                                                                                                                                              0x004257d3
                                                                                                                                              0x004257d9
                                                                                                                                              0x004257dc
                                                                                                                                              0x004257de
                                                                                                                                              0x004257de
                                                                                                                                              0x004257de
                                                                                                                                              0x004257de
                                                                                                                                              0x004257e7
                                                                                                                                              0x004257ea
                                                                                                                                              0x004257eb
                                                                                                                                              0x004257ee
                                                                                                                                              0x004257f0
                                                                                                                                              0x004257f0
                                                                                                                                              0x004257f0
                                                                                                                                              0x004257f2
                                                                                                                                              0x004257f5
                                                                                                                                              0x004257fe
                                                                                                                                              0x00425801
                                                                                                                                              0x0042580b
                                                                                                                                              0x00425803
                                                                                                                                              0x00425803
                                                                                                                                              0x00425803
                                                                                                                                              0x004257f7
                                                                                                                                              0x004257f7
                                                                                                                                              0x004257f7
                                                                                                                                              0x00000000
                                                                                                                                              0x004257f5
                                                                                                                                              0x00000000
                                                                                                                                              0x00425724
                                                                                                                                              0x00000000
                                                                                                                                              0x00425716
                                                                                                                                              0x00425adc
                                                                                                                                              0x00425ae2
                                                                                                                                              0x00425aeb
                                                                                                                                              0x00425af1
                                                                                                                                              0x00425afd
                                                                                                                                              0x00425b06
                                                                                                                                              0x00425b0c
                                                                                                                                              0x00425b15
                                                                                                                                              0x00425b1e
                                                                                                                                              0x00425b27
                                                                                                                                              0x00425b2d
                                                                                                                                              0x00425b36
                                                                                                                                              0x00425b3f
                                                                                                                                              0x00425b4b
                                                                                                                                              0x00425b54
                                                                                                                                              0x00425b5d
                                                                                                                                              0x00425b5f
                                                                                                                                              0x00000000
                                                                                                                                              0x00425b5f
                                                                                                                                              0x004255f5
                                                                                                                                              0x004255f8
                                                                                                                                              0x00425600
                                                                                                                                              0x00425606
                                                                                                                                              0x00425609
                                                                                                                                              0x00425622
                                                                                                                                              0x00425629
                                                                                                                                              0x0042562c
                                                                                                                                              0x0042562f
                                                                                                                                              0x00425632
                                                                                                                                              0x00425634
                                                                                                                                              0x00425639
                                                                                                                                              0x0042563c
                                                                                                                                              0x00425644
                                                                                                                                              0x00425646
                                                                                                                                              0x00425651
                                                                                                                                              0x00425656
                                                                                                                                              0x0042565a
                                                                                                                                              0x00000000
                                                                                                                                              0x0042565c
                                                                                                                                              0x00425664
                                                                                                                                              0x00425668
                                                                                                                                              0x00425674
                                                                                                                                              0x00425676
                                                                                                                                              0x00000000
                                                                                                                                              0x0042566a
                                                                                                                                              0x00000000
                                                                                                                                              0x0042566a
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x0042560b
                                                                                                                                              0x0042560b
                                                                                                                                              0x0042560e
                                                                                                                                              0x00425613
                                                                                                                                              0x00425616
                                                                                                                                              0x0042561d
                                                                                                                                              0x0042561d
                                                                                                                                              0x00000000

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 7cb438cf7f0ff76753a1d16800e3023f3e313fbbfbb21f985cf38b771b24bb28
                                                                                                                                              • Instruction ID: 714bfb58b2794d167d20b22a4996e34f8aecc2b55e378ed3f9398e5555f8a7d3
                                                                                                                                              • Opcode Fuzzy Hash: 7cb438cf7f0ff76753a1d16800e3023f3e313fbbfbb21f985cf38b771b24bb28
                                                                                                                                              • Instruction Fuzzy Hash: 0D320374E00629DFCB04CF98D981AADBBB2BF88314F64816AD805AB341D774AE42CF54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00431F50, Relevance: .4, Instructions: 408COMMONCrypto
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E00431F50(signed int* __eax, intOrPtr __ecx, signed int __edx) {
				signed int* _v8;
				signed int* _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				unsigned int* _t96;
				unsigned int* _t106;
				signed int* _t108;
				signed int _t109;

				_t109 = __edx;
				_v16 = __ecx;
				_v12 = __eax;
				_t106 =  &_v24;
				_t108 =  &_v28;
				_t96 =  &_v20;
				 *_t96 = __edx + 0xdeadbeef + _v16;
				 *_t106 =  *_t96;
				 *_t108 =  *_t96;
				_v8 = _v12;
				if((_v8 & 0x00000003) != 0) {
					if(__edx <= 0xc) {
						L20:
						if(_t109 > 0xc) {
							L23:
							 *_t108 =  *_t108 + ((_v8[2] & 0x000000ff) << 0x18);
							L24:
							 *_t108 =  *_t108 + ((_v8[2] & 0x000000ff) << 0x10);
							L25:
							 *_t108 =  *_t108 + ((_v8[2] & 0x000000ff) << 8);
							L26:
							 *_t108 =  *_t108 + (_v8[2] & 0x000000ff);
							L27:
							 *_t106 =  *_t106 + ((_v8[1] & 0x000000ff) << 0x18);
							L28:
							 *_t106 =  *_t106 + ((_v8[1] & 0x000000ff) << 0x10);
							L29:
							 *_t106 =  *_t106 + ((_v8[1] & 0x000000ff) << 8);
							L30:
							 *_t106 =  *_t106 + (_v8[1] & 0x000000ff);
							L31:
							 *_t96 =  *_t96 + ((_v8[0] & 0x000000ff) << 0x18);
							L32:
							 *_t96 =  *_t96 + ((_v8[0] & 0x000000ff) << 0x10);
							L33:
							 *_t96 =  *_t96 + ((_v8[0] & 0x000000ff) << 8);
							L34:
							 *_t96 =  *_t96 + ( *_v8 & 0x000000ff);
							L35:
							 *_t108 =  *_t108 ^  *_t106;
							 *_t108 =  *_t108 - ( *_t106 << 0x0000000e |  *_t106 >> 0x00000012);
							 *_t96 =  *_t96 ^  *_t108;
							 *_t96 =  *_t96 - ( *_t108 << 0x0000000b |  *_t108 >> 0x00000015);
							 *_t106 =  *_t106 ^  *_t96;
							 *_t106 =  *_t106 - ( *_t96 << 0x00000019 |  *_t96 >> 0x00000007);
							 *_t108 =  *_t108 ^  *_t106;
							 *_t108 =  *_t108 - ( *_t106 << 0x00000010 |  *_t106 >> 0x00000010);
							 *_t96 =  *_t96 ^  *_t108;
							 *_t96 =  *_t96 - ( *_t108 << 0x00000004 |  *_t108 >> 0x0000001c);
							 *_t106 =  *_t106 ^  *_t96;
							 *_t106 =  *_t106 - ( *_t96 << 0x0000000e |  *_t96 >> 0x00000012);
							 *_t108 =  *_t108 ^  *_t106;
							 *_t108 =  *_t108 - ( *_t106 << 0x00000018 |  *_t106 >> 0x00000008);
							return  *_t108;
						}
						switch( *((intOrPtr*)(_t109 * 4 +  &M004322BD))) {
							case 0:
								return  *_t108;
							case 1:
								goto L34;
							case 2:
								goto L33;
							case 3:
								goto L32;
							case 4:
								goto L31;
							case 5:
								goto L30;
							case 6:
								goto L29;
							case 7:
								goto L28;
							case 8:
								goto L27;
							case 9:
								goto L26;
							case 0xa:
								goto L25;
							case 0xb:
								goto L24;
							case 0xc:
								goto L23;
						}
					} else {
						goto L19;
					}
					do {
						L19:
						 *_t96 =  *_t96 + ( *_v8 & 0x000000ff) + ((_v8[0] & 0x000000ff) << 8) + ((_v8[0] & 0x000000ff) << 0x10) + ((_v8[0] & 0x000000ff) << 0x18);
						 *_t106 =  *_t106 + (_v8[1] & 0x000000ff) + ((_v8[1] & 0x000000ff) << 8) + ((_v8[1] & 0x000000ff) << 0x10) + ((_v8[1] & 0x000000ff) << 0x18);
						 *_t108 =  *_t108 + (_v8[2] & 0x000000ff) + ((_v8[2] & 0x000000ff) << 8) + ((_v8[2] & 0x000000ff) << 0x10) + ((_v8[2] & 0x000000ff) << 0x18);
						 *_t96 =  *_t96 -  *_t108;
						 *_t96 =  *_t96 ^ ( *_t108 << 0x00000004 |  *_t108 >> 0x0000001c);
						 *_t108 =  *_t108 +  *_t106;
						 *_t106 =  *_t106 -  *_t96;
						 *_t106 =  *_t106 ^ ( *_t96 << 0x00000006 |  *_t96 >> 0x0000001a);
						 *_t96 =  *_t96 +  *_t108;
						 *_t108 =  *_t108 -  *_t106;
						 *_t108 =  *_t108 ^ ( *_t106 << 0x00000008 |  *_t106 >> 0x00000018);
						 *_t106 =  *_t106 +  *_t96;
						 *_t96 =  *_t96 -  *_t108;
						 *_t96 =  *_t96 ^ ( *_t108 << 0x00000010 |  *_t108 >> 0x00000010);
						 *_t108 =  *_t108 +  *_t106;
						 *_t106 =  *_t106 -  *_t96;
						 *_t106 =  *_t106 ^ ( *_t96 << 0x00000013 |  *_t96 >> 0x0000000d);
						 *_t96 =  *_t96 +  *_t108;
						 *_t108 =  *_t108 -  *_t106;
						 *_t108 =  *_t108 ^ ( *_t106 << 0x00000004 |  *_t106 >> 0x0000001c);
						 *_t106 =  *_t106 +  *_t96;
						_t109 = _t109 - 0xc;
						_v8 =  &(_v8[3]);
					} while (_t109 > 0xc);
					goto L20;
				}
				if(__edx <= 0xc) {
					L3:
					if(_t109 > 0xc) {
						goto L35;
					}
					switch( *((intOrPtr*)(_t109 * 4 +  &M00432051))) {
						case 0:
							return  *_t108;
						case 1:
							_v8 =  *_v8;
							__edx =  *_v8 & 0x000000ff;
							 *__eax =  *__eax + ( *_v8 & 0x000000ff);
							goto L35;
						case 2:
							_v8 =  *_v8;
							__edx =  *_v8 & 0x0000ffff;
							 *__eax =  *__eax + ( *_v8 & 0x0000ffff);
							goto L35;
						case 3:
							_v8 =  *_v8;
							__edx =  *_v8 & 0x00ffffff;
							 *__eax =  *__eax + ( *_v8 & 0x00ffffff);
							goto L35;
						case 4:
							_v8 =  *_v8;
							 *__eax =  *__eax +  *_v8;
							goto L35;
						case 5:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							__edx =  *(__edx + 4);
							 *__ebx =  *__ebx + __edx;
							goto L35;
						case 6:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							__edx =  *(__edx + 4);
							 *__ebx =  *__ebx + __edx;
							goto L35;
						case 7:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							__edx =  *(__edx + 4);
							 *__ebx =  *__ebx + __edx;
							goto L35;
						case 8:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							 *__ebx =  *__ebx + __edx;
							goto L35;
						case 9:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							 *__ebx =  *__ebx +  *(__edx + 4);
							__edx =  *(__edx + 8);
							 *__ecx =  *__ecx + __edx;
							goto L35;
						case 0xa:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							 *__ebx =  *__ebx +  *(__edx + 4);
							__edx =  *(__edx + 8);
							 *__ecx =  *__ecx + __edx;
							goto L35;
						case 0xb:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							 *__ebx =  *__ebx +  *(__edx + 4);
							__edx =  *(__edx + 8);
							 *__ecx =  *__ecx + __edx;
							goto L35;
						case 0xc:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							 *__ebx =  *__ebx +  *(__edx + 4);
							 *__ecx =  *__ecx + __edx;
							goto L35;
					}
				} else {
					goto L2;
				}
				do {
					L2:
					 *_t96 =  *_t96 +  *_v8;
					 *_t106 =  *_t106 + _v8[1];
					 *_t108 =  *_t108 + _v8[2];
					 *_t96 =  *_t96 -  *_t108;
					 *_t96 =  *_t96 ^ ( *_t108 << 0x00000004 |  *_t108 >> 0x0000001c);
					 *_t108 =  *_t108 +  *_t106;
					 *_t106 =  *_t106 -  *_t96;
					 *_t106 =  *_t106 ^ ( *_t96 << 0x00000006 |  *_t96 >> 0x0000001a);
					 *_t96 =  *_t96 +  *_t108;
					 *_t108 =  *_t108 -  *_t106;
					 *_t108 =  *_t108 ^ ( *_t106 << 0x00000008 |  *_t106 >> 0x00000018);
					 *_t106 =  *_t106 +  *_t96;
					 *_t96 =  *_t96 -  *_t108;
					 *_t96 =  *_t96 ^ ( *_t108 << 0x00000010 |  *_t108 >> 0x00000010);
					 *_t108 =  *_t108 +  *_t106;
					 *_t106 =  *_t106 -  *_t96;
					 *_t106 =  *_t106 ^ ( *_t96 << 0x00000013 |  *_t96 >> 0x0000000d);
					 *_t96 =  *_t96 +  *_t108;
					 *_t108 =  *_t108 -  *_t106;
					 *_t108 =  *_t108 ^ ( *_t106 << 0x00000004 |  *_t106 >> 0x0000001c);
					 *_t106 =  *_t106 +  *_t96;
					_t109 = _t109 - 0xc;
					_v8 = _v8 + 0xc;
				} while (_t109 > 0xc);
				goto L3;
			}













                                                                                                                                              0x00431f50
                                                                                                                                              0x00431f59
                                                                                                                                              0x00431f5c
                                                                                                                                              0x00431f5f
                                                                                                                                              0x00431f62
                                                                                                                                              0x00431f65
                                                                                                                                              0x00431f73
                                                                                                                                              0x00431f77
                                                                                                                                              0x00431f7b
                                                                                                                                              0x00431f80
                                                                                                                                              0x00431f87
                                                                                                                                              0x00432191
                                                                                                                                              0x004322b1
                                                                                                                                              0x004322b4
                                                                                                                                              0x004322f8
                                                                                                                                              0x00432302
                                                                                                                                              0x00432304
                                                                                                                                              0x0043230e
                                                                                                                                              0x00432310
                                                                                                                                              0x0043231a
                                                                                                                                              0x0043231c
                                                                                                                                              0x00432323
                                                                                                                                              0x00432325
                                                                                                                                              0x0043232f
                                                                                                                                              0x00432331
                                                                                                                                              0x0043233b
                                                                                                                                              0x0043233d
                                                                                                                                              0x00432347
                                                                                                                                              0x00432349
                                                                                                                                              0x00432350
                                                                                                                                              0x00432352
                                                                                                                                              0x0043235c
                                                                                                                                              0x0043235e
                                                                                                                                              0x00432368
                                                                                                                                              0x0043236a
                                                                                                                                              0x00432374
                                                                                                                                              0x00432376
                                                                                                                                              0x0043237c
                                                                                                                                              0x0043237e
                                                                                                                                              0x00432380
                                                                                                                                              0x0043238e
                                                                                                                                              0x00432392
                                                                                                                                              0x004323a0
                                                                                                                                              0x004323a4
                                                                                                                                              0x004323b2
                                                                                                                                              0x004323b6
                                                                                                                                              0x004323c4
                                                                                                                                              0x004323c8
                                                                                                                                              0x004323d6
                                                                                                                                              0x004323da
                                                                                                                                              0x004323e8
                                                                                                                                              0x004323ec
                                                                                                                                              0x004323fa
                                                                                                                                              0x00000000
                                                                                                                                              0x004323fc
                                                                                                                                              0x004322b6
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00432197
                                                                                                                                              0x00432197
                                                                                                                                              0x004321c1
                                                                                                                                              0x004321ee
                                                                                                                                              0x0043221b
                                                                                                                                              0x0043221f
                                                                                                                                              0x0043222d
                                                                                                                                              0x00432231
                                                                                                                                              0x00432235
                                                                                                                                              0x00432243
                                                                                                                                              0x00432247
                                                                                                                                              0x0043224b
                                                                                                                                              0x00432259
                                                                                                                                              0x0043225d
                                                                                                                                              0x00432261
                                                                                                                                              0x0043226f
                                                                                                                                              0x00432273
                                                                                                                                              0x00432277
                                                                                                                                              0x00432285
                                                                                                                                              0x00432289
                                                                                                                                              0x0043228d
                                                                                                                                              0x0043229b
                                                                                                                                              0x0043229f
                                                                                                                                              0x004322a1
                                                                                                                                              0x004322a4
                                                                                                                                              0x004322a8
                                                                                                                                              0x00000000
                                                                                                                                              0x00432197
                                                                                                                                              0x00431f90
                                                                                                                                              0x00432041
                                                                                                                                              0x00432044
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x0043204a
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x0043208f
                                                                                                                                              0x00432091
                                                                                                                                              0x00432097
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004320a1
                                                                                                                                              0x004320a3
                                                                                                                                              0x004320a9
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004320b3
                                                                                                                                              0x004320b5
                                                                                                                                              0x004320bb
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004320c5
                                                                                                                                              0x004320c7
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004320ce
                                                                                                                                              0x004320d3
                                                                                                                                              0x004320d5
                                                                                                                                              0x004320de
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004320e5
                                                                                                                                              0x004320ea
                                                                                                                                              0x004320ec
                                                                                                                                              0x004320f5
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004320fc
                                                                                                                                              0x00432101
                                                                                                                                              0x00432103
                                                                                                                                              0x0043210c
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00432113
                                                                                                                                              0x00432118
                                                                                                                                              0x0043211d
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00432124
                                                                                                                                              0x00432129
                                                                                                                                              0x0043212e
                                                                                                                                              0x00432130
                                                                                                                                              0x00432139
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00432140
                                                                                                                                              0x00432145
                                                                                                                                              0x0043214a
                                                                                                                                              0x0043214c
                                                                                                                                              0x00432155
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x0043215c
                                                                                                                                              0x00432161
                                                                                                                                              0x00432166
                                                                                                                                              0x00432168
                                                                                                                                              0x00432171
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00432178
                                                                                                                                              0x0043217d
                                                                                                                                              0x00432182
                                                                                                                                              0x00432187
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00431f96
                                                                                                                                              0x00431f96
                                                                                                                                              0x00431f9b
                                                                                                                                              0x00431fa3
                                                                                                                                              0x00431fab
                                                                                                                                              0x00431faf
                                                                                                                                              0x00431fbd
                                                                                                                                              0x00431fc1
                                                                                                                                              0x00431fc5
                                                                                                                                              0x00431fd3
                                                                                                                                              0x00431fd7
                                                                                                                                              0x00431fdb
                                                                                                                                              0x00431fe9
                                                                                                                                              0x00431fed
                                                                                                                                              0x00431ff1
                                                                                                                                              0x00431fff
                                                                                                                                              0x00432003
                                                                                                                                              0x00432007
                                                                                                                                              0x00432015
                                                                                                                                              0x00432019
                                                                                                                                              0x0043201d
                                                                                                                                              0x0043202b
                                                                                                                                              0x0043202f
                                                                                                                                              0x00432031
                                                                                                                                              0x00432034
                                                                                                                                              0x00432038
                                                                                                                                              0x00000000

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3a53240d1ff2e6a54c485aafc29675fea109497b1cbdbcdb71818d823280feeb
                                                                                                                                              • Instruction ID: 4f2c7345300522f8efab797650d0f57aff86ffded578c1633b2e6f11b4f1150f
                                                                                                                                              • Opcode Fuzzy Hash: 3a53240d1ff2e6a54c485aafc29675fea109497b1cbdbcdb71818d823280feeb
                                                                                                                                              • Instruction Fuzzy Hash: AF02BE32900235DFDB92CF6DC540109B7B6FF8A72472A82D6D854AB229D270AE52DFD1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040ECB4, Relevance: .2, Instructions: 210COMMONCrypto
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 88%
                                                                                                                                              			E0040ECB4(signed int __eax, void* __ebx, void* __ecx, void* __edx, signed int __edi, void* __esi) {
				signed char _t146;
				signed char _t147;
				signed char _t148;
				signed char _t149;
				signed char _t150;
				signed char _t151;
				signed char _t152;
				signed char _t153;
				signed char _t154;
				signed char _t155;
				signed char _t156;
				signed char _t157;
				signed char _t158;
				signed char _t159;
				signed char _t160;
				signed char _t161;
				signed char _t162;
				signed char _t163;
				signed char _t164;
				signed char _t165;
				signed char _t166;
				signed char _t167;
				signed char _t168;
				signed char _t169;
				signed char _t170;
				signed char _t171;
				signed char _t172;
				signed char _t173;
				signed char _t174;
				signed char _t175;
				signed char _t176;
				signed char _t177;
				signed char _t178;
				signed char _t179;
				signed char _t180;
				signed char _t181;
				void* _t184;
				void* _t188;
				void* _t196;
				void* _t204;
				void* _t209;
				void* _t210;
				void* _t211;
				void* _t212;
				void* _t213;
				void* _t214;
				void* _t215;
				void* _t216;
				void* _t220;
				void* _t228;
				void* _t236;
				void* _t246;

				_t146 = __eax ^ 0x00000006;
				_t184 = __ebx - 1;
				 *((intOrPtr*)(__edi + 0x340000ff)) =  *((intOrPtr*)(__edi + 0x340000ff)) + _t184;
				_push(es);
				 *((intOrPtr*)(_t146 + 0x340000ff)) =  *((intOrPtr*)(_t146 + 0x340000ff)) + _t146;
				_push(es);
				 *((intOrPtr*)(__ecx + 0x340000ff)) =  *((intOrPtr*)(__ecx + 0x340000ff)) + _t146;
				_push(es);
				 *((intOrPtr*)(__edx + 0x340000ff)) =  *((intOrPtr*)(__edx + 0x340000ff)) + _t146;
				_push(es);
				_t188 = _t184 - 0xfffffffffffffffe;
				 *((intOrPtr*)(_t188 + 0x340000ff)) =  *((intOrPtr*)(_t188 + 0x340000ff)) + _t146;
				_push(es);
				 *((intOrPtr*)(__edi + 0x6340000 + __edi * 8)) =  *((intOrPtr*)(__edi + 0x6340000 + __edi * 8)) + _t146;
				 *((intOrPtr*)(_t246 + 0x340000ff)) =  *((intOrPtr*)(_t246 + 0x340000ff)) + _t146;
				_push(es);
				 *((intOrPtr*)(__esi + 0x340000ff)) =  *((intOrPtr*)(__esi + 0x340000ff)) + _t146;
				_push(es);
				 *((intOrPtr*)(__edi + 0x340000ff)) =  *((intOrPtr*)(__edi + 0x340000ff)) + _t146;
				_push(es);
				 *((intOrPtr*)(_t146 + 0x340000ff)) =  *((intOrPtr*)(_t146 + 0x340000ff)) + __ecx;
				_push(es);
				 *((intOrPtr*)(__ecx + 0x340000ff)) =  *((intOrPtr*)(__ecx + 0x340000ff)) + __ecx;
				_push(es);
				 *((intOrPtr*)(__edx + 0x340000ff)) =  *((intOrPtr*)(__edx + 0x340000ff)) + __ecx;
				_push(es);
				_t196 = _t188 - 0xfffffffffffffffa;
				 *((intOrPtr*)(_t196 + 0x340000ff)) =  *((intOrPtr*)(_t196 + 0x340000ff)) + __ecx;
				_push(es);
				 *((intOrPtr*)(__edi + 0x6340000 + __edi * 8)) =  *((intOrPtr*)(__edi + 0x6340000 + __edi * 8)) + __ecx;
				 *((intOrPtr*)(_t246 + 0x340000ff)) =  *((intOrPtr*)(_t246 + 0x340000ff)) + __ecx;
				_push(es);
				 *((intOrPtr*)(__esi + 0x340000ff)) =  *((intOrPtr*)(__esi + 0x340000ff)) + __ecx;
				_push(es);
				 *((intOrPtr*)(__edi + 0x340000ff)) =  *((intOrPtr*)(__edi + 0x340000ff)) + __ecx;
				_push(es);
				 *((intOrPtr*)(_t146 - 1)) =  *((intOrPtr*)(_t146 - 1)) + __edx;
				 *_t146 =  *_t146 + _t146;
				_t147 = _t146 ^ 0x00000006;
				 *((intOrPtr*)(__ecx - 1)) =  *((intOrPtr*)(__ecx - 1)) + __edx;
				 *_t147 =  *_t147 + _t147;
				_t148 = _t147 ^ 0x00000006;
				 *((intOrPtr*)(__edx - 1)) =  *((intOrPtr*)(__edx - 1)) + __edx;
				 *_t148 =  *_t148 + _t148;
				_t149 = _t148 ^ 0x00000006;
				_t204 = _t196 - 0xfffffffffffffffa;
				 *((intOrPtr*)(_t204 - 1)) =  *((intOrPtr*)(_t204 - 1)) + __edx;
				 *_t149 =  *_t149 + _t149;
				_t150 = _t149 ^ 0x00000006;
				 *((intOrPtr*)(__edi + __edi * 8)) =  *((intOrPtr*)(__edi + __edi * 8)) + __edx;
				 *((intOrPtr*)(__esi + _t150)) =  *((intOrPtr*)(__esi + _t150)) + __edx;
				 *((intOrPtr*)(_t246 - 1)) =  *((intOrPtr*)(_t246 - 1)) + __edx;
				 *_t150 =  *_t150 + _t150;
				_t151 = _t150 ^ 0x00000006;
				 *((intOrPtr*)(__esi - 1)) =  *((intOrPtr*)(__esi - 1)) + __edx;
				 *_t151 =  *_t151 + _t151;
				_t152 = _t151 ^ 0x00000006;
				 *((intOrPtr*)(__edi - 1)) =  *((intOrPtr*)(__edi - 1)) + __edx;
				 *_t152 =  *_t152 + _t152;
				_t153 = _t152 ^ 0x00000006;
				_t209 = _t204 - 0xfffffffffffffffd;
				 *((intOrPtr*)(_t153 - 1)) =  *((intOrPtr*)(_t153 - 1)) + _t209;
				 *_t153 =  *_t153 + _t153;
				_t154 = _t153 ^ 0x00000006;
				_t210 = _t209 - 1;
				 *((intOrPtr*)(__ecx - 1)) =  *((intOrPtr*)(__ecx - 1)) + _t210;
				 *_t154 =  *_t154 + _t154;
				_t155 = _t154 ^ 0x00000006;
				_t211 = _t210 - 1;
				 *((intOrPtr*)(__edx - 1)) =  *((intOrPtr*)(__edx - 1)) + _t211;
				 *_t155 =  *_t155 + _t155;
				_t156 = _t155 ^ 0x00000006;
				_t212 = _t211 - 1;
				 *((intOrPtr*)(_t212 - 1)) =  *((intOrPtr*)(_t212 - 1)) + _t212;
				 *_t156 =  *_t156 + _t156;
				_t157 = _t156 ^ 0x00000006;
				_t213 = _t212 - 1;
				 *((intOrPtr*)(__edi + __edi * 8)) =  *((intOrPtr*)(__edi + __edi * 8)) + _t213;
				 *((intOrPtr*)(__esi + _t157)) =  *((intOrPtr*)(__esi + _t157)) + __edx;
				_t214 = _t213 - 1;
				 *((intOrPtr*)(_t246 - 1)) =  *((intOrPtr*)(_t246 - 1)) + _t214;
				 *_t157 =  *_t157 + _t157;
				_t158 = _t157 ^ 0x00000006;
				_t215 = _t214 - 1;
				 *((intOrPtr*)(__esi - 1)) =  *((intOrPtr*)(__esi - 1)) + _t215;
				 *_t158 =  *_t158 + _t158;
				_t159 = _t158 ^ 0x00000006;
				_t216 = _t215 - 1;
				 *((intOrPtr*)(__edi - 1)) =  *((intOrPtr*)(__edi - 1)) + _t216;
				 *_t159 =  *_t159 + _t159;
				_t160 = _t159 ^ 0x00000006;
				 *((intOrPtr*)(_t160 - 1)) =  *((intOrPtr*)(_t160 - 1)) + _t160;
				 *_t160 =  *_t160 + _t160;
				_t161 = _t160 ^ 0x00000006;
				 *((intOrPtr*)(__ecx - 1)) =  *((intOrPtr*)(__ecx - 1)) + _t161;
				 *_t161 =  *_t161 + _t161;
				_t162 = _t161 ^ 0x00000006;
				 *((intOrPtr*)(__edx - 1)) =  *((intOrPtr*)(__edx - 1)) + _t162;
				 *_t162 =  *_t162 + _t162;
				_t163 = _t162 ^ 0x00000006;
				_t220 = _t216 - 0xfffffffffffffffe;
				 *((intOrPtr*)(_t220 - 1)) =  *((intOrPtr*)(_t220 - 1)) + _t163;
				 *_t163 =  *_t163 + _t163;
				_t164 = _t163 ^ 0x00000006;
				 *((intOrPtr*)(__edi + __edi * 8)) =  *((intOrPtr*)(__edi + __edi * 8)) + _t164;
				 *((intOrPtr*)(__esi + _t164)) =  *((intOrPtr*)(__esi + _t164)) + __edx;
				 *((intOrPtr*)(_t246 - 1)) =  *((intOrPtr*)(_t246 - 1)) + _t164;
				 *_t164 =  *_t164 + _t164;
				_t165 = _t164 ^ 0x00000006;
				 *((intOrPtr*)(__esi - 1)) =  *((intOrPtr*)(__esi - 1)) + _t165;
				 *_t165 =  *_t165 + _t165;
				_t166 = _t165 ^ 0x00000006;
				 *((intOrPtr*)(__edi - 1)) =  *((intOrPtr*)(__edi - 1)) + _t166;
				 *_t166 =  *_t166 + _t166;
				_t167 = _t166 ^ 0x00000006;
				 *((intOrPtr*)(_t167 - 1)) =  *((intOrPtr*)(_t167 - 1)) + __ecx;
				 *_t167 =  *_t167 + _t167;
				_t168 = _t167 ^ 0x00000006;
				 *((intOrPtr*)(__ecx - 1)) =  *((intOrPtr*)(__ecx - 1)) + __ecx;
				 *_t168 =  *_t168 + _t168;
				_t169 = _t168 ^ 0x00000006;
				 *((intOrPtr*)(__edx - 1)) =  *((intOrPtr*)(__edx - 1)) + __ecx;
				 *_t169 =  *_t169 + _t169;
				_t170 = _t169 ^ 0x00000006;
				_t228 = _t220 - 0xfffffffffffffffa;
				 *((intOrPtr*)(_t228 - 1)) =  *((intOrPtr*)(_t228 - 1)) + __ecx;
				 *_t170 =  *_t170 + _t170;
				_t171 = _t170 ^ 0x00000006;
				 *((intOrPtr*)(__edi + __edi * 8)) =  *((intOrPtr*)(__edi + __edi * 8)) + __ecx;
				 *((intOrPtr*)(__esi + _t171)) =  *((intOrPtr*)(__esi + _t171)) + __edx;
				 *((intOrPtr*)(_t246 - 1)) =  *((intOrPtr*)(_t246 - 1)) + __ecx;
				 *_t171 =  *_t171 + _t171;
				_t172 = _t171 ^ 0x00000006;
				 *((intOrPtr*)(__esi - 1)) =  *((intOrPtr*)(__esi - 1)) + __ecx;
				 *_t172 =  *_t172 + _t172;
				_t173 = _t172 ^ 0x00000006;
				 *((intOrPtr*)(__edi - 1)) =  *((intOrPtr*)(__edi - 1)) + __ecx;
				 *_t173 =  *_t173 + _t173;
				_t174 = _t173 ^ 0x00000006;
				 *((intOrPtr*)(_t174 - 1)) =  *((intOrPtr*)(_t174 - 1)) + __edx;
				 *_t174 =  *_t174 + _t174;
				_t175 = _t174 ^ 0x00000006;
				 *((intOrPtr*)(__ecx - 1)) =  *((intOrPtr*)(__ecx - 1)) + __edx;
				 *_t175 =  *_t175 + _t175;
				_t176 = _t175 ^ 0x00000006;
				 *((intOrPtr*)(__edx - 1)) =  *((intOrPtr*)(__edx - 1)) + __edx;
				 *_t176 =  *_t176 + _t176;
				_t177 = _t176 ^ 0x00000006;
				_t236 = _t228 - 0xfffffffffffffffa;
				 *((intOrPtr*)(_t236 - 1)) =  *((intOrPtr*)(_t236 - 1)) + __edx;
				 *_t177 =  *_t177 + _t177;
				_t178 = _t177 ^ 0x00000006;
				 *((intOrPtr*)(__edi + __edi * 8)) =  *((intOrPtr*)(__edi + __edi * 8)) + __edx;
				 *((intOrPtr*)(__esi + _t178)) =  *((intOrPtr*)(__esi + _t178)) + __edx;
				 *((intOrPtr*)(_t246 - 1)) =  *((intOrPtr*)(_t246 - 1)) + __edx;
				 *_t178 =  *_t178 + _t178;
				_t179 = _t178 ^ 0x00000006;
				 *((intOrPtr*)(__esi - 1)) =  *((intOrPtr*)(__esi - 1)) + __edx;
				 *_t179 =  *_t179 + _t179;
				_t180 = _t179 ^ 0x00000006;
				 *((intOrPtr*)(__edi - 1)) =  *((intOrPtr*)(__edi - 1)) + __edx;
				 *_t180 =  *_t180 + _t180;
				_t181 = _t180 ^ 0x00000006;
				 *((intOrPtr*)(_t181 - 1)) =  *((intOrPtr*)(_t181 - 1)) + _t236 - 0xfffffffffffffffd;
				 *_t181 =  *_t181 + _t181;
				return 0x40ee8a;
			}























































                                                                                                                                              0x0040ecb4
                                                                                                                                              0x0040ecb6
                                                                                                                                              0x0040ecb7
                                                                                                                                              0x0040ecbd
                                                                                                                                              0x0040ecbf
                                                                                                                                              0x0040ecc5
                                                                                                                                              0x0040ecc7
                                                                                                                                              0x0040eccd
                                                                                                                                              0x0040eccf
                                                                                                                                              0x0040ecd5
                                                                                                                                              0x0040ecd6
                                                                                                                                              0x0040ecd7
                                                                                                                                              0x0040ecdd
                                                                                                                                              0x0040ecdf
                                                                                                                                              0x0040ece7
                                                                                                                                              0x0040eced
                                                                                                                                              0x0040ecef
                                                                                                                                              0x0040ecf5
                                                                                                                                              0x0040ecf7
                                                                                                                                              0x0040ecfd
                                                                                                                                              0x0040ecff
                                                                                                                                              0x0040ed05
                                                                                                                                              0x0040ed07
                                                                                                                                              0x0040ed0d
                                                                                                                                              0x0040ed0f
                                                                                                                                              0x0040ed15
                                                                                                                                              0x0040ed16
                                                                                                                                              0x0040ed17
                                                                                                                                              0x0040ed1d
                                                                                                                                              0x0040ed1f
                                                                                                                                              0x0040ed27
                                                                                                                                              0x0040ed2d
                                                                                                                                              0x0040ed2f
                                                                                                                                              0x0040ed35
                                                                                                                                              0x0040ed37
                                                                                                                                              0x0040ed3d
                                                                                                                                              0x0040ed3f
                                                                                                                                              0x0040ed42
                                                                                                                                              0x0040ed44
                                                                                                                                              0x0040ed47
                                                                                                                                              0x0040ed4a
                                                                                                                                              0x0040ed4c
                                                                                                                                              0x0040ed4f
                                                                                                                                              0x0040ed52
                                                                                                                                              0x0040ed54
                                                                                                                                              0x0040ed56
                                                                                                                                              0x0040ed57
                                                                                                                                              0x0040ed5a
                                                                                                                                              0x0040ed5c
                                                                                                                                              0x0040ed5f
                                                                                                                                              0x0040ed63
                                                                                                                                              0x0040ed67
                                                                                                                                              0x0040ed6a
                                                                                                                                              0x0040ed6c
                                                                                                                                              0x0040ed6f
                                                                                                                                              0x0040ed72
                                                                                                                                              0x0040ed74
                                                                                                                                              0x0040ed77
                                                                                                                                              0x0040ed7a
                                                                                                                                              0x0040ed7c
                                                                                                                                              0x0040ed7e
                                                                                                                                              0x0040ed7f
                                                                                                                                              0x0040ed82
                                                                                                                                              0x0040ed84
                                                                                                                                              0x0040ed86
                                                                                                                                              0x0040ed87
                                                                                                                                              0x0040ed8a
                                                                                                                                              0x0040ed8c
                                                                                                                                              0x0040ed8e
                                                                                                                                              0x0040ed8f
                                                                                                                                              0x0040ed92
                                                                                                                                              0x0040ed94
                                                                                                                                              0x0040ed96
                                                                                                                                              0x0040ed97
                                                                                                                                              0x0040ed9a
                                                                                                                                              0x0040ed9c
                                                                                                                                              0x0040ed9e
                                                                                                                                              0x0040ed9f
                                                                                                                                              0x0040eda3
                                                                                                                                              0x0040eda6
                                                                                                                                              0x0040eda7
                                                                                                                                              0x0040edaa
                                                                                                                                              0x0040edac
                                                                                                                                              0x0040edae
                                                                                                                                              0x0040edaf
                                                                                                                                              0x0040edb2
                                                                                                                                              0x0040edb4
                                                                                                                                              0x0040edb6
                                                                                                                                              0x0040edb7
                                                                                                                                              0x0040edba
                                                                                                                                              0x0040edbc
                                                                                                                                              0x0040edbf
                                                                                                                                              0x0040edc2
                                                                                                                                              0x0040edc4
                                                                                                                                              0x0040edc7
                                                                                                                                              0x0040edca
                                                                                                                                              0x0040edcc
                                                                                                                                              0x0040edcf
                                                                                                                                              0x0040edd2
                                                                                                                                              0x0040edd4
                                                                                                                                              0x0040edd6
                                                                                                                                              0x0040edd7
                                                                                                                                              0x0040edda
                                                                                                                                              0x0040eddc
                                                                                                                                              0x0040eddf
                                                                                                                                              0x0040ede3
                                                                                                                                              0x0040ede7
                                                                                                                                              0x0040edea
                                                                                                                                              0x0040edec
                                                                                                                                              0x0040edef
                                                                                                                                              0x0040edf2
                                                                                                                                              0x0040edf4
                                                                                                                                              0x0040edf7
                                                                                                                                              0x0040edfa
                                                                                                                                              0x0040edfc
                                                                                                                                              0x0040edff
                                                                                                                                              0x0040ee02
                                                                                                                                              0x0040ee04
                                                                                                                                              0x0040ee07
                                                                                                                                              0x0040ee0a
                                                                                                                                              0x0040ee0c
                                                                                                                                              0x0040ee0f
                                                                                                                                              0x0040ee12
                                                                                                                                              0x0040ee14
                                                                                                                                              0x0040ee16
                                                                                                                                              0x0040ee17
                                                                                                                                              0x0040ee1a
                                                                                                                                              0x0040ee1c
                                                                                                                                              0x0040ee1f
                                                                                                                                              0x0040ee23
                                                                                                                                              0x0040ee27
                                                                                                                                              0x0040ee2a
                                                                                                                                              0x0040ee2c
                                                                                                                                              0x0040ee2f
                                                                                                                                              0x0040ee32
                                                                                                                                              0x0040ee34
                                                                                                                                              0x0040ee37
                                                                                                                                              0x0040ee3a
                                                                                                                                              0x0040ee3c
                                                                                                                                              0x0040ee3f
                                                                                                                                              0x0040ee42
                                                                                                                                              0x0040ee44
                                                                                                                                              0x0040ee47
                                                                                                                                              0x0040ee4a
                                                                                                                                              0x0040ee4c
                                                                                                                                              0x0040ee4f
                                                                                                                                              0x0040ee52
                                                                                                                                              0x0040ee54
                                                                                                                                              0x0040ee56
                                                                                                                                              0x0040ee57
                                                                                                                                              0x0040ee5a
                                                                                                                                              0x0040ee5c
                                                                                                                                              0x0040ee5f
                                                                                                                                              0x0040ee63
                                                                                                                                              0x0040ee67
                                                                                                                                              0x0040ee6a
                                                                                                                                              0x0040ee6c
                                                                                                                                              0x0040ee6f
                                                                                                                                              0x0040ee72
                                                                                                                                              0x0040ee74
                                                                                                                                              0x0040ee77
                                                                                                                                              0x0040ee7a
                                                                                                                                              0x0040ee7c
                                                                                                                                              0x0040ee7f
                                                                                                                                              0x0040ee82
                                                                                                                                              0x0040ee89

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 622fbd8048fd543cdc2cb0be557f41394da94c826b34e88aea9dfaf07a3619e9
                                                                                                                                              • Instruction ID: 2cea75af83b0793a95f332b946a4bc9c29eeecd7935183ae600d0464b4d82da5
                                                                                                                                              • Opcode Fuzzy Hash: 622fbd8048fd543cdc2cb0be557f41394da94c826b34e88aea9dfaf07a3619e9
                                                                                                                                              • Instruction Fuzzy Hash: 3371B7015EEBCA6FCB97833008A85D6AF61AE5316578B53EBCC818E497914D241EF372
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00405AC0, Relevance: .0, Instructions: 14COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1f1654813ed5821a00b8b7144780f614f73eea8c4dc557e3c0d17b55d1bda45a
                                                                                                                                              • Instruction ID: c1f34be03cf0569538104f0038f02cfb84df381903d0011f2ebedd3a3241928c
                                                                                                                                              • Opcode Fuzzy Hash: 1f1654813ed5821a00b8b7144780f614f73eea8c4dc557e3c0d17b55d1bda45a
                                                                                                                                              • Instruction Fuzzy Hash: 76C0E9B550D6066E975C8F1AB480815FBE5FAC8324364C22EA01C83644D73154518A64
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00427760, Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E00427760() {
				struct HINSTANCE__* _v8;
				intOrPtr _t46;
				void* _t91;

				_v8 = GetModuleHandleW(L"oleaut32.dll");
				 *0x4b30e4 = E00427734("VariantChangeTypeEx", E00427150, _t91);
				 *0x4b30e8 = E00427734("VarNeg", E00427198, _t91);
				 *0x4b30ec = E00427734("VarNot", E00427198, _t91);
				 *0x4b30f0 = E00427734("VarAdd", E004271A4, _t91);
				 *0x4b30f4 = E00427734("VarSub", E004271A4, _t91);
				 *0x4b30f8 = E00427734("VarMul", E004271A4, _t91);
				 *0x4b30fc = E00427734("VarDiv", E004271A4, _t91);
				 *0x4b3100 = E00427734("VarIdiv", E004271A4, _t91);
				 *0x4b3104 = E00427734("VarMod", E004271A4, _t91);
				 *0x4b3108 = E00427734("VarAnd", E004271A4, _t91);
				 *0x4b310c = E00427734("VarOr", E004271A4, _t91);
				 *0x4b3110 = E00427734("VarXor", E004271A4, _t91);
				 *0x4b3114 = E00427734("VarCmp", E004271B0, _t91);
				 *0x4b3118 = E00427734("VarI4FromStr", E004271BC, _t91);
				 *0x4b311c = E00427734("VarR4FromStr", E00427228, _t91);
				 *0x4b3120 = E00427734("VarR8FromStr", E00427298, _t91);
				 *0x4b3124 = E00427734("VarDateFromStr", E00427308, _t91);
				 *0x4b3128 = E00427734("VarCyFromStr", E00427378, _t91);
				 *0x4b312c = E00427734("VarBoolFromStr", E004273E8, _t91);
				 *0x4b3130 = E00427734("VarBstrFromCy", E00427468, _t91);
				 *0x4b3134 = E00427734("VarBstrFromDate", E00427510, _t91);
				_t46 = E00427734("VarBstrFromBool", E004276A0, _t91);
				 *0x4b3138 = _t46;
				return _t46;
			}






                                                                                                                                              0x0042776e
                                                                                                                                              0x00427782
                                                                                                                                              0x00427798
                                                                                                                                              0x004277ae
                                                                                                                                              0x004277c4
                                                                                                                                              0x004277da
                                                                                                                                              0x004277f0
                                                                                                                                              0x00427806
                                                                                                                                              0x0042781c
                                                                                                                                              0x00427832
                                                                                                                                              0x00427848
                                                                                                                                              0x0042785e
                                                                                                                                              0x00427874
                                                                                                                                              0x0042788a
                                                                                                                                              0x004278a0
                                                                                                                                              0x004278b6
                                                                                                                                              0x004278cc
                                                                                                                                              0x004278e2
                                                                                                                                              0x004278f8
                                                                                                                                              0x0042790e
                                                                                                                                              0x00427924
                                                                                                                                              0x0042793a
                                                                                                                                              0x0042794a
                                                                                                                                              0x00427950
                                                                                                                                              0x00427957

                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleW.KERNEL32(oleaut32.dll), ref: 00427769
                                                                                                                                                • Part of subcall function 00427734: GetProcAddress.KERNEL32(00000000), ref: 0042774D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                              • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                                                                                              • API String ID: 1646373207-1918263038
                                                                                                                                              • Opcode ID: 48e8c45941e3087f339835e92e208a9ec034c2b79a5d31d0d58655ea58982c29
                                                                                                                                              • Instruction ID: 0d53f7084111da00e6f8be9bb035bcb00c42a4e9e77ce097fa9a4c868214a819
                                                                                                                                              • Opcode Fuzzy Hash: 48e8c45941e3087f339835e92e208a9ec034c2b79a5d31d0d58655ea58982c29
                                                                                                                                              • Instruction Fuzzy Hash: 224109A070D2349BA308AB6FB84243AB798DB857143E4C17FB8048A745DF38B981C66D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041E8EC, Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 194threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                              			E0041E8EC(void* __eax, void* __ebx, signed int __edx, void* __edi, void* __esi, long long __fp0) {
				signed int _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _t32;
				signed int _t53;
				signed int _t56;
				signed int _t71;
				signed int _t78;
				signed int* _t82;
				signed int _t85;
				void* _t93;
				signed int _t94;
				signed int _t95;
				signed int _t98;
				signed int _t99;
				void* _t105;
				intOrPtr _t106;
				signed int _t109;
				intOrPtr _t116;
				intOrPtr _t117;
				void* _t131;
				void* _t132;
				signed int _t134;
				void* _t136;
				void* _t137;
				void* _t139;
				void* _t140;
				intOrPtr _t141;
				void* _t142;
				long long _t161;

				_t161 = __fp0;
				_t126 = __edi;
				_t109 = __edx;
				_t139 = _t140;
				_t141 = _t140 + 0xfffffff0;
				_push(__edi);
				_v12 = 0;
				_v8 = __edx;
				_t93 = __eax;
				_push(_t139);
				_push(0x41eb81);
				_push( *[fs:eax]);
				 *[fs:eax] = _t141;
				_t32 =  *0x4ac590; // 0x4ad8f8
				_t144 =  *_t32;
				if( *_t32 == 0) {
					E0040552C(0x1a);
				}
				E0040665C(E004068E0( *0x4b07e4, 0, _t126), _t109 | 0xffffffff, _t144);
				_push(_t139);
				_push(0x41eb64);
				_push( *[fs:edx]);
				 *[fs:edx] = _t141;
				 *0x4b07dc = 0;
				_push(0);
				E00409F74();
				_t142 = _t141 + 4;
				E0041E154(_t93, 0x41eb9c, 0x100b,  &_v12);
				_t127 = E0041A2E4(0x41eb9c, 1, _t144);
				if(_t127 + 0xfffffffd - 3 >= 0) {
					__eflags = _t127 - 0xffffffffffffffff;
					if(_t127 - 0xffffffffffffffff < 0) {
						 *0x4b07dc = 1;
						_push(1);
						E00409F74();
						_t142 = _t142 + 4;
						E00407DD4( *0x4b07e0, L"B.C.");
						 *((intOrPtr*)( *0x4b07e0 + 4)) = 0;
						_t71 =  *0x4b07e0;
						 *((intOrPtr*)(_t71 + 8)) = 0xffc00000;
						 *((intOrPtr*)(_t71 + 0xc)) = 0xc1dfffff;
						E0041C2E4(1, 1, 1, __eflags, _t161);
						_v20 = E00405770();
						_v16 = 1;
						asm("fild qword [ebp-0x10]");
						 *((long long*)( *0x4b07e0 + 0x10)) = _t161;
						asm("wait");
						EnumCalendarInfoW(E0041E7C4, GetThreadLocale(), _t127, 4);
						_t78 =  *0x4b07e0;
						__eflags = _t78;
						if(_t78 != 0) {
							_t82 = _t78 - 4;
							__eflags = _t82;
							_t78 =  *_t82;
						}
						_t134 = _t78 - 1;
						__eflags = _t134;
						if(_t134 > 0) {
							_t98 = 1;
							do {
								 *((intOrPtr*)( *0x4b07e0 + 4 + (_t98 + _t98 * 2) * 8)) = 0xffffffff;
								_t98 = _t98 + 1;
								_t134 = _t134 - 1;
								__eflags = _t134;
							} while (_t134 != 0);
						}
						EnumCalendarInfoW(E0041E85C, GetThreadLocale(), _t127, 3);
					}
				} else {
					EnumCalendarInfoW(E0041E7C4, GetThreadLocale(), _t127, 4);
					_t85 =  *0x4b07e0;
					if(_t85 != 0) {
						_t85 =  *(_t85 - 4);
					}
					_t136 = _t85 - 1;
					if(_t136 >= 0) {
						_t137 = _t136 + 1;
						_t99 = 0;
						do {
							 *((intOrPtr*)( *0x4b07e0 + 4 + (_t99 + _t99 * 2) * 8)) = 0xffffffff;
							_t99 = _t99 + 1;
							_t137 = _t137 - 1;
						} while (_t137 != 0);
					}
					EnumCalendarInfoW(E0041E85C, GetThreadLocale(), _t127, 3);
				}
				_t94 =  *0x4b07e0;
				if(_t94 != 0) {
					_t94 =  *(_t94 - 4);
				}
				_push(_t94);
				E00409F74();
				_t53 =  *0x4b07e0;
				if(_t53 != 0) {
					_t53 =  *(_t53 - 4);
				}
				_t131 = _t53 - 1;
				if(_t131 >= 0) {
					_t132 = _t131 + 1;
					_t95 = 0;
					do {
						_t127 = _t95 + _t95 * 2;
						_t106 =  *0x416f2c; // 0x416f30
						E00409010( *((intOrPtr*)(_v8 + 0xbc)) + (_t95 + _t95 * 2) * 8, _t106,  *0x4b07e0 + (_t95 + _t95 * 2) * 8);
						_t95 = _t95 + 1;
						_t132 = _t132 - 1;
					} while (_t132 != 0);
				}
				_t116 =  *0x41e720; // 0x41e724
				E0040A098(0x4b07e0, _t116);
				_t56 =  *0x4b07e0;
				if(_t56 != 0) {
					_t56 =  *(_t56 - 4);
				}
				 *0x4b07dc = _t56;
				_pop(_t117);
				_pop(_t105);
				 *[fs:eax] = _t117;
				_push(0x41eb6b);
				return E0040683C( *0x4b07e4, _t105, _t127);
			}


































                                                                                                                                              0x0041e8ec
                                                                                                                                              0x0041e8ec
                                                                                                                                              0x0041e8ec
                                                                                                                                              0x0041e8ed
                                                                                                                                              0x0041e8ef
                                                                                                                                              0x0041e8f4
                                                                                                                                              0x0041e8f7
                                                                                                                                              0x0041e8fa
                                                                                                                                              0x0041e8fd
                                                                                                                                              0x0041e901
                                                                                                                                              0x0041e902
                                                                                                                                              0x0041e907
                                                                                                                                              0x0041e90a
                                                                                                                                              0x0041e90d
                                                                                                                                              0x0041e912
                                                                                                                                              0x0041e915
                                                                                                                                              0x0041e919
                                                                                                                                              0x0041e919
                                                                                                                                              0x0041e92b
                                                                                                                                              0x0041e932
                                                                                                                                              0x0041e933
                                                                                                                                              0x0041e938
                                                                                                                                              0x0041e93b
                                                                                                                                              0x0041e940
                                                                                                                                              0x0041e946
                                                                                                                                              0x0041e957
                                                                                                                                              0x0041e95c
                                                                                                                                              0x0041e96f
                                                                                                                                              0x0041e981
                                                                                                                                              0x0041e98b
                                                                                                                                              0x0041e9e8
                                                                                                                                              0x0041e9eb
                                                                                                                                              0x0041e9f6
                                                                                                                                              0x0041e9fc
                                                                                                                                              0x0041ea0d
                                                                                                                                              0x0041ea12
                                                                                                                                              0x0041ea1f
                                                                                                                                              0x0041ea2b
                                                                                                                                              0x0041ea2e
                                                                                                                                              0x0041ea33
                                                                                                                                              0x0041ea3a
                                                                                                                                              0x0041ea4d
                                                                                                                                              0x0041ea57
                                                                                                                                              0x0041ea5a
                                                                                                                                              0x0041ea5d
                                                                                                                                              0x0041ea65
                                                                                                                                              0x0041ea68
                                                                                                                                              0x0041ea77
                                                                                                                                              0x0041ea7c
                                                                                                                                              0x0041ea81
                                                                                                                                              0x0041ea83
                                                                                                                                              0x0041ea85
                                                                                                                                              0x0041ea85
                                                                                                                                              0x0041ea88
                                                                                                                                              0x0041ea88
                                                                                                                                              0x0041ea8c
                                                                                                                                              0x0041ea8d
                                                                                                                                              0x0041ea8f
                                                                                                                                              0x0041ea91
                                                                                                                                              0x0041ea96
                                                                                                                                              0x0041ea9f
                                                                                                                                              0x0041eaa7
                                                                                                                                              0x0041eaa8
                                                                                                                                              0x0041eaa8
                                                                                                                                              0x0041eaa8
                                                                                                                                              0x0041ea96
                                                                                                                                              0x0041eab9
                                                                                                                                              0x0041eab9
                                                                                                                                              0x0041e98d
                                                                                                                                              0x0041e99b
                                                                                                                                              0x0041e9a0
                                                                                                                                              0x0041e9a7
                                                                                                                                              0x0041e9ac
                                                                                                                                              0x0041e9ac
                                                                                                                                              0x0041e9b0
                                                                                                                                              0x0041e9b3
                                                                                                                                              0x0041e9b5
                                                                                                                                              0x0041e9b6
                                                                                                                                              0x0041e9b8
                                                                                                                                              0x0041e9c1
                                                                                                                                              0x0041e9c9
                                                                                                                                              0x0041e9ca
                                                                                                                                              0x0041e9ca
                                                                                                                                              0x0041e9b8
                                                                                                                                              0x0041e9db
                                                                                                                                              0x0041e9db
                                                                                                                                              0x0041eac3
                                                                                                                                              0x0041eac7
                                                                                                                                              0x0041eacc
                                                                                                                                              0x0041eacc
                                                                                                                                              0x0041eace
                                                                                                                                              0x0041eae2
                                                                                                                                              0x0041eaea
                                                                                                                                              0x0041eaf1
                                                                                                                                              0x0041eaf6
                                                                                                                                              0x0041eaf6
                                                                                                                                              0x0041eafa
                                                                                                                                              0x0041eafd
                                                                                                                                              0x0041eaff
                                                                                                                                              0x0041eb00
                                                                                                                                              0x0041eb02
                                                                                                                                              0x0041eb02
                                                                                                                                              0x0041eb1a
                                                                                                                                              0x0041eb20
                                                                                                                                              0x0041eb25
                                                                                                                                              0x0041eb26
                                                                                                                                              0x0041eb26
                                                                                                                                              0x0041eb02
                                                                                                                                              0x0041eb2e
                                                                                                                                              0x0041eb34
                                                                                                                                              0x0041eb39
                                                                                                                                              0x0041eb40
                                                                                                                                              0x0041eb45
                                                                                                                                              0x0041eb45
                                                                                                                                              0x0041eb47
                                                                                                                                              0x0041eb4e
                                                                                                                                              0x0041eb50
                                                                                                                                              0x0041eb51
                                                                                                                                              0x0041eb54
                                                                                                                                              0x0041eb63

                                                                                                                                              APIs
                                                                                                                                              • GetThreadLocale.KERNEL32(00000000,00000004), ref: 0041E990
                                                                                                                                              • EnumCalendarInfoW.KERNEL32(0041E7C4,00000000,00000000,00000004), ref: 0041E99B
                                                                                                                                              • GetThreadLocale.KERNEL32(00000000,00000003,0041E7C4,00000000,00000000,00000004), ref: 0041E9D0
                                                                                                                                              • EnumCalendarInfoW.KERNEL32(0041E85C,00000000,00000000,00000003,0041E7C4,00000000,00000000,00000004), ref: 0041E9DB
                                                                                                                                              • GetThreadLocale.KERNEL32(00000000,00000004), ref: 0041EA6C
                                                                                                                                              • EnumCalendarInfoW.KERNEL32(0041E7C4,00000000,00000000,00000004), ref: 0041EA77
                                                                                                                                              • GetThreadLocale.KERNEL32(00000000,00000003,0041E7C4,00000000,00000000,00000004), ref: 0041EAAE
                                                                                                                                              • EnumCalendarInfoW.KERNEL32(0041E85C,00000000,00000000,00000003,0041E7C4,00000000,00000000,00000004), ref: 0041EAB9
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CalendarEnumInfoLocaleThread
                                                                                                                                              • String ID: $A$0oA$B.C.$hpA
                                                                                                                                              • API String ID: 683597275-4049206235
                                                                                                                                              • Opcode ID: 586092908fac795f1ae75f7d09ce9ba69cd4a05a951f472f02cb7e4a83f9f400
                                                                                                                                              • Instruction ID: 31764f9b4395ddee8a33e7efece694c8c2e23c621918c970f88beb3215b81749
                                                                                                                                              • Opcode Fuzzy Hash: 586092908fac795f1ae75f7d09ce9ba69cd4a05a951f472f02cb7e4a83f9f400
                                                                                                                                              • Instruction Fuzzy Hash: 1B61B6746012019FD710DF6ACC81A9AB765FB44354F10867AF911973E5DA38ED81CF9C
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040A5C4, Relevance: 21.0, APIs: 8, Strings: 4, Instructions: 28libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E0040A5C4() {
				signed int _t2;
				_Unknown_base(*)()* _t8;

				InitializeCriticalSection(0x4afc10);
				 *0x4afc28 = 0x7f;
				_t2 = GetVersion() & 0x000000ff;
				 *0x4afc0c = _t2 - 6 >= 0;
				if( *0x4afc0c != 0) {
					 *0x4afc00 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetThreadPreferredUILanguages");
					 *0x4afc04 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "SetThreadPreferredUILanguages");
					_t8 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetThreadUILanguage");
					 *0x4afc08 = _t8;
					return _t8;
				}
				return _t2;
			}





                                                                                                                                              0x0040a5c9
                                                                                                                                              0x0040a5ce
                                                                                                                                              0x0040a5dc
                                                                                                                                              0x0040a5e4
                                                                                                                                              0x0040a5f2
                                                                                                                                              0x0040a609
                                                                                                                                              0x0040a623
                                                                                                                                              0x0040a638
                                                                                                                                              0x0040a63d
                                                                                                                                              0x00000000
                                                                                                                                              0x0040a63d
                                                                                                                                              0x0040a642

                                                                                                                                              APIs
                                                                                                                                              • InitializeCriticalSection.KERNEL32(004AFC10,004A7037,00000400,00000000,004A70D7), ref: 0040A5C9
                                                                                                                                              • GetVersion.KERNEL32(004AFC10,004A7037,00000400,00000000,004A70D7), ref: 0040A5D7
                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadPreferredUILanguages,004AFC10,004A7037,00000400,00000000,004A70D7), ref: 0040A5FE
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A604
                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004AFC10,004A7037,00000400,00000000,004A70D7), ref: 0040A618
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A61E
                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadUILanguage,00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004AFC10,004A7037,00000400,00000000,004A70D7), ref: 0040A632
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A638
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProc$CriticalInitializeSectionVersion
                                                                                                                                              • String ID: GetThreadPreferredUILanguages$GetThreadUILanguage$SetThreadPreferredUILanguages$kernel32.dll
                                                                                                                                              • API String ID: 74573329-1403180336
                                                                                                                                              • Opcode ID: 93963328a1992207510c5a143f88d452738f2b7cd2c03137b8683a113ef3510e
                                                                                                                                              • Instruction ID: 77c12324a04305e01794a5ee660b83a9054d5f7758015fb80e29bcc474d3137b
                                                                                                                                              • Opcode Fuzzy Hash: 93963328a1992207510c5a143f88d452738f2b7cd2c03137b8683a113ef3510e
                                                                                                                                              • Instruction Fuzzy Hash: 9AF012A09813453CE6207FF79C0BB181D286A1271AF684C7BB880B62D3CEBE4654971E
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041E1CC, Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 216threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                              			E0041E1CC(int __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				int _t55;
				void* _t121;
				void* _t128;
				void* _t151;
				void* _t152;
				intOrPtr _t172;
				intOrPtr _t204;
				signed short _t212;
				int _t214;
				intOrPtr _t216;
				intOrPtr _t217;
				void* _t224;

				_t224 = __fp0;
				_t211 = __edi;
				_t216 = _t217;
				_t152 = 7;
				do {
					_push(0);
					_push(0);
					_t152 = _t152 - 1;
				} while (_t152 != 0);
				_push(__edi);
				_t151 = __edx;
				_t214 = __eax;
				_push(_t216);
				_push(0x41e4b1);
				_push( *[fs:eax]);
				 *[fs:eax] = _t217;
				_t55 = IsValidLocale(__eax, 1);
				_t219 = _t55;
				if(_t55 == 0) {
					_t214 = GetThreadLocale();
				}
				_t172 =  *0x417064; // 0x417068
				E0040A098(_t151 + 0xbc, _t172);
				E0041E8EC(_t214, _t151, _t151, _t211, _t214, _t224);
				E0041E5C0(_t214, _t151, _t151, _t211, _t214);
				E0041E67C(_t214, _t151, _t151, _t211, _t214);
				E0041E154(_t214, 0, 0x14,  &_v20);
				E00407DD4(_t151, _v20);
				E0041E154(_t214, 0x41e4cc, 0x1b,  &_v24);
				 *((char*)(_t151 + 4)) = E0041A2E4(0x41e4cc, 0, _t219);
				E0041E154(_t214, 0x41e4cc, 0x1c,  &_v28);
				 *((char*)(_t151 + 0xc6)) = E0041A2E4(0x41e4cc, 0, _t219);
				 *((short*)(_t151 + 0xc0)) = E0041E1A0(_t214, 0x2c, 0xf);
				 *((short*)(_t151 + 0xc2)) = E0041E1A0(_t214, 0x2e, 0xe);
				E0041E154(_t214, 0x41e4cc, 0x19,  &_v32);
				 *((char*)(_t151 + 5)) = E0041A2E4(0x41e4cc, 0, _t219);
				_t212 = E0041E1A0(_t214, 0x2f, 0x1d);
				 *(_t151 + 6) = _t212;
				_push(_t212);
				E0041EC38(_t214, _t151, L"m/d/yy", 0x1f, _t212, _t214, _t219,  &_v36);
				E00407DD4(_t151 + 0xc, _v36);
				_push( *(_t151 + 6) & 0x0000ffff);
				E0041EC38(_t214, _t151, L"mmmm d, yyyy", 0x20, _t212, _t214, _t219,  &_v40);
				E00407DD4(_t151 + 0x10, _v40);
				 *((short*)(_t151 + 8)) = E0041E1A0(_t214, 0x3a, 0x1e);
				E0041E154(_t214, 0x41e520, 0x28,  &_v44);
				E00407DD4(_t151 + 0x14, _v44);
				E0041E154(_t214, 0x41e534, 0x29,  &_v48);
				E00407DD4(_t151 + 0x18, _v48);
				E004079F4( &_v12);
				E004079F4( &_v16);
				E0041E154(_t214, 0x41e4cc, 0x25,  &_v52);
				_t121 = E0041A2E4(0x41e4cc, 0, _t219);
				_t220 = _t121;
				if(_t121 != 0) {
					E00407E1C( &_v8, 0x41e558);
				} else {
					E00407E1C( &_v8, 0x41e548);
				}
				E0041E154(_t214, 0x41e4cc, 0x23,  &_v56);
				_t128 = E0041A2E4(0x41e4cc, 0, _t220);
				_t221 = _t128;
				if(_t128 == 0) {
					E0041E154(_t214, 0x41e4cc, 0x1005,  &_v60);
					if(E0041A2E4(0x41e4cc, 0, _t221) != 0) {
						E00407E1C( &_v12, L"AMPM ");
					} else {
						E00407E1C( &_v16, L" AMPM");
					}
				}
				_push(_v12);
				_push(_v8);
				_push(":mm");
				_push(_v16);
				E004087A4(_t151 + 0x1c, _t151, 4, _t212, _t214);
				_push(_v12);
				_push(_v8);
				_push(L":mm:ss");
				_push(_v16);
				E004087A4(_t151 + 0x20, _t151, 4, _t212, _t214);
				 *((short*)(_t151 + 0xa)) = E0041E1A0(_t214, 0x2c, 0xc);
				 *((short*)(_t151 + 0xc4)) = 0x32;
				_pop(_t204);
				 *[fs:eax] = _t204;
				_push(0x41e4b8);
				return E00407A54( &_v60, 0xe);
			}





























                                                                                                                                              0x0041e1cc
                                                                                                                                              0x0041e1cc
                                                                                                                                              0x0041e1cd
                                                                                                                                              0x0041e1cf
                                                                                                                                              0x0041e1d4
                                                                                                                                              0x0041e1d4
                                                                                                                                              0x0041e1d6
                                                                                                                                              0x0041e1d8
                                                                                                                                              0x0041e1d8
                                                                                                                                              0x0041e1dd
                                                                                                                                              0x0041e1de
                                                                                                                                              0x0041e1e0
                                                                                                                                              0x0041e1e4
                                                                                                                                              0x0041e1e5
                                                                                                                                              0x0041e1ea
                                                                                                                                              0x0041e1ed
                                                                                                                                              0x0041e1f3
                                                                                                                                              0x0041e1f8
                                                                                                                                              0x0041e1fa
                                                                                                                                              0x0041e201
                                                                                                                                              0x0041e201
                                                                                                                                              0x0041e209
                                                                                                                                              0x0041e20f
                                                                                                                                              0x0041e218
                                                                                                                                              0x0041e221
                                                                                                                                              0x0041e22a
                                                                                                                                              0x0041e23c
                                                                                                                                              0x0041e246
                                                                                                                                              0x0041e25b
                                                                                                                                              0x0041e26a
                                                                                                                                              0x0041e27d
                                                                                                                                              0x0041e28c
                                                                                                                                              0x0041e2a2
                                                                                                                                              0x0041e2b9
                                                                                                                                              0x0041e2d0
                                                                                                                                              0x0041e2df
                                                                                                                                              0x0041e2f2
                                                                                                                                              0x0041e2f4
                                                                                                                                              0x0041e2f8
                                                                                                                                              0x0041e309
                                                                                                                                              0x0041e314
                                                                                                                                              0x0041e31d
                                                                                                                                              0x0041e32e
                                                                                                                                              0x0041e339
                                                                                                                                              0x0041e34e
                                                                                                                                              0x0041e362
                                                                                                                                              0x0041e36d
                                                                                                                                              0x0041e382
                                                                                                                                              0x0041e38d
                                                                                                                                              0x0041e395
                                                                                                                                              0x0041e39d
                                                                                                                                              0x0041e3b2
                                                                                                                                              0x0041e3bc
                                                                                                                                              0x0041e3c1
                                                                                                                                              0x0041e3c3
                                                                                                                                              0x0041e3dc
                                                                                                                                              0x0041e3c5
                                                                                                                                              0x0041e3cd
                                                                                                                                              0x0041e3cd
                                                                                                                                              0x0041e3f1
                                                                                                                                              0x0041e3fb
                                                                                                                                              0x0041e400
                                                                                                                                              0x0041e402
                                                                                                                                              0x0041e414
                                                                                                                                              0x0041e425
                                                                                                                                              0x0041e43e
                                                                                                                                              0x0041e427
                                                                                                                                              0x0041e42f
                                                                                                                                              0x0041e42f
                                                                                                                                              0x0041e425
                                                                                                                                              0x0041e443
                                                                                                                                              0x0041e446
                                                                                                                                              0x0041e449
                                                                                                                                              0x0041e44e
                                                                                                                                              0x0041e459
                                                                                                                                              0x0041e45e
                                                                                                                                              0x0041e461
                                                                                                                                              0x0041e464
                                                                                                                                              0x0041e469
                                                                                                                                              0x0041e474
                                                                                                                                              0x0041e489
                                                                                                                                              0x0041e48d
                                                                                                                                              0x0041e498
                                                                                                                                              0x0041e49b
                                                                                                                                              0x0041e49e
                                                                                                                                              0x0041e4b0

                                                                                                                                              APIs
                                                                                                                                              • IsValidLocale.KERNEL32(?,00000001,00000000,0041E4B1,?,?,?,?,00000000,00000000), ref: 0041E1F3
                                                                                                                                              • GetThreadLocale.KERNEL32(?,00000001,00000000,0041E4B1,?,?,?,?,00000000,00000000), ref: 0041E1FC
                                                                                                                                                • Part of subcall function 0041E1A0: GetLocaleInfoW.KERNEL32(?,0000000F,?,00000002,0000002C,?,?,?,0041E2A2,?,00000001,00000000,0041E4B1), ref: 0041E1B3
                                                                                                                                                • Part of subcall function 0041E154: GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 0041E172
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Locale$Info$ThreadValid
                                                                                                                                              • String ID: AMPM$2$:mm$:mm:ss$AMPM $hpA$m/d/yy$mmmm d, yyyy
                                                                                                                                              • API String ID: 233154393-3514583240
                                                                                                                                              • Opcode ID: cd2e1eec404eaaf93342958035b3c9dc4f4edd91dbf45419f82dac3ab0a37c82
                                                                                                                                              • Instruction ID: 439dc5afb6c92fd399cedb1891f988b7bb4968893a10f06eaf7ea53368b32677
                                                                                                                                              • Opcode Fuzzy Hash: cd2e1eec404eaaf93342958035b3c9dc4f4edd91dbf45419f82dac3ab0a37c82
                                                                                                                                              • Instruction Fuzzy Hash: D57123387001496BDB05EBA7C881ADE76A6EF88304F50847BF904AB346D63DDD86875E
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040AB58, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                              			E0040AB58(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				char _v8;
				void* _t18;
				signed short _t28;
				intOrPtr _t35;
				intOrPtr* _t44;
				intOrPtr _t47;

				_t42 = __edi;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t44 = __edx;
				_t28 = __eax;
				_push(_t47);
				_push(0x40ac5c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t47;
				EnterCriticalSection(0x4afc10);
				if(_t28 !=  *0x4afc28) {
					LeaveCriticalSection(0x4afc10);
					E004079F4(_t44);
					if(IsValidLocale(_t28 & 0x0000ffff, 2) != 0) {
						if( *0x4afc0c == 0) {
							_t18 = E0040A840(_t28, _t28, _t44, __edi, _t44);
							L00403738();
							if(_t28 != _t18) {
								if( *_t44 != 0) {
									_t18 = E004086C4(_t44, E0040AC74);
								}
								L00403738();
								E0040A840(_t18, _t28,  &_v8, _t42, _t44);
								E004086C4(_t44, _v8);
							}
						} else {
							E0040AA3C(_t28, _t44);
						}
					}
					EnterCriticalSection(0x4afc10);
					 *0x4afc28 = _t28;
					E0040A6C0(0x4afc2a, E004084C8( *_t44), 0xaa);
					LeaveCriticalSection(0x4afc10);
				} else {
					E0040856C(_t44, 0x55, 0x4afc2a);
					LeaveCriticalSection(0x4afc10);
				}
				_pop(_t35);
				 *[fs:eax] = _t35;
				_push(E0040AC63);
				return E004079F4( &_v8);
			}









                                                                                                                                              0x0040ab58
                                                                                                                                              0x0040ab5b
                                                                                                                                              0x0040ab5d
                                                                                                                                              0x0040ab5e
                                                                                                                                              0x0040ab5f
                                                                                                                                              0x0040ab61
                                                                                                                                              0x0040ab65
                                                                                                                                              0x0040ab66
                                                                                                                                              0x0040ab6b
                                                                                                                                              0x0040ab6e
                                                                                                                                              0x0040ab76
                                                                                                                                              0x0040ab82
                                                                                                                                              0x0040aba9
                                                                                                                                              0x0040abb0
                                                                                                                                              0x0040abc2
                                                                                                                                              0x0040abcb
                                                                                                                                              0x0040abdc
                                                                                                                                              0x0040abe1
                                                                                                                                              0x0040abe9
                                                                                                                                              0x0040abee
                                                                                                                                              0x0040abf7
                                                                                                                                              0x0040abf7
                                                                                                                                              0x0040abfc
                                                                                                                                              0x0040ac04
                                                                                                                                              0x0040ac0e
                                                                                                                                              0x0040ac0e
                                                                                                                                              0x0040abcd
                                                                                                                                              0x0040abd1
                                                                                                                                              0x0040abd1
                                                                                                                                              0x0040abcb
                                                                                                                                              0x0040ac18
                                                                                                                                              0x0040ac1d
                                                                                                                                              0x0040ac37
                                                                                                                                              0x0040ac41
                                                                                                                                              0x0040ab84
                                                                                                                                              0x0040ab90
                                                                                                                                              0x0040ab9a
                                                                                                                                              0x0040ab9a
                                                                                                                                              0x0040ac48
                                                                                                                                              0x0040ac4b
                                                                                                                                              0x0040ac4e
                                                                                                                                              0x0040ac5b

                                                                                                                                              APIs
                                                                                                                                              • EnterCriticalSection.KERNEL32(004AFC10,00000000,0040AC5C,?,?,?,00000000,?,0040B53C,00000000,0040B59B,?,?,00000000,00000000,00000000), ref: 0040AB76
                                                                                                                                              • LeaveCriticalSection.KERNEL32(004AFC10,004AFC10,00000000,0040AC5C,?,?,?,00000000,?,0040B53C,00000000,0040B59B,?,?,00000000,00000000), ref: 0040AB9A
                                                                                                                                              • LeaveCriticalSection.KERNEL32(004AFC10,004AFC10,00000000,0040AC5C,?,?,?,00000000,?,0040B53C,00000000,0040B59B,?,?,00000000,00000000), ref: 0040ABA9
                                                                                                                                              • IsValidLocale.KERNEL32(00000000,00000002,004AFC10,004AFC10,00000000,0040AC5C,?,?,?,00000000,?,0040B53C,00000000,0040B59B), ref: 0040ABBB
                                                                                                                                              • EnterCriticalSection.KERNEL32(004AFC10,00000000,00000002,004AFC10,004AFC10,00000000,0040AC5C,?,?,?,00000000,?,0040B53C,00000000,0040B59B), ref: 0040AC18
                                                                                                                                              • LeaveCriticalSection.KERNEL32(004AFC10,004AFC10,00000000,00000002,004AFC10,004AFC10,00000000,0040AC5C,?,?,?,00000000,?,0040B53C,00000000,0040B59B), ref: 0040AC41
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$Leave$Enter$LocaleValid
                                                                                                                                              • String ID: en-US,en,
                                                                                                                                              • API String ID: 975949045-3579323720
                                                                                                                                              • Opcode ID: df8d0f686803062bdab142a1b2de24a95a5c3d65ff11807a0e019821b71cc122
                                                                                                                                              • Instruction ID: 583594d50a991121d5869f76381f812cea75c141c18cde3dbdefc2834495f508
                                                                                                                                              • Opcode Fuzzy Hash: df8d0f686803062bdab142a1b2de24a95a5c3d65ff11807a0e019821b71cc122
                                                                                                                                              • Instruction Fuzzy Hash: 6721016074434477E620BBA78C03B2A2598AB46718FA1883BB540B73D2DE7C8D65836F
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00422F10, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 82registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 61%
                                                                                                                                              			E00422F10(void* __ebx, void* __esi, void* __eflags) {
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				intOrPtr* _t21;
				intOrPtr _t61;
				void* _t68;

				_push(__ebx);
				_v20 = 0;
				_v8 = 0;
				_push(_t68);
				_push(0x42300a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t68 + 0xfffffff0;
				_t21 = E0040E4A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"GetUserDefaultUILanguage");
				if(_t21 == 0) {
					if(E0042004C() != 2) {
						if(E00422EE8(0, L"Control Panel\\Desktop\\ResourceLocale", 0x80000001,  &_v12, 1, 0) == 0) {
							E00422EDC();
							RegCloseKey(_v12);
						}
					} else {
						if(E00422EE8(0, L".DEFAULT\\Control Panel\\International", 0x80000003,  &_v12, 1, 0) == 0) {
							E00422EDC();
							RegCloseKey(_v12);
						}
					}
					E0040871C( &_v20, _v8, 0x423120);
					E00405900(_v20,  &_v16);
					if(_v16 != 0) {
					}
				} else {
					 *_t21();
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_push(E00423011);
				E004079F4( &_v20);
				return E004079F4( &_v8);
			}










                                                                                                                                              0x00422f16
                                                                                                                                              0x00422f19
                                                                                                                                              0x00422f1c
                                                                                                                                              0x00422f21
                                                                                                                                              0x00422f22
                                                                                                                                              0x00422f27
                                                                                                                                              0x00422f2a
                                                                                                                                              0x00422f3d
                                                                                                                                              0x00422f44
                                                                                                                                              0x00422f57
                                                                                                                                              0x00422fac
                                                                                                                                              0x00422fb9
                                                                                                                                              0x00422fc2
                                                                                                                                              0x00422fc2
                                                                                                                                              0x00422f59
                                                                                                                                              0x00422f74
                                                                                                                                              0x00422f81
                                                                                                                                              0x00422f8a
                                                                                                                                              0x00422f8a
                                                                                                                                              0x00422f74
                                                                                                                                              0x00422fd2
                                                                                                                                              0x00422fdd
                                                                                                                                              0x00422fe8
                                                                                                                                              0x00422fe8
                                                                                                                                              0x00422f46
                                                                                                                                              0x00422f46
                                                                                                                                              0x00422f48
                                                                                                                                              0x00422fee
                                                                                                                                              0x00422ff1
                                                                                                                                              0x00422ff4
                                                                                                                                              0x00422ffc
                                                                                                                                              0x00423009

                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,0042300A), ref: 00422F37
                                                                                                                                                • Part of subcall function 0040E4A8: GetProcAddress.KERNEL32(?,0B), ref: 0040E4D2
                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,0042300A), ref: 00422F8A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressCloseHandleModuleProc
                                                                                                                                              • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
                                                                                                                                              • API String ID: 4190037839-2401316094
                                                                                                                                              • Opcode ID: dff07c34f93b3e6c39e557406e904af098fa4b2a4b5bb26404aaa7a5872d83d8
                                                                                                                                              • Instruction ID: c5d1680bc85d9fc9140fa9d9073cf59edbb396945b13f7385cf79b6cc5318819
                                                                                                                                              • Opcode Fuzzy Hash: dff07c34f93b3e6c39e557406e904af098fa4b2a4b5bb26404aaa7a5872d83d8
                                                                                                                                              • Instruction Fuzzy Hash: 73217630B00228BBDB50EAA5DE42B9E77B8DB44304F91487BA500E3285DBBC9F01D72D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040D554, Relevance: 13.8, APIs: 9, Instructions: 258COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 67%
                                                                                                                                              			E0040D554(void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				long _v8;
				signed int _v12;
				long _v16;
				void* _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				struct HINSTANCE__** _v48;
				CHAR* _v52;
				void _v56;
				long _v60;
				_Unknown_base(*)()* _v64;
				struct HINSTANCE__* _v68;
				CHAR* _v72;
				signed int _v76;
				CHAR* _v80;
				intOrPtr* _v84;
				void* _v88;
				void _v92;
				signed int _t104;
				signed int _t106;
				signed int _t108;
				long _t113;
				intOrPtr* _t119;
				void* _t124;
				void _t126;
				long _t128;
				struct HINSTANCE__* _t142;
				long _t166;
				signed int* _t190;
				_Unknown_base(*)()* _t191;
				void* _t194;
				intOrPtr _t196;

				_push(_a4);
				memcpy( &_v56, 0x4a9c40, 8 << 2);
				_pop(_t194);
				_v56 =  *0x4a9c40;
				_v52 = E0040DA04( *0x004A9C44);
				_v48 = E0040DA14( *0x004A9C48);
				_v44 = E0040DA24( *0x004A9C4C);
				_v40 = E0040DA34( *0x004A9C50);
				_v36 = E0040DA34( *0x004A9C54);
				_v32 = E0040DA34( *0x004A9C58);
				_v28 =  *0x004A9C5C;
				memcpy( &_v92, 0x4a9c60, 9 << 2);
				_t196 = _t194;
				_v88 = 0x4a9c60;
				_v84 = _a8;
				_v80 = _v52;
				if((_v56 & 0x00000001) == 0) {
					_t166 =  *0x4a9c84; // 0x0
					_v8 = _t166;
					_v8 =  &_v92;
					RaiseException(0xc06d0057, 0, 1,  &_v8);
					return 0;
				}
				_t104 = _a8 - _v44;
				_t142 =  *_v48;
				if(_t104 < 0) {
					_t104 = _t104 + 3;
				}
				_v12 = _t104 >> 2;
				_t106 = _v12;
				_t190 = (_t106 << 2) + _v40;
				_t108 = (_t106 & 0xffffff00 | (_t190[0] & 0x00000080) == 0x00000000) & 0x00000001;
				_v76 = _t108;
				if(_t108 == 0) {
					_v72 =  *_t190 & 0x0000ffff;
				} else {
					_v72 = E0040DA44( *_t190) + 2;
				}
				_t191 = 0;
				if( *0x4b0640 == 0) {
					L10:
					if(_t142 != 0) {
						L25:
						_v68 = _t142;
						if( *0x4b0640 != 0) {
							_t191 =  *0x4b0640(2,  &_v92);
						}
						if(_t191 != 0) {
							L36:
							if(_t191 == 0) {
								_v60 = GetLastError();
								if( *0x4b0644 != 0) {
									_t191 =  *0x4b0644(4,  &_v92);
								}
								if(_t191 == 0) {
									_t113 =  *0x4a9c8c; // 0x0
									_v24 = _t113;
									_v24 =  &_v92;
									RaiseException(0xc06d007f, 0, 1,  &_v24);
									_t191 = _v64;
								}
							}
							goto L41;
						} else {
							if( *((intOrPtr*)(_t196 + 0x14)) == 0 ||  *((intOrPtr*)(_t196 + 0x1c)) == 0) {
								L35:
								_t191 = GetProcAddress(_t142, _v72);
								goto L36;
							} else {
								_t119 =  *((intOrPtr*)(_t142 + 0x3c)) + _t142;
								if( *_t119 != 0x4550 ||  *((intOrPtr*)(_t119 + 8)) != _v28 || (( *(_t119 + 0x34) & 0xffffff00 |  *(_t119 + 0x34) == _t142) & 0x00000001) == 0) {
									goto L35;
								} else {
									_t191 =  *((intOrPtr*)(_v36 + _v12 * 4));
									if(_t191 == 0) {
										goto L35;
									}
									L41:
									 *_a8 = _t191;
									goto L42;
								}
							}
						}
					}
					if( *0x4b0640 != 0) {
						_t142 =  *0x4b0640(1,  &_v92);
					}
					if(_t142 == 0) {
						_t142 = LoadLibraryA(_v80);
					}
					if(_t142 != 0) {
						L20:
						if(_t142 == E0040CEDC(_v48, _t142)) {
							FreeLibrary(_t142);
						} else {
							if( *((intOrPtr*)(_t196 + 0x18)) != 0) {
								_t124 = LocalAlloc(0x40, 8);
								_v20 = _t124;
								if(_t124 != 0) {
									 *((intOrPtr*)(_v20 + 4)) = _t196;
									_t126 =  *0x4a9c3c; // 0x0
									 *_v20 = _t126;
									 *0x4a9c3c = _v20;
								}
							}
						}
						goto L25;
					} else {
						_v60 = GetLastError();
						if( *0x4b0644 != 0) {
							_t142 =  *0x4b0644(3,  &_v92);
						}
						if(_t142 != 0) {
							goto L20;
						} else {
							_t128 =  *0x4a9c88; // 0x0
							_v16 = _t128;
							_v16 =  &_v92;
							RaiseException(0xc06d007e, 0, 1,  &_v16);
							return _v64;
						}
					}
				} else {
					_t191 =  *0x4b0640(0,  &_v92);
					if(_t191 == 0) {
						goto L10;
					} else {
						L42:
						if( *0x4b0640 != 0) {
							_v60 = 0;
							_v68 = _t142;
							_v64 = _t191;
							 *0x4b0640(5,  &_v92);
						}
						return _t191;
					}
				}
			}







































                                                                                                                                              0x0040d568
                                                                                                                                              0x0040d56e
                                                                                                                                              0x0040d570
                                                                                                                                              0x0040d573
                                                                                                                                              0x0040d580
                                                                                                                                              0x0040d58d
                                                                                                                                              0x0040d59a
                                                                                                                                              0x0040d5a7
                                                                                                                                              0x0040d5b4
                                                                                                                                              0x0040d5c1
                                                                                                                                              0x0040d5ca
                                                                                                                                              0x0040d5d8
                                                                                                                                              0x0040d5da
                                                                                                                                              0x0040d5db
                                                                                                                                              0x0040d5e1
                                                                                                                                              0x0040d5e7
                                                                                                                                              0x0040d5ee
                                                                                                                                              0x0040d5f0
                                                                                                                                              0x0040d5f6
                                                                                                                                              0x0040d5fc
                                                                                                                                              0x0040d60c
                                                                                                                                              0x00000000
                                                                                                                                              0x0040d611
                                                                                                                                              0x0040d61e
                                                                                                                                              0x0040d623
                                                                                                                                              0x0040d625
                                                                                                                                              0x0040d627
                                                                                                                                              0x0040d627
                                                                                                                                              0x0040d62d
                                                                                                                                              0x0040d630
                                                                                                                                              0x0040d638
                                                                                                                                              0x0040d642
                                                                                                                                              0x0040d645
                                                                                                                                              0x0040d64a
                                                                                                                                              0x0040d665
                                                                                                                                              0x0040d64c
                                                                                                                                              0x0040d658
                                                                                                                                              0x0040d658
                                                                                                                                              0x0040d668
                                                                                                                                              0x0040d671
                                                                                                                                              0x0040d68a
                                                                                                                                              0x0040d68c
                                                                                                                                              0x0040d74e
                                                                                                                                              0x0040d74e
                                                                                                                                              0x0040d758
                                                                                                                                              0x0040d766
                                                                                                                                              0x0040d766
                                                                                                                                              0x0040d76a
                                                                                                                                              0x0040d7b7
                                                                                                                                              0x0040d7b9
                                                                                                                                              0x0040d7c0
                                                                                                                                              0x0040d7ca
                                                                                                                                              0x0040d7d8
                                                                                                                                              0x0040d7d8
                                                                                                                                              0x0040d7dc
                                                                                                                                              0x0040d7de
                                                                                                                                              0x0040d7e3
                                                                                                                                              0x0040d7e9
                                                                                                                                              0x0040d7f9
                                                                                                                                              0x0040d7fe
                                                                                                                                              0x0040d7fe
                                                                                                                                              0x0040d7dc
                                                                                                                                              0x00000000
                                                                                                                                              0x0040d76c
                                                                                                                                              0x0040d770
                                                                                                                                              0x0040d7ab
                                                                                                                                              0x0040d7b5
                                                                                                                                              0x00000000
                                                                                                                                              0x0040d778
                                                                                                                                              0x0040d77b
                                                                                                                                              0x0040d783
                                                                                                                                              0x00000000
                                                                                                                                              0x0040d79c
                                                                                                                                              0x0040d7a2
                                                                                                                                              0x0040d7a7
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x0040d801
                                                                                                                                              0x0040d804
                                                                                                                                              0x00000000
                                                                                                                                              0x0040d804
                                                                                                                                              0x0040d783
                                                                                                                                              0x0040d770
                                                                                                                                              0x0040d76a
                                                                                                                                              0x0040d699
                                                                                                                                              0x0040d6a7
                                                                                                                                              0x0040d6a7
                                                                                                                                              0x0040d6ab
                                                                                                                                              0x0040d6b6
                                                                                                                                              0x0040d6b6
                                                                                                                                              0x0040d6ba
                                                                                                                                              0x0040d707
                                                                                                                                              0x0040d713
                                                                                                                                              0x0040d749
                                                                                                                                              0x0040d715
                                                                                                                                              0x0040d719
                                                                                                                                              0x0040d71f
                                                                                                                                              0x0040d724
                                                                                                                                              0x0040d729
                                                                                                                                              0x0040d730
                                                                                                                                              0x0040d736
                                                                                                                                              0x0040d73b
                                                                                                                                              0x0040d740
                                                                                                                                              0x0040d740
                                                                                                                                              0x0040d729
                                                                                                                                              0x0040d719
                                                                                                                                              0x00000000
                                                                                                                                              0x0040d6bc
                                                                                                                                              0x0040d6c1
                                                                                                                                              0x0040d6cb
                                                                                                                                              0x0040d6d9
                                                                                                                                              0x0040d6d9
                                                                                                                                              0x0040d6dd
                                                                                                                                              0x00000000
                                                                                                                                              0x0040d6df
                                                                                                                                              0x0040d6df
                                                                                                                                              0x0040d6e4
                                                                                                                                              0x0040d6ea
                                                                                                                                              0x0040d6fa
                                                                                                                                              0x00000000
                                                                                                                                              0x0040d6ff
                                                                                                                                              0x0040d6dd
                                                                                                                                              0x0040d673
                                                                                                                                              0x0040d67f
                                                                                                                                              0x0040d683
                                                                                                                                              0x00000000
                                                                                                                                              0x0040d685
                                                                                                                                              0x0040d806
                                                                                                                                              0x0040d80d
                                                                                                                                              0x0040d811
                                                                                                                                              0x0040d814
                                                                                                                                              0x0040d817
                                                                                                                                              0x0040d820
                                                                                                                                              0x0040d820
                                                                                                                                              0x00000000
                                                                                                                                              0x0040d826
                                                                                                                                              0x0040d683

                                                                                                                                              APIs
                                                                                                                                              • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0040D60C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExceptionRaise
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3997070919-0
                                                                                                                                              • Opcode ID: bb38534db3716b5c0e8cc02abb66565b7a6061d3ab8a69af711d2669e69f4069
                                                                                                                                              • Instruction ID: c0290ffb1106a5c61d4348b5596b834e5d82be19a22c5125b9ccd60b821c4e33
                                                                                                                                              • Opcode Fuzzy Hash: bb38534db3716b5c0e8cc02abb66565b7a6061d3ab8a69af711d2669e69f4069
                                                                                                                                              • Instruction Fuzzy Hash: 42A13F75E006099FDB14DFE8D885BAEB7B5BB88310F14813AE905B73C0D778A949CB58
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041F8C0, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 131COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                              			E0041F8C0(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				struct _MEMORY_BASIC_INFORMATION _v36;
				short _v558;
				char _v564;
				intOrPtr _v568;
				char _v572;
				char _v576;
				char _v580;
				intOrPtr _v584;
				char _v588;
				void* _v592;
				char _v596;
				char _v600;
				char _v604;
				char _v608;
				intOrPtr _v612;
				char _v616;
				char _v620;
				char _v624;
				void* _v628;
				char _v632;
				void* _t64;
				intOrPtr _t65;
				long _t76;
				intOrPtr _t82;
				intOrPtr _t103;
				intOrPtr _t107;
				intOrPtr _t110;
				intOrPtr _t112;
				intOrPtr _t115;
				intOrPtr _t127;
				void* _t136;
				intOrPtr _t138;
				void* _t141;
				void* _t143;

				_t136 = __edi;
				_t140 = _t141;
				_v632 = 0;
				_v596 = 0;
				_v604 = 0;
				_v600 = 0;
				_v8 = 0;
				_push(_t141);
				_push(0x41fac6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t141 + 0xfffffd8c;
				_t64 =  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x14)) - 1;
				_t143 = _t64;
				if(_t143 < 0) {
					_t65 =  *0x4ac798; // 0x40ea20
					E0040CD2C(_t65,  &_v8, _t140);
				} else {
					if(_t143 == 0) {
						_t107 =  *0x4ac670; // 0x40ea28
						E0040CD2C(_t107,  &_v8, _t140);
					} else {
						if(_t64 == 7) {
							_t110 =  *0x4ac4d0; // 0x40ea30
							E0040CD2C(_t110,  &_v8, _t140);
						} else {
							_t112 =  *0x4ac5c8; // 0x40ea38
							E0040CD2C(_t112,  &_v8, _t140);
						}
					}
				}
				_t115 =  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x18));
				VirtualQuery( *( *((intOrPtr*)(_a4 - 4)) + 0xc),  &_v36, 0x1c);
				_t138 = _v36.State;
				if(_t138 == 0x1000 || _t138 == 0x10000) {
					_t76 = GetModuleFileNameW(_v36.AllocationBase,  &_v558, 0x105);
					_t147 = _t76;
					if(_t76 == 0) {
						goto L12;
					} else {
						_v592 =  *( *((intOrPtr*)(_a4 - 4)) + 0xc);
						_v588 = 5;
						E0040856C( &_v600, 0x105,  &_v558);
						E0041A538(_v600, _t115,  &_v596, _t136, _t138, _t147);
						_v584 = _v596;
						_v580 = 0x11;
						_v576 = _v8;
						_v572 = 0x11;
						_v568 = _t115;
						_v564 = 5;
						_push( &_v592);
						_t103 =  *0x4ac6e0; // 0x40eb00
						E0040CD2C(_t103,  &_v604, _t140, 3);
						E0041F3C0(_t115, _v604, 1, _t136, _t138);
					}
				} else {
					L12:
					_v628 =  *( *((intOrPtr*)(_a4 - 4)) + 0xc);
					_v624 = 5;
					_v620 = _v8;
					_v616 = 0x11;
					_v612 = _t115;
					_v608 = 5;
					_push( &_v628);
					_t82 =  *0x4ac67c; // 0x40e9c8
					E0040CD2C(_t82,  &_v632, _t140, 2);
					E0041F3C0(_t115, _v632, 1, _t136, _t138);
				}
				_pop(_t127);
				 *[fs:eax] = _t127;
				_push(0x41facd);
				E004079F4( &_v632);
				E00407A54( &_v604, 3);
				return E004079F4( &_v8);
			}






































                                                                                                                                              0x0041f8c0
                                                                                                                                              0x0041f8c1
                                                                                                                                              0x0041f8cd
                                                                                                                                              0x0041f8d3
                                                                                                                                              0x0041f8d9
                                                                                                                                              0x0041f8df
                                                                                                                                              0x0041f8e5
                                                                                                                                              0x0041f8ea
                                                                                                                                              0x0041f8eb
                                                                                                                                              0x0041f8f0
                                                                                                                                              0x0041f8f3
                                                                                                                                              0x0041f8ff
                                                                                                                                              0x0041f8ff
                                                                                                                                              0x0041f902
                                                                                                                                              0x0041f910
                                                                                                                                              0x0041f915
                                                                                                                                              0x0041f904
                                                                                                                                              0x0041f904
                                                                                                                                              0x0041f91f
                                                                                                                                              0x0041f924
                                                                                                                                              0x0041f906
                                                                                                                                              0x0041f909
                                                                                                                                              0x0041f92e
                                                                                                                                              0x0041f933
                                                                                                                                              0x0041f90b
                                                                                                                                              0x0041f93d
                                                                                                                                              0x0041f942
                                                                                                                                              0x0041f942
                                                                                                                                              0x0041f909
                                                                                                                                              0x0041f904
                                                                                                                                              0x0041f94d
                                                                                                                                              0x0041f960
                                                                                                                                              0x0041f965
                                                                                                                                              0x0041f96e
                                                                                                                                              0x0041f98c
                                                                                                                                              0x0041f991
                                                                                                                                              0x0041f993
                                                                                                                                              0x00000000
                                                                                                                                              0x0041f999
                                                                                                                                              0x0041f9a2
                                                                                                                                              0x0041f9a8
                                                                                                                                              0x0041f9c0
                                                                                                                                              0x0041f9d1
                                                                                                                                              0x0041f9dc
                                                                                                                                              0x0041f9e2
                                                                                                                                              0x0041f9ec
                                                                                                                                              0x0041f9f2
                                                                                                                                              0x0041f9f9
                                                                                                                                              0x0041f9ff
                                                                                                                                              0x0041fa0c
                                                                                                                                              0x0041fa15
                                                                                                                                              0x0041fa1a
                                                                                                                                              0x0041fa2c
                                                                                                                                              0x0041fa31
                                                                                                                                              0x0041fa35
                                                                                                                                              0x0041fa35
                                                                                                                                              0x0041fa3e
                                                                                                                                              0x0041fa44
                                                                                                                                              0x0041fa4e
                                                                                                                                              0x0041fa54
                                                                                                                                              0x0041fa5b
                                                                                                                                              0x0041fa61
                                                                                                                                              0x0041fa6e
                                                                                                                                              0x0041fa77
                                                                                                                                              0x0041fa7c
                                                                                                                                              0x0041fa8e
                                                                                                                                              0x0041fa93
                                                                                                                                              0x0041fa97
                                                                                                                                              0x0041fa9a
                                                                                                                                              0x0041fa9d
                                                                                                                                              0x0041faa8
                                                                                                                                              0x0041fab8
                                                                                                                                              0x0041fac5

                                                                                                                                              APIs
                                                                                                                                              • VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041FAC6), ref: 0041F960
                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,0000001C,00000000,0041FAC6), ref: 0041F98C
                                                                                                                                                • Part of subcall function 0040CD2C: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 0040CD71
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileLoadModuleNameQueryStringVirtual
                                                                                                                                              • String ID: @$$eA$(@$0@$8@
                                                                                                                                              • API String ID: 902310565-693499950
                                                                                                                                              • Opcode ID: 7e2933c987fcbf8755fa47fa3e752120357f595b88d160efd4e8fe01f8cc19a2
                                                                                                                                              • Instruction ID: 8907c0fdb59343008c76ceb90c3378100399d4465cadcd87230c2457523b253d
                                                                                                                                              • Opcode Fuzzy Hash: 7e2933c987fcbf8755fa47fa3e752120357f595b88d160efd4e8fe01f8cc19a2
                                                                                                                                              • Instruction Fuzzy Hash: 33510574A04659DFDB50EF68CD88BCDBBF4AB48304F0041E6A808A7351D778AE89CF59
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004047B0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                              			E004047B0(int __eax, void* __ecx, void* __edx) {
				long _v12;
				int _t4;
				long _t7;
				void* _t11;
				long _t12;
				void* _t13;
				long _t18;

				_t4 = __eax;
				_t24 = __edx;
				_t20 = __eax;
				if( *0x4ad058 == 0) {
					_push(0x2010);
					_push(__edx);
					_push(__eax);
					_push(0);
					L00403780();
				} else {
					_t7 = E00407EC4(__edx);
					WriteFile(GetStdHandle(0xfffffff4), _t24, _t7,  &_v12, 0);
					_t11 =  *0x4a9078; // 0x403920
					_t12 = E00407EC4(_t11);
					_t13 =  *0x4a9078; // 0x403920
					WriteFile(GetStdHandle(0xfffffff4), _t13, _t12,  &_v12, 0);
					_t18 = E00407EC4(_t20);
					_t4 = WriteFile(GetStdHandle(0xfffffff4), _t20, _t18,  &_v12, 0);
				}
				return _t4;
			}










                                                                                                                                              0x004047b0
                                                                                                                                              0x004047b3
                                                                                                                                              0x004047b5
                                                                                                                                              0x004047be
                                                                                                                                              0x00404821
                                                                                                                                              0x00404826
                                                                                                                                              0x00404827
                                                                                                                                              0x00404828
                                                                                                                                              0x0040482a
                                                                                                                                              0x004047c0
                                                                                                                                              0x004047c9
                                                                                                                                              0x004047d8
                                                                                                                                              0x004047e4
                                                                                                                                              0x004047e9
                                                                                                                                              0x004047ef
                                                                                                                                              0x004047fd
                                                                                                                                              0x0040480b
                                                                                                                                              0x0040481a
                                                                                                                                              0x0040481a
                                                                                                                                              0x00404832

                                                                                                                                              APIs
                                                                                                                                              • GetStdHandle.KERNEL32(000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047D2
                                                                                                                                              • WriteFile.KERNEL32(00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047D8
                                                                                                                                              • GetStdHandle.KERNEL32(000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047F7
                                                                                                                                              • WriteFile.KERNEL32(00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047FD
                                                                                                                                              • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?), ref: 00404814
                                                                                                                                              • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000), ref: 0040481A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileHandleWrite
                                                                                                                                              • String ID: 9@
                                                                                                                                              • API String ID: 3320372497-3209974744
                                                                                                                                              • Opcode ID: 4e270b9709a1e126671c3d07b356aced4a42befb1328ca478adcdb9b8427dfa1
                                                                                                                                              • Instruction ID: 039b6809bffddf7eb8364f6b1d7a8ef426dfe463875095ecbcfdc7d20cb8dc15
                                                                                                                                              • Opcode Fuzzy Hash: 4e270b9709a1e126671c3d07b356aced4a42befb1328ca478adcdb9b8427dfa1
                                                                                                                                              • Instruction Fuzzy Hash: F601FED25091503DE100F7668C85F971E8C8B0973EF10457F7618F31C1C5394D44827E
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041F214, Relevance: 12.1, APIs: 8, Instructions: 97filewindowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 62%
                                                                                                                                              			E0041F214(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				char* _v8;
				long _v12;
				short _v140;
				short _v2188;
				void* _t15;
				char* _t17;
				intOrPtr _t19;
				intOrPtr _t30;
				long _t48;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t61;
				void* _t64;

				_push(__ebx);
				_push(__esi);
				_v8 = 0;
				_push(_t64);
				_push(0x41f339);
				_push( *[fs:ecx]);
				 *[fs:ecx] = _t64 + 0xfffff778;
				_t61 = E0041F01C(_t15, __ebx,  &_v2188, __edx, __edi, __esi, 0x400);
				_t17 =  *0x4ac6c0; // 0x4ad058
				if( *_t17 == 0) {
					_t19 =  *0x4ac4f8; // 0x40ea00
					_t11 = _t19 + 4; // 0xffed
					LoadStringW(E0040A364( *0x4b0634),  *_t11,  &_v140, 0x40);
					MessageBoxW(0,  &_v2188,  &_v140, 0x2010);
				} else {
					_t30 =  *0x4ac524; // 0x4ad340
					E00405544(E00405800(_t30));
					_t48 = WideCharToMultiByte(1, 0,  &_v2188, _t61, 0, 0, 0, 0);
					_push(_t48);
					E00409F74();
					WideCharToMultiByte(1, 0,  &_v2188, _t61, _v8, _t48, 0, 0);
					WriteFile(GetStdHandle(0xfffffff4), _v8, _t48,  &_v12, 0);
					WriteFile(GetStdHandle(0xfffffff4), 0x41f354, 2,  &_v12, 0);
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x41f340);
				_t57 =  *0x41f1e4; // 0x41f1e8
				return E0040A098( &_v8, _t57);
			}
















                                                                                                                                              0x0041f21d
                                                                                                                                              0x0041f21e
                                                                                                                                              0x0041f221
                                                                                                                                              0x0041f226
                                                                                                                                              0x0041f227
                                                                                                                                              0x0041f22c
                                                                                                                                              0x0041f22f
                                                                                                                                              0x0041f242
                                                                                                                                              0x0041f244
                                                                                                                                              0x0041f24c
                                                                                                                                              0x0041f2ea
                                                                                                                                              0x0041f2ef
                                                                                                                                              0x0041f2fe
                                                                                                                                              0x0041f318
                                                                                                                                              0x0041f252
                                                                                                                                              0x0041f252
                                                                                                                                              0x0041f25c
                                                                                                                                              0x0041f27a
                                                                                                                                              0x0041f27c
                                                                                                                                              0x0041f28b
                                                                                                                                              0x0041f2a8
                                                                                                                                              0x0041f2c0
                                                                                                                                              0x0041f2da
                                                                                                                                              0x0041f2da
                                                                                                                                              0x0041f31f
                                                                                                                                              0x0041f322
                                                                                                                                              0x0041f325
                                                                                                                                              0x0041f32d
                                                                                                                                              0x0041f338

                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041F01C: VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F1C8), ref: 0041F04F
                                                                                                                                                • Part of subcall function 0041F01C: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041F073
                                                                                                                                                • Part of subcall function 0041F01C: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041F08E
                                                                                                                                                • Part of subcall function 0041F01C: LoadStringW.USER32(00000000,0000FFEC,?,00000100), ref: 0041F129
                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,00000000,00000000,00000000,00000000,00000400,00000000,0041F339), ref: 0041F275
                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F2A8
                                                                                                                                              • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F2BA
                                                                                                                                              • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F2C0
                                                                                                                                              • GetStdHandle.KERNEL32(000000F4,0041F354,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?), ref: 0041F2D4
                                                                                                                                              • WriteFile.KERNEL32(00000000,000000F4,0041F354,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000), ref: 0041F2DA
                                                                                                                                              • LoadStringW.USER32(00000000,0000FFED,?,00000040), ref: 0041F2FE
                                                                                                                                              • MessageBoxW.USER32(00000000,?,?,00002010), ref: 0041F318
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: File$ByteCharHandleLoadModuleMultiNameStringWideWrite$MessageQueryVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 135118572-0
                                                                                                                                              • Opcode ID: 6de1fb4f568848f1ad312383e8938cc37fb5761b850aa9aff36d0b460632ffaf
                                                                                                                                              • Instruction ID: b395f61791e0df98aef8ec842badcc0ffa5cccf14742596207c1dbdfc5c66452
                                                                                                                                              • Opcode Fuzzy Hash: 6de1fb4f568848f1ad312383e8938cc37fb5761b850aa9aff36d0b460632ffaf
                                                                                                                                              • Instruction Fuzzy Hash: 58319371640208BEE714EB95DC83FEA73ACEB05704F904476BA04F71D1DA746E548B6D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00404464, Relevance: 10.9, APIs: 7, Instructions: 406COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 88%
                                                                                                                                              			E00404464(signed int __eax, intOrPtr __edx, void* __edi) {
				signed int __ebx;
				void* __esi;
				signed int _t69;
				signed int _t78;
				signed int _t93;
				long _t94;
				void* _t100;
				signed int _t102;
				signed int _t109;
				signed int _t115;
				signed int _t123;
				signed int _t129;
				void* _t131;
				signed int _t140;
				unsigned int _t148;
				signed int _t150;
				long _t152;
				signed int _t156;
				intOrPtr _t161;
				signed int _t166;
				signed int _t170;
				unsigned int _t171;
				intOrPtr _t174;
				intOrPtr _t192;
				signed int _t195;
				signed int _t196;
				signed int _t197;
				void* _t205;
				unsigned int _t207;
				intOrPtr _t213;
				void* _t225;
				intOrPtr _t227;
				void* _t228;
				signed int _t230;
				void* _t232;
				signed int _t233;
				signed int _t234;
				signed int _t238;
				signed int _t241;
				void* _t243;
				intOrPtr* _t244;

				_t176 = __edx;
				_t66 = __eax;
				_t166 =  *(__eax - 4);
				_t217 = __eax;
				if((_t166 & 0x00000007) != 0) {
					__eflags = _t166 & 0x00000005;
					if((_t166 & 0x00000005) != 0) {
						_pop(_t217);
						_pop(_t145);
						__eflags = _t166 & 0x00000003;
						if((_t166 & 0x00000003) == 0) {
							_push(_t145);
							_push(__eax);
							_push(__edi);
							_push(_t225);
							_t244 = _t243 + 0xffffffe0;
							_t218 = __edx;
							_t202 = __eax;
							_t69 =  *(__eax - 4);
							_t148 = (0xfffffff0 & _t69) - 0x14;
							if(0xfffffff0 >= __edx) {
								__eflags = __edx - _t148 >> 1;
								if(__edx < _t148 >> 1) {
									_t150 = E00403EE8(__edx);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t218 - 0x40a2c;
										if(_t218 > 0x40a2c) {
											_t78 = _t202 - 0x10;
											__eflags = _t78;
											 *((intOrPtr*)(_t78 + 8)) = _t218;
										}
										E00403AA4(_t202, _t218, _t150);
										E0040426C(_t202, _t202, _t225);
									}
								} else {
									_t150 = __eax;
									 *((intOrPtr*)(__eax - 0x10 + 8)) = __edx;
								}
							} else {
								if(0xfffffff0 <= __edx) {
									_t227 = __edx;
								} else {
									_t227 = 0xbadb9d;
								}
								 *_t244 = _t202 - 0x10 + (_t69 & 0xfffffff0);
								VirtualQuery( *(_t244 + 8), _t244 + 8, 0x1c);
								if( *((intOrPtr*)(_t244 + 0x14)) != 0x10000) {
									L12:
									_t150 = E00403EE8(_t227);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t227 - 0x40a2c;
										if(_t227 > 0x40a2c) {
											_t93 = _t150 - 0x10;
											__eflags = _t93;
											 *((intOrPtr*)(_t93 + 8)) = _t218;
										}
										E00403A74(_t202,  *((intOrPtr*)(_t202 - 0x10 + 8)), _t150);
										E0040426C(_t202, _t202, _t227);
									}
								} else {
									 *(_t244 + 0x10) =  *(_t244 + 0x10) & 0xffff0000;
									_t94 =  *(_t244 + 0x10);
									if(_t218 - _t148 >= _t94) {
										goto L12;
									} else {
										_t152 = _t227 - _t148 + 0x00010000 - 0x00000001 & 0xffff0000;
										if(_t94 < _t152) {
											_t152 = _t94;
										}
										if(VirtualAlloc( *(_t244 + 0xc), _t152, 0x2000, 4) == 0 || VirtualAlloc( *(_t244 + 0xc), _t152, 0x1000, 4) == 0) {
											goto L12;
										} else {
											_t100 = _t202 - 0x10;
											 *((intOrPtr*)(_t100 + 8)) = _t218;
											 *(_t100 + 0xc) = _t152 +  *(_t100 + 0xc) | 0x00000008;
											_t150 = _t202;
										}
									}
								}
							}
							return _t150;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t170 = _t166 & 0xfffffff0;
						_push(__edi);
						_t205 = _t170 + __eax;
						_t171 = _t170 - 4;
						_t156 = _t166 & 0x0000000f;
						__eflags = __edx - _t171;
						_push(_t225);
						if(__edx > _t171) {
							_t102 =  *(_t205 - 4);
							__eflags = _t102 & 0x00000001;
							if((_t102 & 0x00000001) == 0) {
								L75:
								asm("adc edi, 0xffffffff");
								_t228 = ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176;
								_t207 = _t171;
								_t109 = E00403EE8(((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176);
								_t192 = _t176;
								__eflags = _t109;
								if(_t109 == 0) {
									goto L73;
								} else {
									__eflags = _t228 - 0x40a2c;
									if(_t228 > 0x40a2c) {
										 *((intOrPtr*)(_t109 - 8)) = _t192;
									}
									_t230 = _t109;
									E00403A74(_t217, _t207, _t109);
									E0040426C(_t217, _t207, _t230);
									return _t230;
								}
							} else {
								_t115 = _t102 & 0xfffffff0;
								_t232 = _t171 + _t115;
								__eflags = __edx - _t232;
								if(__edx > _t232) {
									goto L75;
								} else {
									__eflags =  *0x4ad059;
									if(__eflags == 0) {
										L66:
										__eflags = _t115 - 0xb30;
										if(_t115 >= 0xb30) {
											E00403AC0(_t205);
											_t176 = _t176;
											_t171 = _t171;
										}
										asm("adc edi, 0xffffffff");
										_t123 = (_t176 + ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + 0x000000d3 & 0xffffff00) + 0x30;
										_t195 = _t232 + 4 - _t123;
										__eflags = _t195;
										if(_t195 > 0) {
											 *(_t217 + _t232 - 4) = _t195;
											 *((intOrPtr*)(_t217 - 4 + _t123)) = _t195 + 3;
											_t233 = _t123;
											__eflags = _t195 - 0xb30;
											if(_t195 >= 0xb30) {
												__eflags = _t123 + _t217;
												E00403B00(_t123 + _t217, _t171, _t195);
											}
										} else {
											 *(_t217 + _t232) =  *(_t217 + _t232) & 0xfffffff7;
											_t233 = _t232 + 4;
										}
										_t234 = _t233 | _t156;
										__eflags = _t234;
										 *(_t217 - 4) = _t234;
										 *0x4adae8 = 0;
										_t109 = _t217;
										L73:
										return _t109;
									} else {
										while(1) {
											asm("lock cmpxchg [0x4adae8], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x4ad989;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t176 = _t176;
												_t171 = _t171;
												asm("lock cmpxchg [0x4adae8], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t176 = _t176;
													_t171 = _t171;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										_t129 =  *(_t205 - 4);
										__eflags = _t129 & 0x00000001;
										if((_t129 & 0x00000001) == 0) {
											L74:
											 *0x4adae8 = 0;
											goto L75;
										} else {
											_t115 = _t129 & 0xfffffff0;
											_t232 = _t171 + _t115;
											__eflags = _t176 - _t232;
											if(_t176 > _t232) {
												goto L74;
											} else {
												goto L66;
											}
										}
									}
								}
							}
						} else {
							__eflags = __edx + __edx - _t171;
							if(__edx + __edx < _t171) {
								__eflags = __edx - 0xb2c;
								if(__edx >= 0xb2c) {
									L41:
									_t32 = _t176 + 0xd3; // 0xbff
									_t238 = (_t32 & 0xffffff00) + 0x30;
									_t174 = _t171 + 4 - _t238;
									__eflags =  *0x4ad059;
									if(__eflags != 0) {
										while(1) {
											asm("lock cmpxchg [0x4adae8], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x4ad989;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t174 = _t174;
												asm("lock cmpxchg [0x4adae8], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t174 = _t174;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										__eflags = 0xf;
									}
									 *(_t217 - 4) = _t156 | _t238;
									_t161 = _t174;
									_t196 =  *(_t205 - 4);
									__eflags = _t196 & 0x00000001;
									if((_t196 & 0x00000001) != 0) {
										_t131 = _t205;
										_t197 = _t196 & 0xfffffff0;
										_t161 = _t161 + _t197;
										_t205 = _t205 + _t197;
										__eflags = _t197 - 0xb30;
										if(_t197 >= 0xb30) {
											E00403AC0(_t131);
										}
									} else {
										 *(_t205 - 4) = _t196 | 0x00000008;
									}
									 *((intOrPtr*)(_t205 - 8)) = _t161;
									 *((intOrPtr*)(_t217 + _t238 - 4)) = _t161 + 3;
									__eflags = _t161 - 0xb30;
									if(_t161 >= 0xb30) {
										E00403B00(_t217 + _t238, _t174, _t161);
									}
									 *0x4adae8 = 0;
									return _t217;
								} else {
									__eflags = __edx - 0x2cc;
									if(__edx < 0x2cc) {
										_t213 = __edx;
										_t140 = E00403EE8(__edx);
										__eflags = _t140;
										if(_t140 != 0) {
											_t241 = _t140;
											E00403AA4(_t217, _t213, _t140);
											E0040426C(_t217, _t213, _t241);
											_t140 = _t241;
										}
										return _t140;
									} else {
										_t176 = 0xb2c;
										__eflags = _t171 - 0xb2c;
										if(_t171 <= 0xb2c) {
											goto L37;
										} else {
											goto L41;
										}
									}
								}
							} else {
								L37:
								return _t66;
							}
						}
					}
				} else {
					__ebx =  *__ecx;
					__ecx =  *(__ebx + 2) & 0x0000ffff;
					__ecx = ( *(__ebx + 2) & 0x0000ffff) - 4;
					__eflags = __ecx - __edx;
					if(__ecx < __edx) {
						__ecx = __ecx + __ecx + 0x20;
						_push(__edi);
						__edi = __edx;
						__eax = 0;
						__ecx = __ecx - __edx;
						asm("adc eax, 0xffffffff");
						__eax = 0 & __ecx;
						__eax = (0 & __ecx) + __edx;
						__eax = E00403EE8((0 & __ecx) + __edx);
						__eflags = __eax;
						if(__eax != 0) {
							__eflags = __edi - 0x40a2c;
							if(__edi > 0x40a2c) {
								 *(__eax - 8) = __edi;
							}
							 *(__ebx + 2) & 0x0000ffff = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__eflags = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__edx = __eax;
							__edi = __eax;
							 *((intOrPtr*)(__ebx + 0x1c))() = E0040426C(__esi, __edi, __ebp);
							__eax = __edi;
						}
						_pop(__edi);
						_pop(__esi);
						_pop(__ebx);
						return __eax;
					} else {
						__ebx = 0x40 + __edx * 4;
						__eflags = 0x40 + __edx * 4 - __ecx;
						if(0x40 + __edx * 4 < __ecx) {
							__ebx = __edx;
							__eax = __edx;
							__eax = E00403EE8(__edx);
							__eflags = __eax;
							if(__eax != 0) {
								__ecx = __ebx;
								__edx = __eax;
								__ebx = __eax;
								__esi = E0040426C(__esi, __edi, __ebp);
								__eax = __ebx;
							}
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						} else {
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}












































                                                                                                                                              0x00404464
                                                                                                                                              0x00404464
                                                                                                                                              0x00404464
                                                                                                                                              0x0040446c
                                                                                                                                              0x0040446e
                                                                                                                                              0x004044fc
                                                                                                                                              0x004044ff
                                                                                                                                              0x0040476c
                                                                                                                                              0x0040476d
                                                                                                                                              0x0040476e
                                                                                                                                              0x00404771
                                                                                                                                              0x00403d9c
                                                                                                                                              0x00403d9d
                                                                                                                                              0x00403d9e
                                                                                                                                              0x00403d9f
                                                                                                                                              0x00403da0
                                                                                                                                              0x00403da3
                                                                                                                                              0x00403da5
                                                                                                                                              0x00403dac
                                                                                                                                              0x00403db5
                                                                                                                                              0x00403dba
                                                                                                                                              0x00403ea1
                                                                                                                                              0x00403ea3
                                                                                                                                              0x00403eb6
                                                                                                                                              0x00403eb8
                                                                                                                                              0x00403eba
                                                                                                                                              0x00403ebc
                                                                                                                                              0x00403ec2
                                                                                                                                              0x00403ec6
                                                                                                                                              0x00403ec6
                                                                                                                                              0x00403ec9
                                                                                                                                              0x00403ec9
                                                                                                                                              0x00403ed2
                                                                                                                                              0x00403ed9
                                                                                                                                              0x00403ed9
                                                                                                                                              0x00403ea5
                                                                                                                                              0x00403ea5
                                                                                                                                              0x00403eaa
                                                                                                                                              0x00403eaa
                                                                                                                                              0x00403dc0
                                                                                                                                              0x00403dc9
                                                                                                                                              0x00403dcf
                                                                                                                                              0x00403dcb
                                                                                                                                              0x00403dcb
                                                                                                                                              0x00403dcb
                                                                                                                                              0x00403ddb
                                                                                                                                              0x00403dea
                                                                                                                                              0x00403df7
                                                                                                                                              0x00403e67
                                                                                                                                              0x00403e6e
                                                                                                                                              0x00403e70
                                                                                                                                              0x00403e72
                                                                                                                                              0x00403e74
                                                                                                                                              0x00403e7a
                                                                                                                                              0x00403e7e
                                                                                                                                              0x00403e7e
                                                                                                                                              0x00403e81
                                                                                                                                              0x00403e81
                                                                                                                                              0x00403e91
                                                                                                                                              0x00403e98
                                                                                                                                              0x00403e98
                                                                                                                                              0x00403df9
                                                                                                                                              0x00403df9
                                                                                                                                              0x00403e05
                                                                                                                                              0x00403e0b
                                                                                                                                              0x00000000
                                                                                                                                              0x00403e0d
                                                                                                                                              0x00403e1e
                                                                                                                                              0x00403e22
                                                                                                                                              0x00403e24
                                                                                                                                              0x00403e24
                                                                                                                                              0x00403e3a
                                                                                                                                              0x00000000
                                                                                                                                              0x00403e52
                                                                                                                                              0x00403e54
                                                                                                                                              0x00403e57
                                                                                                                                              0x00403e60
                                                                                                                                              0x00403e63
                                                                                                                                              0x00403e63
                                                                                                                                              0x00403e3a
                                                                                                                                              0x00403e0b
                                                                                                                                              0x00403df7
                                                                                                                                              0x00403ee7
                                                                                                                                              0x00404777
                                                                                                                                              0x00404777
                                                                                                                                              0x00404779
                                                                                                                                              0x00404779
                                                                                                                                              0x00404505
                                                                                                                                              0x00404507
                                                                                                                                              0x0040450a
                                                                                                                                              0x0040450b
                                                                                                                                              0x0040450e
                                                                                                                                              0x00404511
                                                                                                                                              0x00404514
                                                                                                                                              0x00404516
                                                                                                                                              0x00404517
                                                                                                                                              0x0040462c
                                                                                                                                              0x0040462f
                                                                                                                                              0x00404631
                                                                                                                                              0x00404724
                                                                                                                                              0x0040472f
                                                                                                                                              0x00404736
                                                                                                                                              0x00404738
                                                                                                                                              0x0040473b
                                                                                                                                              0x00404740
                                                                                                                                              0x00404741
                                                                                                                                              0x00404743
                                                                                                                                              0x00000000
                                                                                                                                              0x00404745
                                                                                                                                              0x00404745
                                                                                                                                              0x0040474b
                                                                                                                                              0x0040474d
                                                                                                                                              0x0040474d
                                                                                                                                              0x00404750
                                                                                                                                              0x00404758
                                                                                                                                              0x0040475f
                                                                                                                                              0x0040476a
                                                                                                                                              0x0040476a
                                                                                                                                              0x00404637
                                                                                                                                              0x00404637
                                                                                                                                              0x0040463a
                                                                                                                                              0x0040463d
                                                                                                                                              0x0040463f
                                                                                                                                              0x00000000
                                                                                                                                              0x00404645
                                                                                                                                              0x00404645
                                                                                                                                              0x0040464c
                                                                                                                                              0x004046a9
                                                                                                                                              0x004046a9
                                                                                                                                              0x004046ae
                                                                                                                                              0x004046b4
                                                                                                                                              0x004046b9
                                                                                                                                              0x004046ba
                                                                                                                                              0x004046ba
                                                                                                                                              0x004046c6
                                                                                                                                              0x004046d7
                                                                                                                                              0x004046dd
                                                                                                                                              0x004046dd
                                                                                                                                              0x004046df
                                                                                                                                              0x004046ec
                                                                                                                                              0x004046f3
                                                                                                                                              0x004046f7
                                                                                                                                              0x004046f9
                                                                                                                                              0x004046ff
                                                                                                                                              0x00404701
                                                                                                                                              0x00404703
                                                                                                                                              0x00404703
                                                                                                                                              0x004046e1
                                                                                                                                              0x004046e1
                                                                                                                                              0x004046e5
                                                                                                                                              0x004046e5
                                                                                                                                              0x00404708
                                                                                                                                              0x00404708
                                                                                                                                              0x0040470a
                                                                                                                                              0x0040470d
                                                                                                                                              0x00404714
                                                                                                                                              0x00404716
                                                                                                                                              0x0040471a
                                                                                                                                              0x0040464e
                                                                                                                                              0x0040464e
                                                                                                                                              0x00404653
                                                                                                                                              0x0040465b
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x0040465d
                                                                                                                                              0x0040465f
                                                                                                                                              0x00404666
                                                                                                                                              0x00000000
                                                                                                                                              0x00404668
                                                                                                                                              0x0040466c
                                                                                                                                              0x00404671
                                                                                                                                              0x00404672
                                                                                                                                              0x00404678
                                                                                                                                              0x00404680
                                                                                                                                              0x00404686
                                                                                                                                              0x0040468b
                                                                                                                                              0x0040468c
                                                                                                                                              0x00000000
                                                                                                                                              0x0040468c
                                                                                                                                              0x00404680
                                                                                                                                              0x00000000
                                                                                                                                              0x00404666
                                                                                                                                              0x00404695
                                                                                                                                              0x00404698
                                                                                                                                              0x0040469b
                                                                                                                                              0x0040469d
                                                                                                                                              0x0040471d
                                                                                                                                              0x0040471d
                                                                                                                                              0x00000000
                                                                                                                                              0x0040469f
                                                                                                                                              0x0040469f
                                                                                                                                              0x004046a2
                                                                                                                                              0x004046a5
                                                                                                                                              0x004046a7
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004046a7
                                                                                                                                              0x0040469d
                                                                                                                                              0x0040464c
                                                                                                                                              0x0040463f
                                                                                                                                              0x0040451d
                                                                                                                                              0x00404520
                                                                                                                                              0x00404522
                                                                                                                                              0x0040452c
                                                                                                                                              0x00404532
                                                                                                                                              0x00404549
                                                                                                                                              0x00404549
                                                                                                                                              0x00404555
                                                                                                                                              0x0040455b
                                                                                                                                              0x0040455d
                                                                                                                                              0x00404564
                                                                                                                                              0x00404566
                                                                                                                                              0x0040456b
                                                                                                                                              0x00404573
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00404575
                                                                                                                                              0x00404577
                                                                                                                                              0x0040457e
                                                                                                                                              0x00000000
                                                                                                                                              0x00404580
                                                                                                                                              0x00404583
                                                                                                                                              0x00404588
                                                                                                                                              0x0040458e
                                                                                                                                              0x00404596
                                                                                                                                              0x0040459b
                                                                                                                                              0x004045a0
                                                                                                                                              0x00000000
                                                                                                                                              0x004045a0
                                                                                                                                              0x00404596
                                                                                                                                              0x00000000
                                                                                                                                              0x0040457e
                                                                                                                                              0x004045a9
                                                                                                                                              0x004045a9
                                                                                                                                              0x004045a9
                                                                                                                                              0x004045ae
                                                                                                                                              0x004045b1
                                                                                                                                              0x004045b3
                                                                                                                                              0x004045b6
                                                                                                                                              0x004045b9
                                                                                                                                              0x004045c4
                                                                                                                                              0x004045c6
                                                                                                                                              0x004045c9
                                                                                                                                              0x004045cb
                                                                                                                                              0x004045cd
                                                                                                                                              0x004045d3
                                                                                                                                              0x004045d5
                                                                                                                                              0x004045d5
                                                                                                                                              0x004045bb
                                                                                                                                              0x004045be
                                                                                                                                              0x004045be
                                                                                                                                              0x004045da
                                                                                                                                              0x004045e0
                                                                                                                                              0x004045e4
                                                                                                                                              0x004045ea
                                                                                                                                              0x004045f1
                                                                                                                                              0x004045f1
                                                                                                                                              0x004045f6
                                                                                                                                              0x00404603
                                                                                                                                              0x00404534
                                                                                                                                              0x00404534
                                                                                                                                              0x0040453a
                                                                                                                                              0x00404604
                                                                                                                                              0x00404608
                                                                                                                                              0x0040460d
                                                                                                                                              0x0040460f
                                                                                                                                              0x00404611
                                                                                                                                              0x00404619
                                                                                                                                              0x00404620
                                                                                                                                              0x00404625
                                                                                                                                              0x00404625
                                                                                                                                              0x0040462b
                                                                                                                                              0x00404540
                                                                                                                                              0x00404540
                                                                                                                                              0x00404545
                                                                                                                                              0x00404547
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00404547
                                                                                                                                              0x0040453a
                                                                                                                                              0x00404524
                                                                                                                                              0x00404524
                                                                                                                                              0x00404528
                                                                                                                                              0x00404528
                                                                                                                                              0x00404522
                                                                                                                                              0x00404517
                                                                                                                                              0x00404474
                                                                                                                                              0x00404474
                                                                                                                                              0x00404476
                                                                                                                                              0x0040447a
                                                                                                                                              0x0040447d
                                                                                                                                              0x0040447f
                                                                                                                                              0x004044b8
                                                                                                                                              0x004044bc
                                                                                                                                              0x004044bd
                                                                                                                                              0x004044bf
                                                                                                                                              0x004044c1
                                                                                                                                              0x004044c3
                                                                                                                                              0x004044c6
                                                                                                                                              0x004044c8
                                                                                                                                              0x004044ca
                                                                                                                                              0x004044cf
                                                                                                                                              0x004044d1
                                                                                                                                              0x004044d3
                                                                                                                                              0x004044d9
                                                                                                                                              0x004044db
                                                                                                                                              0x004044db
                                                                                                                                              0x004044e2
                                                                                                                                              0x004044e2
                                                                                                                                              0x004044e5
                                                                                                                                              0x004044e7
                                                                                                                                              0x004044f0
                                                                                                                                              0x004044f5
                                                                                                                                              0x004044f5
                                                                                                                                              0x004044f7
                                                                                                                                              0x004044f8
                                                                                                                                              0x004044f9
                                                                                                                                              0x004044fa
                                                                                                                                              0x00404481
                                                                                                                                              0x00404481
                                                                                                                                              0x00404488
                                                                                                                                              0x0040448a
                                                                                                                                              0x00404490
                                                                                                                                              0x00404492
                                                                                                                                              0x00404494
                                                                                                                                              0x00404499
                                                                                                                                              0x0040449b
                                                                                                                                              0x0040449d
                                                                                                                                              0x0040449f
                                                                                                                                              0x004044a1
                                                                                                                                              0x004044ac
                                                                                                                                              0x004044b1
                                                                                                                                              0x004044b1
                                                                                                                                              0x004044b3
                                                                                                                                              0x004044b4
                                                                                                                                              0x004044b5
                                                                                                                                              0x0040448c
                                                                                                                                              0x0040448c
                                                                                                                                              0x0040448d
                                                                                                                                              0x0040448e
                                                                                                                                              0x0040448e
                                                                                                                                              0x0040448a
                                                                                                                                              0x0040447f

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5439aca8df4603b27f37f25116b021730c29e514c4b4e173baf39aeb11cdd27a
                                                                                                                                              • Instruction ID: 0a757bcfe66f4df8a837bb95f72d8b736428374affe9d1eaec42a64222243fb9
                                                                                                                                              • Opcode Fuzzy Hash: 5439aca8df4603b27f37f25116b021730c29e514c4b4e173baf39aeb11cdd27a
                                                                                                                                              • Instruction Fuzzy Hash: 83C115A27106000BD714AE7DDD8476ABA8A9BC5716F18827FF244EB3D6DA7CCD418348
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040665C, Relevance: 10.6, APIs: 7, Instructions: 130threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 88%
                                                                                                                                              			E0040665C(signed char* __eax, void* __edx, void* __eflags) {
				void* _t49;
				signed char _t56;
				intOrPtr _t57;
				signed char _t59;
				void* _t70;
				signed char* _t71;
				intOrPtr _t72;
				signed char* _t73;

				_t70 = __edx;
				_t71 = __eax;
				_t72 =  *((intOrPtr*)(__eax + 0x10));
				while(1) {
					L1:
					 *_t73 = E00406B04(_t71);
					if( *_t73 != 0 || _t70 == 0) {
						break;
					}
					_t73[1] = 0;
					if(_t72 <= 0) {
						while(1) {
							L17:
							_t56 =  *_t71;
							if(_t56 == 0) {
								goto L1;
							}
							asm("lock cmpxchg [esi], edx");
							if(_t56 != _t56) {
								continue;
							} else {
								goto L19;
							}
							do {
								L19:
								_t73[4] = GetTickCount();
								E00406860(_t71);
								_t57 =  *0x4ad8f8; // 0x4ab284
								 *((intOrPtr*)(_t57 + 0x10))();
								 *_t73 = 0 == 0;
								if(_t70 != 0xffffffff) {
									_t73[8] = GetTickCount();
									if(_t70 <= _t73[8] - _t73[4]) {
										_t70 = 0;
									} else {
										_t70 = _t70 - _t73[8] - _t73[4];
									}
								}
								if( *_t73 == 0) {
									do {
										asm("lock cmpxchg [esi], edx");
									} while ( *_t71 !=  *_t71);
									_t73[1] = 1;
								} else {
									while(1) {
										_t59 =  *_t71;
										if((_t59 & 0x00000001) != 0) {
											goto L29;
										}
										asm("lock cmpxchg [esi], edx");
										if(_t59 != _t59) {
											continue;
										}
										_t73[1] = 1;
										goto L29;
									}
								}
								L29:
							} while (_t73[1] == 0);
							if( *_t73 != 0) {
								_t71[8] = GetCurrentThreadId();
								_t71[4] = 1;
							}
							goto L32;
						}
						continue;
					}
					_t73[4] = GetTickCount();
					_t73[0xc] = 0;
					if(_t72 <= 0) {
						L13:
						if(_t70 == 0xffffffff) {
							goto L17;
						}
						_t73[8] = GetTickCount();
						_t49 = _t73[8] - _t73[4];
						if(_t70 > _t49) {
							_t70 = _t70 - _t49;
							goto L17;
						}
						 *_t73 = 0;
						break;
					}
					L5:
					L5:
					if(_t70 == 0xffffffff || _t70 > GetTickCount() - _t73[4]) {
						goto L8;
					} else {
						 *_t73 = 0;
					}
					break;
					L8:
					if( *_t71 > 1) {
						goto L13;
					}
					if( *_t71 != 0) {
						L12:
						E0040633C( &(_t73[0xc]));
						_t72 = _t72 - 1;
						if(_t72 > 0) {
							goto L5;
						}
						goto L13;
					}
					asm("lock cmpxchg [esi], edx");
					if(0 != 0) {
						goto L12;
					}
					_t71[8] = GetCurrentThreadId();
					_t71[4] = 1;
					 *_t73 = 1;
					break;
				}
				L32:
				return  *_t73 & 0x000000ff;
			}











                                                                                                                                              0x00406663
                                                                                                                                              0x00406665
                                                                                                                                              0x00406667
                                                                                                                                              0x0040666a
                                                                                                                                              0x0040666a
                                                                                                                                              0x00406671
                                                                                                                                              0x00406678
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00406686
                                                                                                                                              0x0040668d
                                                                                                                                              0x00406725
                                                                                                                                              0x00406725
                                                                                                                                              0x00406725
                                                                                                                                              0x00406729
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00406734
                                                                                                                                              0x0040673a
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x0040673c
                                                                                                                                              0x0040673c
                                                                                                                                              0x00406741
                                                                                                                                              0x00406747
                                                                                                                                              0x0040674e
                                                                                                                                              0x00406758
                                                                                                                                              0x0040675d
                                                                                                                                              0x00406764
                                                                                                                                              0x0040676b
                                                                                                                                              0x00406779
                                                                                                                                              0x00406787
                                                                                                                                              0x0040677b
                                                                                                                                              0x00406783
                                                                                                                                              0x00406783
                                                                                                                                              0x00406779
                                                                                                                                              0x0040678d
                                                                                                                                              0x004067af
                                                                                                                                              0x004067b8
                                                                                                                                              0x004067bc
                                                                                                                                              0x004067c0
                                                                                                                                              0x00000000
                                                                                                                                              0x0040678f
                                                                                                                                              0x0040678f
                                                                                                                                              0x00406794
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004067a0
                                                                                                                                              0x004067a6
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004067a8
                                                                                                                                              0x00000000
                                                                                                                                              0x004067a8
                                                                                                                                              0x0040678f
                                                                                                                                              0x004067c5
                                                                                                                                              0x004067c5
                                                                                                                                              0x004067d4
                                                                                                                                              0x004067db
                                                                                                                                              0x004067de
                                                                                                                                              0x004067de
                                                                                                                                              0x00000000
                                                                                                                                              0x004067d4
                                                                                                                                              0x00000000
                                                                                                                                              0x00406725
                                                                                                                                              0x00406698
                                                                                                                                              0x0040669e
                                                                                                                                              0x004066a4
                                                                                                                                              0x00406700
                                                                                                                                              0x00406703
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x0040670a
                                                                                                                                              0x00406712
                                                                                                                                              0x00406718
                                                                                                                                              0x00406723
                                                                                                                                              0x00000000
                                                                                                                                              0x00406723
                                                                                                                                              0x0040671a
                                                                                                                                              0x00000000
                                                                                                                                              0x0040671a
                                                                                                                                              0x00000000
                                                                                                                                              0x004066a6
                                                                                                                                              0x004066a9
                                                                                                                                              0x00000000
                                                                                                                                              0x004066b8
                                                                                                                                              0x004066b8
                                                                                                                                              0x004066b8
                                                                                                                                              0x00000000
                                                                                                                                              0x004066c1
                                                                                                                                              0x004066c4
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004066c9
                                                                                                                                              0x004066f2
                                                                                                                                              0x004066f6
                                                                                                                                              0x004066fb
                                                                                                                                              0x004066fe
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004066fe
                                                                                                                                              0x004066d2
                                                                                                                                              0x004066d8
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x004066df
                                                                                                                                              0x004066e2
                                                                                                                                              0x004066e9
                                                                                                                                              0x00000000
                                                                                                                                              0x004066e9
                                                                                                                                              0x004067e5
                                                                                                                                              0x004067f0

                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00406B04: GetCurrentThreadId.KERNEL32 ref: 00406B07
                                                                                                                                              • GetTickCount.KERNEL32 ref: 00406693
                                                                                                                                              • GetTickCount.KERNEL32 ref: 004066AB
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 004066DA
                                                                                                                                              • GetTickCount.KERNEL32 ref: 00406705
                                                                                                                                              • GetTickCount.KERNEL32 ref: 0040673C
                                                                                                                                              • GetTickCount.KERNEL32 ref: 00406766
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 004067D6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CountTick$CurrentThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3968769311-0
                                                                                                                                              • Opcode ID: 72bf5cf191fff23eea650aef81e54304f71ab1849b51d2c2f8be95d33ba0f9a3
                                                                                                                                              • Instruction ID: d55af3395c34765ca91144e68d0792783d215dccc41bd3b69e0d2f57a8242420
                                                                                                                                              • Opcode Fuzzy Hash: 72bf5cf191fff23eea650aef81e54304f71ab1849b51d2c2f8be95d33ba0f9a3
                                                                                                                                              • Instruction Fuzzy Hash: C441A0712083418EE721AF7CC44432BBAD5AF84358F16893EE4DA973C1EB7DC8948756
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004063F8, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 36%
                                                                                                                                              			E004063F8(void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char* _t23;
				intOrPtr _t29;
				intOrPtr _t39;
				void* _t41;
				void* _t43;
				intOrPtr _t44;

				_t41 = _t43;
				_t44 = _t43 + 0xfffffff4;
				_v16 = 0;
				if(GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetLogicalProcessorInformation") == 0) {
					L10:
					_v8 = 0x40;
					goto L11;
				} else {
					_t23 =  &_v16;
					_push(_t23);
					_push(0);
					L00403808();
					if(_t23 != 0 || GetLastError() != 0x7a) {
						goto L10;
					} else {
						_v12 = E004053F0(_v16);
						_push(_t41);
						_push(E004064A6);
						_push( *[fs:edx]);
						 *[fs:edx] = _t44;
						_push( &_v16);
						_push(_v12);
						L00403808();
						_t29 = _v12;
						if(_v16 <= 0) {
							L8:
							_pop(_t39);
							 *[fs:eax] = _t39;
							_push(E004064AD);
							return E0040540C(_v12);
						} else {
							while( *((short*)(_t29 + 4)) != 2 ||  *((char*)(_t29 + 8)) != 1) {
								_t29 = _t29 + 0x18;
								_v16 = _v16 - 0x18;
								if(_v16 > 0) {
									continue;
								} else {
									goto L8;
								}
								goto L12;
							}
							_v8 =  *(_t29 + 0xa) & 0x0000ffff;
							E004071E4();
							L11:
							return _v8;
						}
					}
				}
				L12:
			}












                                                                                                                                              0x004063f9
                                                                                                                                              0x004063fb
                                                                                                                                              0x00406400
                                                                                                                                              0x0040641a
                                                                                                                                              0x004064ad
                                                                                                                                              0x004064ad
                                                                                                                                              0x00000000
                                                                                                                                              0x00406420
                                                                                                                                              0x00406420
                                                                                                                                              0x00406423
                                                                                                                                              0x00406424
                                                                                                                                              0x00406426
                                                                                                                                              0x0040642d
                                                                                                                                              0x00000000
                                                                                                                                              0x00406439
                                                                                                                                              0x00406441
                                                                                                                                              0x00406446
                                                                                                                                              0x00406447
                                                                                                                                              0x0040644c
                                                                                                                                              0x0040644f
                                                                                                                                              0x00406455
                                                                                                                                              0x00406459
                                                                                                                                              0x0040645a
                                                                                                                                              0x0040645f
                                                                                                                                              0x00406466
                                                                                                                                              0x00406490
                                                                                                                                              0x00406492
                                                                                                                                              0x00406495
                                                                                                                                              0x00406498
                                                                                                                                              0x004064a5
                                                                                                                                              0x00406468
                                                                                                                                              0x00406468
                                                                                                                                              0x00406483
                                                                                                                                              0x00406486
                                                                                                                                              0x0040648e
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x0040648e
                                                                                                                                              0x00406479
                                                                                                                                              0x0040647c
                                                                                                                                              0x004064b4
                                                                                                                                              0x004064ba
                                                                                                                                              0x004064ba
                                                                                                                                              0x00406466
                                                                                                                                              0x0040642d
                                                                                                                                              0x00000000

                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 0040640D
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00406413
                                                                                                                                              • GetLastError.KERNEL32(00000000,?,GetLogicalProcessorInformation), ref: 0040642F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                              • String ID: @$GetLogicalProcessorInformation$kernel32.dll
                                                                                                                                              • API String ID: 4275029093-79381301
                                                                                                                                              • Opcode ID: 9a328c14a2360e788c5d7c27423bd1e3d2ec7813e67ce0fbf63762a3592cbdfc
                                                                                                                                              • Instruction ID: 0ade09f5ec255af418c15bc26d56a5e77a61777008c3a3a20ffec8f8ea5cdbb2
                                                                                                                                              • Opcode Fuzzy Hash: 9a328c14a2360e788c5d7c27423bd1e3d2ec7813e67ce0fbf63762a3592cbdfc
                                                                                                                                              • Instruction Fuzzy Hash: 5E115E71D00204BEDB20EFA5D845B6EBBB8DB40715F1180BBF815B36C2D67D9A908A1D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040768C, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 43%
                                                                                                                                              			E0040768C(void* __ecx) {
				long _v4;
				void* _t3;
				void* _t9;

				if( *0x4ad058 == 0) {
					if( *0x4a9032 == 0) {
						_push(0);
						_push("Error");
						_push("Runtime error     at 00000000");
						_push(0);
						L00403780();
					}
					return _t3;
				} else {
					if( *0x4ad344 == 0xd7b2 &&  *0x4ad34c > 0) {
						 *0x4ad35c();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1d,  &_v4, 0);
					_t9 = E004081CC(0x407720);
					return WriteFile(GetStdHandle(0xfffffff5), _t9, 2,  &_v4, 0);
				}
			}






                                                                                                                                              0x00407694
                                                                                                                                              0x004076fa
                                                                                                                                              0x004076fc
                                                                                                                                              0x004076fe
                                                                                                                                              0x00407703
                                                                                                                                              0x00407708
                                                                                                                                              0x0040770a
                                                                                                                                              0x0040770a
                                                                                                                                              0x00407710
                                                                                                                                              0x00407696
                                                                                                                                              0x0040769f
                                                                                                                                              0x004076af
                                                                                                                                              0x004076af
                                                                                                                                              0x004076cb
                                                                                                                                              0x004076de
                                                                                                                                              0x004076f2
                                                                                                                                              0x004076f2

                                                                                                                                              APIs
                                                                                                                                              • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407744,?,?,?,0040785E,004054DF,00405526,?,?,0040553F), ref: 004076C5
                                                                                                                                              • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407744,?,?,?,0040785E,004054DF,00405526,?,?), ref: 004076CB
                                                                                                                                              • GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407744,?,?,?), ref: 004076E6
                                                                                                                                              • WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407744,?,?), ref: 004076EC
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileHandleWrite
                                                                                                                                              • String ID: Error$Runtime error at 00000000
                                                                                                                                              • API String ID: 3320372497-2970929446
                                                                                                                                              • Opcode ID: bcadf97d171622b971a48ef55ce44254769ff37e7ce13582472eefcd77e0394f
                                                                                                                                              • Instruction ID: 8e7c00c9dcfef4ecea202c25e54e487df448fc8b33d2ce18683e8ba9e0f24e41
                                                                                                                                              • Opcode Fuzzy Hash: bcadf97d171622b971a48ef55ce44254769ff37e7ce13582472eefcd77e0394f
                                                                                                                                              • Instruction Fuzzy Hash: 8DF0C2E1E8820078EA207BA54C86F5B2A5C4752B2AF10493FF621B56C2C6BD5884872F
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00429208, Relevance: 9.1, APIs: 6, Instructions: 144COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 77%
                                                                                                                                              			E00429208(short* __eax, intOrPtr __ecx, signed short* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				signed short* _v808;
				void* __ebp;
				signed char _t55;
				signed int _t64;
				void* _t72;
				intOrPtr* _t83;
				void* _t103;
				void* _t105;
				void* _t108;
				void* _t109;
				intOrPtr* _t118;
				void* _t122;
				intOrPtr _t123;
				char* _t124;
				void* _t125;

				_t110 = __ecx;
				_v780 = __ecx;
				_v808 = __edx;
				_v776 = __eax;
				if((_v808[0] & 0x00000020) == 0) {
					E00428EC8(0x80070057);
				}
				_t55 =  *_v808 & 0x0000ffff;
				if((_t55 & 0x00000fff) != 0xc) {
					_push(_v808);
					_push(_v776);
					L00427140();
					return E00428EC8(_v776);
				} else {
					if((_t55 & 0x00000040) == 0) {
						_v792 = _v808[4];
					} else {
						_v792 =  *(_v808[4]);
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t103 = _v788 - 1;
					if(_t103 < 0) {
						L9:
						_push( &_v772);
						_t64 = _v788;
						_push(_t64);
						_push(0xc);
						L00427714();
						_t123 = _t64;
						if(_t123 == 0) {
							E00428C20(_t110);
						}
						E00429164(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t123;
						_t105 = _v788 - 1;
						if(_t105 < 0) {
							L14:
							_t107 = _v788 - 1;
							if(E00429180(_v788 - 1, _t125) != 0) {
								L0042772C();
								E00428EC8(_v792);
								L0042772C();
								E00428EC8( &_v260);
								_v780(_t123,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t72 = E004291B0(_t107, _t125);
						} else {
							_t108 = _t105 + 1;
							_t83 =  &_v768;
							_t118 =  &_v260;
							do {
								 *_t118 =  *_t83;
								_t118 = _t118 + 4;
								_t83 = _t83 + 8;
								_t108 = _t108 - 1;
							} while (_t108 != 0);
							do {
								goto L14;
							} while (_t72 != 0);
							return _t72;
						}
					} else {
						_t109 = _t103 + 1;
						_t122 = 0;
						_t124 =  &_v772;
						do {
							_v804 = _t124;
							_push(_v804 + 4);
							_t23 = _t122 + 1; // 0x1
							_push(_v792);
							L0042771C();
							E00428EC8(_v792);
							_push( &_v784);
							_t26 = _t122 + 1; // 0x1
							_push(_v792);
							L00427724();
							E00428EC8(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t122 = _t122 + 1;
							_t124 = _t124 + 8;
							_t109 = _t109 - 1;
						} while (_t109 != 0);
						goto L9;
					}
				}
			}





























                                                                                                                                              0x00429208
                                                                                                                                              0x00429214
                                                                                                                                              0x0042921a
                                                                                                                                              0x00429220
                                                                                                                                              0x00429230
                                                                                                                                              0x00429237
                                                                                                                                              0x00429237
                                                                                                                                              0x00429242
                                                                                                                                              0x00429250
                                                                                                                                              0x004293db
                                                                                                                                              0x004293e2
                                                                                                                                              0x004293e3
                                                                                                                                              0x00000000
                                                                                                                                              0x00429256
                                                                                                                                              0x00429259
                                                                                                                                              0x00429277
                                                                                                                                              0x0042925b
                                                                                                                                              0x00429266
                                                                                                                                              0x00429266
                                                                                                                                              0x00429286
                                                                                                                                              0x00429292
                                                                                                                                              0x00429295
                                                                                                                                              0x00429302
                                                                                                                                              0x00429308
                                                                                                                                              0x00429309
                                                                                                                                              0x0042930f
                                                                                                                                              0x00429310
                                                                                                                                              0x00429312
                                                                                                                                              0x00429317
                                                                                                                                              0x0042931b
                                                                                                                                              0x0042931d
                                                                                                                                              0x0042931d
                                                                                                                                              0x00429328
                                                                                                                                              0x00429333
                                                                                                                                              0x0042933e
                                                                                                                                              0x00429347
                                                                                                                                              0x0042934a
                                                                                                                                              0x00429366
                                                                                                                                              0x0042936d
                                                                                                                                              0x00429378
                                                                                                                                              0x0042938f
                                                                                                                                              0x00429394
                                                                                                                                              0x004293a8
                                                                                                                                              0x004293ad
                                                                                                                                              0x004293c0
                                                                                                                                              0x004293c0
                                                                                                                                              0x004293c9
                                                                                                                                              0x0042934c
                                                                                                                                              0x0042934c
                                                                                                                                              0x0042934d
                                                                                                                                              0x00429353
                                                                                                                                              0x00429359
                                                                                                                                              0x0042935b
                                                                                                                                              0x0042935d
                                                                                                                                              0x00429360
                                                                                                                                              0x00429363
                                                                                                                                              0x00429363
                                                                                                                                              0x00429366
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00429366
                                                                                                                                              0x00429297
                                                                                                                                              0x00429297
                                                                                                                                              0x00429298
                                                                                                                                              0x0042929a
                                                                                                                                              0x004292a0
                                                                                                                                              0x004292a2
                                                                                                                                              0x004292b1
                                                                                                                                              0x004292b2
                                                                                                                                              0x004292bc
                                                                                                                                              0x004292bd
                                                                                                                                              0x004292c2
                                                                                                                                              0x004292cd
                                                                                                                                              0x004292ce
                                                                                                                                              0x004292d8
                                                                                                                                              0x004292d9
                                                                                                                                              0x004292de
                                                                                                                                              0x004292f9
                                                                                                                                              0x004292fb
                                                                                                                                              0x004292fc
                                                                                                                                              0x004292ff
                                                                                                                                              0x004292ff
                                                                                                                                              0x00000000
                                                                                                                                              0x004292a0
                                                                                                                                              0x00429295

                                                                                                                                              APIs
                                                                                                                                              • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 004292BD
                                                                                                                                              • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 004292D9
                                                                                                                                              • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 00429312
                                                                                                                                              • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0042938F
                                                                                                                                              • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 004293A8
                                                                                                                                              • VariantCopy.OLEAUT32(?,?), ref: 004293E3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 351091851-0
                                                                                                                                              • Opcode ID: 2794ac47a9dfeb26b88a03ac4d1a853a299fb3d03b0a8c1988b6f7382be60e0b
                                                                                                                                              • Instruction ID: ed5b5572db2c6aea52d03e12d037d8ed927b089f3383118c81215fa9c213cc81
                                                                                                                                              • Opcode Fuzzy Hash: 2794ac47a9dfeb26b88a03ac4d1a853a299fb3d03b0a8c1988b6f7382be60e0b
                                                                                                                                              • Instruction Fuzzy Hash: CC51DA75A012399BCB22DB59DD81BD9B3FCAF4C304F8041DAE508E7251DA34AF818F69
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041F01C, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 113COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                              			E0041F01C(intOrPtr* __eax, void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v534;
				short _v1056;
				short _v1568;
				struct _MEMORY_BASIC_INFORMATION _v1596;
				char _v1600;
				intOrPtr _v1604;
				char _v1608;
				intOrPtr _v1612;
				char _v1616;
				intOrPtr _v1620;
				char _v1624;
				char* _v1628;
				char _v1632;
				char _v1636;
				char _v1640;
				intOrPtr _t55;
				signed int _t76;
				void* _t82;
				intOrPtr _t83;
				intOrPtr _t95;
				intOrPtr _t98;
				intOrPtr _t100;
				intOrPtr* _t102;
				void* _t105;

				_v1640 = 0;
				_v8 = __ecx;
				_t82 = __edx;
				_t102 = __eax;
				_push(_t105);
				_push(0x41f1c8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t105 + 0xfffff99c;
				VirtualQuery(__edx,  &_v1596, 0x1c);
				if(_v1596.State != 0x1000 || GetModuleFileNameW(_v1596.AllocationBase,  &_v1056, 0x105) == 0) {
					GetModuleFileNameW( *0x4b0634,  &_v1056, 0x105);
					_v12 = E0041F010(_t82);
				} else {
					_v12 = _t82 - _v1596.AllocationBase;
				}
				E0041A69C( &_v534, 0x104, E004204FC() + 2);
				_t83 = 0x41f1dc;
				_t100 = 0x41f1dc;
				_t95 =  *0x414ecc; // 0x414f24
				if(E00405F48(_t102, _t95) != 0) {
					_t83 = E004084C8( *((intOrPtr*)(_t102 + 4)));
					_t76 = E00407ED8(_t83);
					if(_t76 != 0 &&  *((short*)(_t83 + _t76 * 2 - 2)) != 0x2e) {
						_t100 = 0x41f1e0;
					}
				}
				_t55 =  *0x4ac774; // 0x40e9f8
				_t18 = _t55 + 4; // 0xffec
				LoadStringW(E0040A364( *0x4b0634),  *_t18,  &_v1568, 0x100);
				E00405BC8( *_t102,  &_v1640);
				_v1636 = _v1640;
				_v1632 = 0x11;
				_v1628 =  &_v534;
				_v1624 = 0xa;
				_v1620 = _v12;
				_v1616 = 5;
				_v1612 = _t83;
				_v1608 = 0xa;
				_v1604 = _t100;
				_v1600 = 0xa;
				E0041A934(4,  &_v1636);
				E00407ED8(_v8);
				_pop(_t98);
				 *[fs:eax] = _t98;
				_push(0x41f1cf);
				return E004079F4( &_v1640);
			}





























                                                                                                                                              0x0041f02a
                                                                                                                                              0x0041f030
                                                                                                                                              0x0041f033
                                                                                                                                              0x0041f035
                                                                                                                                              0x0041f039
                                                                                                                                              0x0041f03a
                                                                                                                                              0x0041f03f
                                                                                                                                              0x0041f042
                                                                                                                                              0x0041f04f
                                                                                                                                              0x0041f05e
                                                                                                                                              0x0041f08e
                                                                                                                                              0x0041f09a
                                                                                                                                              0x0041f09f
                                                                                                                                              0x0041f0a5
                                                                                                                                              0x0041f0a5
                                                                                                                                              0x0041f0c7
                                                                                                                                              0x0041f0cc
                                                                                                                                              0x0041f0d1
                                                                                                                                              0x0041f0d8
                                                                                                                                              0x0041f0e5
                                                                                                                                              0x0041f0ef
                                                                                                                                              0x0041f0f3
                                                                                                                                              0x0041f0fa
                                                                                                                                              0x0041f104
                                                                                                                                              0x0041f104
                                                                                                                                              0x0041f0fa
                                                                                                                                              0x0041f115
                                                                                                                                              0x0041f11a
                                                                                                                                              0x0041f129
                                                                                                                                              0x0041f136
                                                                                                                                              0x0041f141
                                                                                                                                              0x0041f147
                                                                                                                                              0x0041f154
                                                                                                                                              0x0041f15a
                                                                                                                                              0x0041f164
                                                                                                                                              0x0041f16a
                                                                                                                                              0x0041f171
                                                                                                                                              0x0041f177
                                                                                                                                              0x0041f17e
                                                                                                                                              0x0041f184
                                                                                                                                              0x0041f1a0
                                                                                                                                              0x0041f1a8
                                                                                                                                              0x0041f1b1
                                                                                                                                              0x0041f1b4
                                                                                                                                              0x0041f1b7
                                                                                                                                              0x0041f1c7

                                                                                                                                              APIs
                                                                                                                                              • VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F1C8), ref: 0041F04F
                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041F073
                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041F08E
                                                                                                                                              • LoadStringW.USER32(00000000,0000FFEC,?,00000100), ref: 0041F129
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                                              • String ID: $OA
                                                                                                                                              • API String ID: 3990497365-3057587682
                                                                                                                                              • Opcode ID: a96d2beb162df43ddadfc5db31274654c9e37a74e946f5556500ab8d9869eb07
                                                                                                                                              • Instruction ID: d6d88cd0fe853d51226c3c26c9cb5cf48511ec36f022bd765e41d06481bb46b4
                                                                                                                                              • Opcode Fuzzy Hash: a96d2beb162df43ddadfc5db31274654c9e37a74e946f5556500ab8d9869eb07
                                                                                                                                              • Instruction Fuzzy Hash: 92412170A002189FDB20DF69CD81BCABBF9AB59304F4044FAE508E7241D7799E95CF59
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00491188, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 87threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 80%
                                                                                                                                              			E00491188(void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				void* _t23;
				char _t29;
				void* _t50;
				intOrPtr _t55;
				char _t57;
				intOrPtr _t59;
				void* _t64;
				void* _t66;
				void* _t68;
				void* _t69;
				intOrPtr _t70;

				_t64 = __edi;
				_t57 = __edx;
				_t50 = __ecx;
				_t68 = _t69;
				_t70 = _t69 + 0xfffffff0;
				_v20 = 0;
				if(__edx != 0) {
					_t70 = _t70 + 0xfffffff0;
					_t23 = E00406284(_t23, _t68);
				}
				_t49 = _t50;
				_v5 = _t57;
				_t66 = _t23;
				_push(_t68);
				_push(0x491281);
				_push( *[fs:eax]);
				 *[fs:eax] = _t70;
				E00405C98(0);
				_t3 = _t66 + 0x2c; // 0x266461
				 *(_t66 + 0xf) =  *_t3 & 0x000000ff ^ 0x00000001;
				if(_t50 == 0 ||  *(_t66 + 0x2c) != 0) {
					_t29 = 0;
				} else {
					_t29 = 1;
				}
				 *((char*)(_t66 + 0xd)) = _t29;
				if( *(_t66 + 0x2c) != 0) {
					 *((intOrPtr*)(_t66 + 8)) = GetCurrentThread();
					 *((intOrPtr*)(_t66 + 4)) = GetCurrentThreadId();
				} else {
					if(_a4 == 0) {
						_t12 = _t66 + 4; // 0x48f524
						 *((intOrPtr*)(_t66 + 8)) = E004078B4(0, E00491094, 0, _t12, 4, _t66);
					} else {
						_t9 = _t66 + 4; // 0x48f524
						 *((intOrPtr*)(_t66 + 8)) = E004078B4(0, E00491094, _a4, _t9, 0x10004, _t66);
					}
					if( *((intOrPtr*)(_t66 + 8)) == 0) {
						E0041E0D0(GetLastError(), _t49, 0, _t66);
						_v16 = _v20;
						_v12 = 0x11;
						_t55 =  *0x4ac740; // 0x40ed5c
						E0041F47C(_t49, _t55, 1, _t64, _t66, 0,  &_v16);
						E004070F0();
					}
				}
				_pop(_t59);
				 *[fs:eax] = _t59;
				_push(0x491288);
				return E004079F4( &_v20);
			}


















                                                                                                                                              0x00491188
                                                                                                                                              0x00491188
                                                                                                                                              0x00491188
                                                                                                                                              0x00491189
                                                                                                                                              0x0049118b
                                                                                                                                              0x00491192
                                                                                                                                              0x00491197
                                                                                                                                              0x00491199
                                                                                                                                              0x0049119c
                                                                                                                                              0x0049119c
                                                                                                                                              0x004911a1
                                                                                                                                              0x004911a3
                                                                                                                                              0x004911a6
                                                                                                                                              0x004911aa
                                                                                                                                              0x004911ab
                                                                                                                                              0x004911b0
                                                                                                                                              0x004911b3
                                                                                                                                              0x004911ba
                                                                                                                                              0x004911bf
                                                                                                                                              0x004911c5
                                                                                                                                              0x004911ca
                                                                                                                                              0x004911d2
                                                                                                                                              0x004911d6
                                                                                                                                              0x004911d6
                                                                                                                                              0x004911d6
                                                                                                                                              0x004911d8
                                                                                                                                              0x004911df
                                                                                                                                              0x00491260
                                                                                                                                              0x00491268
                                                                                                                                              0x004911e1
                                                                                                                                              0x004911e5
                                                                                                                                              0x00491208
                                                                                                                                              0x0049121a
                                                                                                                                              0x004911e7
                                                                                                                                              0x004911ed
                                                                                                                                              0x00491200
                                                                                                                                              0x00491200
                                                                                                                                              0x00491221
                                                                                                                                              0x0049122d
                                                                                                                                              0x00491235
                                                                                                                                              0x00491238
                                                                                                                                              0x00491242
                                                                                                                                              0x0049124f
                                                                                                                                              0x00491254
                                                                                                                                              0x00491254
                                                                                                                                              0x00491221
                                                                                                                                              0x0049126d
                                                                                                                                              0x00491270
                                                                                                                                              0x00491273
                                                                                                                                              0x00491280

                                                                                                                                              APIs
                                                                                                                                              • GetLastError.KERNEL32(00000000,00491281,?,0048F520,00000000), ref: 00491223
                                                                                                                                                • Part of subcall function 004078B4: CreateThread.KERNEL32 ref: 0040790E
                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 0049125B
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00491263
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Thread$Current$CreateErrorLast
                                                                                                                                              • String ID: 87G$\@
                                                                                                                                              • API String ID: 3539746228-2066971451
                                                                                                                                              • Opcode ID: 0c7a064095abbba4d6b7da4e4b0f066ab91424e297beb825eafe8628d3b7bd59
                                                                                                                                              • Instruction ID: cd7bd7be20694b87a1c2bb2b5688f5d4ed930c7c57bb5d88aec25e4adc3e1893
                                                                                                                                              • Opcode Fuzzy Hash: 0c7a064095abbba4d6b7da4e4b0f066ab91424e297beb825eafe8628d3b7bd59
                                                                                                                                              • Instruction Fuzzy Hash: 3A313530904746AEDB20EB72C8417AB7FE4AF09304F40C97FE555E72E1D638A444CB59
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004A1754, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 44windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 34%
                                                                                                                                              			E004A1754(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				void* _t24;
				intOrPtr _t28;
				void* _t31;
				void* _t32;
				intOrPtr _t35;

				_t32 = __esi;
				_t31 = __edi;
				_push(0);
				_push(0);
				_t24 = __eax;
				_push(_t35);
				_push(0x4a17de);
				_push( *[fs:eax]);
				 *[fs:eax] = _t35;
				if(( *0x4b36f1 & 0x00000001) == 0) {
					E004079F4( &_v8);
				} else {
					E00407E1C( &_v8, L"/ALLUSERS\r\nInstructs Setup to install in administrative install mode.\r\n/CURRENTUSER\r\nInstructs Setup to install in non administrative install mode.\r\n");
				}
				_push(L"The Setup program accepts optional command line parameters.\r\n\r\n/HELP, /?\r\nShows this information.\r\n/SP-\r\nDisables the This will install... Do you wish to continue? prompt at the beginning of Setup.\r\n/SILENT, /VERYSILENT\r\nInstructs Setup to be silent or very silent.\r\n/SUPPRESSMSGBOXES\r\nInstructs Setup to suppress message boxes.\r\n/LOG\r\nCauses Setup to create a log file in the user\'s TEMP directory.\r\n/LOG=\"filename\"\r\nSame as /LOG, except it allows you to specify a fixed path/filename to use for the log file.\r\n/NOCANCEL\r\nPrevents the user from cancelling during the installation process.\r\n/NORESTART\r\nPrevents Setup from restarting the system following a successful installation, or after a Preparing to Install failure that requests a restart.\r\n/RESTARTEXITCODE=exit code\r\nSpecifies a custom exit code that Setup is to return when the system needs to be restarted.\r\n/CLOSEAPPLICATIONS\r\nInstructs Setup to close applications using files that need to be updated.\r\n/NOCLOSEAPPLICATIONS\r\nPrevents Setup from closing applications using files that need to be updated.\r\n/RESTARTAPPLICATIONS\r\nInstructs Setup to restart applications.\r\n/NORESTARTAPPLICATIONS\r\nPrevents Setup from restarting applications.\r\n/LOADINF=\"filename\"\r\nInstructs Setup to load the settings from the specified file after having checked the command line.\r\n/SAVEINF=\"filename\"\r\nInstructs Setup to save installation settings to the specified file.\r\n/LANG=language\r\nSpecifies the internal name of the language to use.\r\n/DIR=\"x:\\dirname\"\r\nOverrides the default directory name.\r\n/GROUP=\"folder name\"\r\nOverrides the default folder name.\r\n/NOICONS\r\nInstructs Setup to initially check the Don\'t create a Start Menu folder check box.\r\n/TYPE=type name\r\nOverrides the default setup type.\r\n/COMPONENTS=\"comma separated list of component names\"\r\nOverrides the default component settings.\r\n/TASKS=\"comma separated list of task names\"\r\nSpecifies a list of tasks that should be initially selected.\r\n/MERGETASKS=\"comma separated list of task names\"\r\nLike the /TASKS parameter, except the specified tasks will be merged with the set of tasks that would have otherwise been selected by default.\r\n/PASSWORD=password\r\nSpecifies the password to use.\r\n");
				_push(_v8);
				_push(_t24);
				_push(0x4a2a64);
				_push(L"For more detailed information, please visit http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline");
				E004087A4( &_v12, _t24, 5, _t31, _t32);
				MessageBoxW(0, E004084C8(_v12), L"Setup", 0x10);
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E004A17E5);
				return E00407A54( &_v12, 2);
			}










                                                                                                                                              0x004a1754
                                                                                                                                              0x004a1754
                                                                                                                                              0x004a1757
                                                                                                                                              0x004a1759
                                                                                                                                              0x004a175c
                                                                                                                                              0x004a1760
                                                                                                                                              0x004a1761
                                                                                                                                              0x004a1766
                                                                                                                                              0x004a1769
                                                                                                                                              0x004a1773
                                                                                                                                              0x004a1787
                                                                                                                                              0x004a1775
                                                                                                                                              0x004a177d
                                                                                                                                              0x004a177d
                                                                                                                                              0x004a178c
                                                                                                                                              0x004a1791
                                                                                                                                              0x004a1794
                                                                                                                                              0x004a1795
                                                                                                                                              0x004a179a
                                                                                                                                              0x004a17a7
                                                                                                                                              0x004a17be
                                                                                                                                              0x004a17c5
                                                                                                                                              0x004a17c8
                                                                                                                                              0x004a17cb
                                                                                                                                              0x004a17dd

                                                                                                                                              APIs
                                                                                                                                              • MessageBoxW.USER32(00000000,00000000,Setup,00000010), ref: 004A17BE
                                                                                                                                              Strings
                                                                                                                                              • The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will in, xrefs: 004A178C
                                                                                                                                              • For more detailed information, please visit http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline, xrefs: 004A179A
                                                                                                                                              • Setup, xrefs: 004A17AE
                                                                                                                                              • /ALLUSERSInstructs Setup to install in administrative install mode./CURRENTUSERInstructs Setup to install in non administrat, xrefs: 004A1778
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Message
                                                                                                                                              • String ID: /ALLUSERSInstructs Setup to install in administrative install mode./CURRENTUSERInstructs Setup to install in non administrat$For more detailed information, please visit http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline$Setup$The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will in
                                                                                                                                              • API String ID: 2030045667-3658955972
                                                                                                                                              • Opcode ID: a94d50d81a6e2cc3bfa3c026c0632b711f985fbaceea9a46abe21cd4780a8ba2
                                                                                                                                              • Instruction ID: 88dead5f9a7c20edb7beb83f6ba38d9cb82b01f16d90bc6a7ad013ea96492960
                                                                                                                                              • Opcode Fuzzy Hash: a94d50d81a6e2cc3bfa3c026c0632b711f985fbaceea9a46abe21cd4780a8ba2
                                                                                                                                              • Instruction Fuzzy Hash: 8101D638744308BAE311EB91CD43F9AB7ACD756B48F60047BB500B26E1D6FC6E40952D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042F6DC, Relevance: 7.8, APIs: 5, Instructions: 335COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                              			E0042F6DC(signed short* __eax, signed int __ecx, signed short* __edx, void* __edi, void* __esi, void* __fp0) {
				signed int _v8;
				signed char _v9;
				signed int _v12;
				signed int _v14;
				void* _v20;
				void* _v24;
				signed short* _v28;
				signed short* _v32;
				signed int _v48;
				void* __ebp;
				signed int _t150;
				signed int _t272;
				intOrPtr _t328;
				intOrPtr _t331;
				intOrPtr _t339;
				intOrPtr _t347;
				intOrPtr _t355;
				void* _t361;
				void* _t363;
				intOrPtr _t364;

				_t368 = __fp0;
				_t358 = __edi;
				_t361 = _t363;
				_t364 = _t363 + 0xffffffd4;
				_v8 = __ecx;
				_v32 = __edx;
				_v28 = __eax;
				_v9 = 1;
				_t272 =  *_v28 & 0x0000ffff;
				if((_t272 & 0x00000fff) >= 0x10f) {
					_t150 =  *_v32 & 0x0000ffff;
					if(_t150 != 0) {
						if(_t150 != 1) {
							if(E00430584(_t272,  &_v20) != 0) {
								_push( &_v14);
								if( *((intOrPtr*)( *_v20 + 8))() == 0) {
									_t275 =  *_v32 & 0x0000ffff;
									if(( *_v32 & 0xfff) >= 0x10f) {
										if(E00430584(_t275,  &_v24) != 0) {
											_push( &_v12);
											if( *((intOrPtr*)( *_v24 + 4))() == 0) {
												E00428ADC(0xb);
												goto L41;
											} else {
												if(( *_v28 & 0x0000ffff) == _v12) {
													_t143 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
													_v9 =  *(0x4ab3d2 + _v8 * 2 + _t143) & 0x000000ff;
													goto L41;
												} else {
													_push( &_v48);
													L00427130();
													_push(_t361);
													_push(0x42fad4);
													_push( *[fs:eax]);
													 *[fs:eax] = _t364;
													_t289 = _v12 & 0x0000ffff;
													E00429890( &_v48, _v12 & 0x0000ffff, _v28, __edi, __esi, __fp0);
													if((_v48 & 0x0000ffff) != _v12) {
														E004289E4(_t289);
													}
													_t131 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
													_v9 =  *(0x4ab3d2 + _v8 * 2 + _t131) & 0x000000ff;
													_pop(_t328);
													 *[fs:eax] = _t328;
													_push(0x42fb09);
													return E00429164( &_v48);
												}
											}
										} else {
											E00428ADC(0xb);
											goto L41;
										}
									} else {
										_push( &_v48);
										L00427130();
										_push(_t361);
										_push(0x42fa1b);
										_push( *[fs:eax]);
										 *[fs:eax] = _t364;
										_t294 =  *_v32 & 0x0000ffff;
										E00429890( &_v48,  *_v32 & 0x0000ffff, _v28, __edi, __esi, __fp0);
										if(( *_v32 & 0x0000ffff) != _v48) {
											E004289E4(_t294);
										}
										_v9 = E0042F4F4( &_v48, _v8, _v32, _t358, _t361, _t368);
										_pop(_t331);
										 *[fs:eax] = _t331;
										_push(0x42fb09);
										return E00429164( &_v48);
									}
								} else {
									if(( *_v32 & 0x0000ffff) == _v14) {
										_t95 = ( *((intOrPtr*)( *_v20 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4ab3d2 + _v8 * 2 + _t95) & 0x000000ff;
										goto L41;
									} else {
										_push( &_v48);
										L00427130();
										_push(_t361);
										_push(0x42f976);
										_push( *[fs:eax]);
										 *[fs:eax] = _t364;
										_t299 = _v14 & 0x0000ffff;
										E00429890( &_v48, _v14 & 0x0000ffff, _v32, __edi, __esi, __fp0);
										if((_v48 & 0x0000ffff) != _v14) {
											E004289E4(_t299);
										}
										_t83 = ( *((intOrPtr*)( *_v20 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4ab3d2 + _v8 * 2 + _t83) & 0x000000ff;
										_pop(_t339);
										 *[fs:eax] = _t339;
										_push(0x42fb09);
										return E00429164( &_v48);
									}
								}
							} else {
								E00428ADC(__ecx);
								goto L41;
							}
						} else {
							_v9 = E0042F274(_v8, 2);
							goto L41;
						}
					} else {
						_v9 = E0042F260(0, 1);
						goto L41;
					}
				} else {
					if(_t272 != 0) {
						if(_t272 != 1) {
							if(E00430584( *_v32 & 0x0000ffff,  &_v24) != 0) {
								_push( &_v12);
								if( *((intOrPtr*)( *_v24 + 4))() == 0) {
									_push( &_v48);
									L00427130();
									_push(_t361);
									_push(0x42f887);
									_push( *[fs:eax]);
									 *[fs:eax] = _t364;
									_t306 =  *_v28 & 0x0000ffff;
									E00429890( &_v48,  *_v28 & 0x0000ffff, _v32, __edi, __esi, __fp0);
									if((_v48 & 0xfff) !=  *_v28) {
										E004289E4(_t306);
									}
									_v9 = E0042F4F4(_v28, _v8,  &_v48, _t358, _t361, _t368);
									_pop(_t347);
									 *[fs:eax] = _t347;
									_push(0x42fb09);
									return E00429164( &_v48);
								} else {
									if(( *_v28 & 0x0000ffff) == _v12) {
										_t44 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4ab3d2 + _v8 * 2 + _t44) & 0x000000ff;
										goto L41;
									} else {
										_push( &_v48);
										L00427130();
										_push(_t361);
										_push(0x42f7f0);
										_push( *[fs:eax]);
										 *[fs:eax] = _t364;
										_t311 = _v12 & 0x0000ffff;
										E00429890( &_v48, _v12 & 0x0000ffff, _v28, __edi, __esi, __fp0);
										if((_v48 & 0xfff) != _v12) {
											E004289E4(_t311);
										}
										_t32 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4ab3d2 + _v8 * 2 + _t32) & 0x000000ff;
										_pop(_t355);
										 *[fs:eax] = _t355;
										_push(0x42fb09);
										return E00429164( &_v48);
									}
								}
							} else {
								E00428ADC(__ecx);
								goto L41;
							}
						} else {
							_v9 = E0042F274(_v8, 0);
							goto L41;
						}
					} else {
						_v9 = E0042F260(1, 0);
						L41:
						return _v9 & 0x000000ff;
					}
				}
			}























                                                                                                                                              0x0042f6dc
                                                                                                                                              0x0042f6dc
                                                                                                                                              0x0042f6dd
                                                                                                                                              0x0042f6df
                                                                                                                                              0x0042f6e3
                                                                                                                                              0x0042f6e6
                                                                                                                                              0x0042f6e9
                                                                                                                                              0x0042f6ec
                                                                                                                                              0x0042f6f3
                                                                                                                                              0x0042f700
                                                                                                                                              0x0042f891
                                                                                                                                              0x0042f897
                                                                                                                                              0x0042f8ae
                                                                                                                                              0x0042f8d0
                                                                                                                                              0x0042f8df
                                                                                                                                              0x0042f8f2
                                                                                                                                              0x0042f9ac
                                                                                                                                              0x0042f9b9
                                                                                                                                              0x0042fa2e
                                                                                                                                              0x0042fa3d
                                                                                                                                              0x0042fa50
                                                                                                                                              0x0042fb04
                                                                                                                                              0x00000000
                                                                                                                                              0x0042fa56
                                                                                                                                              0x0042fa60
                                                                                                                                              0x0042fafa
                                                                                                                                              0x0042faff
                                                                                                                                              0x00000000
                                                                                                                                              0x0042fa62
                                                                                                                                              0x0042fa65
                                                                                                                                              0x0042fa66
                                                                                                                                              0x0042fa6d
                                                                                                                                              0x0042fa6e
                                                                                                                                              0x0042fa73
                                                                                                                                              0x0042fa76
                                                                                                                                              0x0042fa79
                                                                                                                                              0x0042fa83
                                                                                                                                              0x0042fa90
                                                                                                                                              0x0042fa92
                                                                                                                                              0x0042fa92
                                                                                                                                              0x0042fab6
                                                                                                                                              0x0042fabb
                                                                                                                                              0x0042fac0
                                                                                                                                              0x0042fac3
                                                                                                                                              0x0042fac6
                                                                                                                                              0x0042fad3
                                                                                                                                              0x0042fad3
                                                                                                                                              0x0042fa60
                                                                                                                                              0x0042fa30
                                                                                                                                              0x0042fa30
                                                                                                                                              0x00000000
                                                                                                                                              0x0042fa30
                                                                                                                                              0x0042f9bb
                                                                                                                                              0x0042f9be
                                                                                                                                              0x0042f9bf
                                                                                                                                              0x0042f9c6
                                                                                                                                              0x0042f9c7
                                                                                                                                              0x0042f9cc
                                                                                                                                              0x0042f9cf
                                                                                                                                              0x0042f9d5
                                                                                                                                              0x0042f9de
                                                                                                                                              0x0042f9ed
                                                                                                                                              0x0042f9ef
                                                                                                                                              0x0042f9ef
                                                                                                                                              0x0042fa02
                                                                                                                                              0x0042fa07
                                                                                                                                              0x0042fa0a
                                                                                                                                              0x0042fa0d
                                                                                                                                              0x0042fa1a
                                                                                                                                              0x0042fa1a
                                                                                                                                              0x0042f8f8
                                                                                                                                              0x0042f902
                                                                                                                                              0x0042f99c
                                                                                                                                              0x0042f9a1
                                                                                                                                              0x00000000
                                                                                                                                              0x0042f904
                                                                                                                                              0x0042f907
                                                                                                                                              0x0042f908
                                                                                                                                              0x0042f90f
                                                                                                                                              0x0042f910
                                                                                                                                              0x0042f915
                                                                                                                                              0x0042f918
                                                                                                                                              0x0042f91b
                                                                                                                                              0x0042f925
                                                                                                                                              0x0042f932
                                                                                                                                              0x0042f934
                                                                                                                                              0x0042f934
                                                                                                                                              0x0042f958
                                                                                                                                              0x0042f95d
                                                                                                                                              0x0042f962
                                                                                                                                              0x0042f965
                                                                                                                                              0x0042f968
                                                                                                                                              0x0042f975
                                                                                                                                              0x0042f975
                                                                                                                                              0x0042f902
                                                                                                                                              0x0042f8d2
                                                                                                                                              0x0042f8d2
                                                                                                                                              0x00000000
                                                                                                                                              0x0042f8d2
                                                                                                                                              0x0042f8b0
                                                                                                                                              0x0042f8bc
                                                                                                                                              0x00000000
                                                                                                                                              0x0042f8bc
                                                                                                                                              0x0042f899
                                                                                                                                              0x0042f8a2
                                                                                                                                              0x00000000
                                                                                                                                              0x0042f8a2
                                                                                                                                              0x0042f706
                                                                                                                                              0x0042f709
                                                                                                                                              0x0042f720
                                                                                                                                              0x0042f746
                                                                                                                                              0x0042f755
                                                                                                                                              0x0042f768
                                                                                                                                              0x0042f826
                                                                                                                                              0x0042f827
                                                                                                                                              0x0042f82e
                                                                                                                                              0x0042f82f
                                                                                                                                              0x0042f834
                                                                                                                                              0x0042f837
                                                                                                                                              0x0042f83d
                                                                                                                                              0x0042f846
                                                                                                                                              0x0042f859
                                                                                                                                              0x0042f85b
                                                                                                                                              0x0042f85b
                                                                                                                                              0x0042f86e
                                                                                                                                              0x0042f873
                                                                                                                                              0x0042f876
                                                                                                                                              0x0042f879
                                                                                                                                              0x0042f886
                                                                                                                                              0x0042f76e
                                                                                                                                              0x0042f778
                                                                                                                                              0x0042f816
                                                                                                                                              0x0042f81b
                                                                                                                                              0x00000000
                                                                                                                                              0x0042f77a
                                                                                                                                              0x0042f77d
                                                                                                                                              0x0042f77e
                                                                                                                                              0x0042f785
                                                                                                                                              0x0042f786
                                                                                                                                              0x0042f78b
                                                                                                                                              0x0042f78e
                                                                                                                                              0x0042f791
                                                                                                                                              0x0042f79b
                                                                                                                                              0x0042f7ac
                                                                                                                                              0x0042f7ae
                                                                                                                                              0x0042f7ae
                                                                                                                                              0x0042f7d2
                                                                                                                                              0x0042f7d7
                                                                                                                                              0x0042f7dc
                                                                                                                                              0x0042f7df
                                                                                                                                              0x0042f7e2
                                                                                                                                              0x0042f7ef
                                                                                                                                              0x0042f7ef
                                                                                                                                              0x0042f778
                                                                                                                                              0x0042f748
                                                                                                                                              0x0042f748
                                                                                                                                              0x00000000
                                                                                                                                              0x0042f748
                                                                                                                                              0x0042f722
                                                                                                                                              0x0042f72e
                                                                                                                                              0x00000000
                                                                                                                                              0x0042f72e
                                                                                                                                              0x0042f70b
                                                                                                                                              0x0042f714
                                                                                                                                              0x0042fb09
                                                                                                                                              0x0042fb11
                                                                                                                                              0x0042fb11
                                                                                                                                              0x0042f709

                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 74738e14bd11834c42270b1f526ff37a822d84726435ceec5f4335d4c6c5fa18
                                                                                                                                              • Instruction ID: 66614a77be29197391dbf0046290447a78b6802db73ccca8e639b69c8d9a2377
                                                                                                                                              • Opcode Fuzzy Hash: 74738e14bd11834c42270b1f526ff37a822d84726435ceec5f4335d4c6c5fa18
                                                                                                                                              • Instruction Fuzzy Hash: 8AD16F74F002199FCF00DBA5D4928FEBBB5EF49300BD084BBE840A7351D638A949DB65
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00422D94, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 91%
                                                                                                                                              			E00422D94(void* __eax, void* __ebx, char __ecx, short* __edx, void* __edi, void* __esi, intOrPtr _a4, char _a8) {
				char _v8;
				short* _v12;
				char _v16;
				int _v20;
				int _v24;
				signed int _t58;
				char _t66;
				intOrPtr _t82;
				void* _t87;
				signed int _t93;
				void* _t96;

				_v8 = 0;
				_v16 = __ecx;
				_v12 = __edx;
				_t87 = __eax;
				_push(_t96);
				_push(0x422eca);
				_push( *[fs:eax]);
				 *[fs:eax] = _t96 + 0xffffffec;
				while(1) {
					_v24 = 0;
					if(RegQueryValueExW(_t87, _v12, 0,  &_v20, 0,  &_v24) != 0) {
						break;
					}
					_t9 =  &_a8; // 0x42300a
					if(_v20 ==  *_t9 || _v20 == _a4) {
						if(_v24 != 0) {
							__eflags = _v24 - 0x70000000;
							if(__eflags >= 0) {
								E0041F378();
							}
							_t80 = _v24 + 1 >> 1;
							E00407B7C( &_v8, _v24 + 1 >> 1, 0, __eflags);
							_t58 = RegQueryValueExW(_t87, _v12, 0,  &_v20, E00407F74( &_v8),  &_v24);
							__eflags = _t58 - 0xea;
							if(_t58 == 0xea) {
								continue;
							} else {
								__eflags = _t58;
								if(_t58 != 0) {
									break;
								}
								_t22 =  &_a8; // 0x42300a
								__eflags = _v20 -  *_t22;
								if(_v20 ==  *_t22) {
									L12:
									_t93 = _v24 >> 1;
									while(1) {
										__eflags = _t93;
										if(_t93 == 0) {
											break;
										}
										_t66 = _v8;
										__eflags =  *((short*)(_t66 + _t93 * 2 - 2));
										if( *((short*)(_t66 + _t93 * 2 - 2)) == 0) {
											_t93 = _t93 - 1;
											__eflags = _t93;
											continue;
										}
										break;
									}
									__eflags = _v20 - 7;
									if(_v20 == 7) {
										__eflags = _t93;
										if(_t93 != 0) {
											_t93 = _t93 + 1;
											__eflags = _t93;
										}
									}
									E00408644( &_v8, _t80, _t93);
									__eflags = _v20 - 7;
									if(_v20 == 7) {
										__eflags = _t93;
										if(_t93 != 0) {
											(E00407F74( &_v8))[_t93 * 2 - 2] = 0;
										}
									}
									_t37 =  &_v16; // 0x42300a
									E00407DD4( *_t37, _v8);
									break;
								}
								__eflags = _v20 - _a4;
								if(_v20 != _a4) {
									break;
								}
								goto L12;
							}
						} else {
							_t13 =  &_v16; // 0x42300a
							E004079F4( *_t13);
							break;
						}
					} else {
						break;
					}
				}
				_pop(_t82);
				 *[fs:eax] = _t82;
				_push(E00422ED1);
				return E004079F4( &_v8);
			}














                                                                                                                                              0x00422d9f
                                                                                                                                              0x00422da2
                                                                                                                                              0x00422da5
                                                                                                                                              0x00422da8
                                                                                                                                              0x00422dac
                                                                                                                                              0x00422dad
                                                                                                                                              0x00422db2
                                                                                                                                              0x00422db5
                                                                                                                                              0x00422dba
                                                                                                                                              0x00422dbc
                                                                                                                                              0x00422dd7
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00422de0
                                                                                                                                              0x00422de3
                                                                                                                                              0x00422df5
                                                                                                                                              0x00422e06
                                                                                                                                              0x00422e0d
                                                                                                                                              0x00422e0f
                                                                                                                                              0x00422e0f
                                                                                                                                              0x00422e1d
                                                                                                                                              0x00422e21
                                                                                                                                              0x00422e3e
                                                                                                                                              0x00422e43
                                                                                                                                              0x00422e48
                                                                                                                                              0x00000000
                                                                                                                                              0x00422e4e
                                                                                                                                              0x00422e4e
                                                                                                                                              0x00422e50
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00422e55
                                                                                                                                              0x00422e55
                                                                                                                                              0x00422e58
                                                                                                                                              0x00422e62
                                                                                                                                              0x00422e65
                                                                                                                                              0x00422e6a
                                                                                                                                              0x00422e6a
                                                                                                                                              0x00422e6c
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00422e6e
                                                                                                                                              0x00422e71
                                                                                                                                              0x00422e77
                                                                                                                                              0x00422e69
                                                                                                                                              0x00422e69
                                                                                                                                              0x00000000
                                                                                                                                              0x00422e69
                                                                                                                                              0x00000000
                                                                                                                                              0x00422e77
                                                                                                                                              0x00422e79
                                                                                                                                              0x00422e7d
                                                                                                                                              0x00422e7f
                                                                                                                                              0x00422e81
                                                                                                                                              0x00422e83
                                                                                                                                              0x00422e83
                                                                                                                                              0x00422e83
                                                                                                                                              0x00422e81
                                                                                                                                              0x00422e89
                                                                                                                                              0x00422e8e
                                                                                                                                              0x00422e92
                                                                                                                                              0x00422e94
                                                                                                                                              0x00422e96
                                                                                                                                              0x00422ea0
                                                                                                                                              0x00422ea0
                                                                                                                                              0x00422e96
                                                                                                                                              0x00422ea7
                                                                                                                                              0x00422ead
                                                                                                                                              0x00000000
                                                                                                                                              0x00422eb2
                                                                                                                                              0x00422e5d
                                                                                                                                              0x00422e60
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00422e60
                                                                                                                                              0x00422df7
                                                                                                                                              0x00422df7
                                                                                                                                              0x00422dfa
                                                                                                                                              0x00000000
                                                                                                                                              0x00422dff
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00000000
                                                                                                                                              0x00422de3
                                                                                                                                              0x00422eb6
                                                                                                                                              0x00422eb9
                                                                                                                                              0x00422ebc
                                                                                                                                              0x00422ec9

                                                                                                                                              APIs
                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,00422ECA,?,004A136C,00000000), ref: 00422DD0
                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,70000000,?,?,00000000,00000000,00000000,?,00000000,00422ECA,?,004A136C), ref: 00422E3E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: QueryValue
                                                                                                                                              • String ID: 0B$0B
                                                                                                                                              • API String ID: 3660427363-2047223620
                                                                                                                                              • Opcode ID: 85ea2ee95df027a8257bc04a9519c47954d8331ee6ef31d063f3570c986b0507
                                                                                                                                              • Instruction ID: 98124c36cd85d2e56ec74749d84b118a58c0a5b819721e5426fed98b2f6fb40a
                                                                                                                                              • Opcode Fuzzy Hash: 85ea2ee95df027a8257bc04a9519c47954d8331ee6ef31d063f3570c986b0507
                                                                                                                                              • Instruction Fuzzy Hash: AE414F31A00229BBDB14DB95DA81ABFB3B8FF14700F91446AE800B7290D778AE41D799
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041C8B0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                              			E0041C8B0(void* __eax, void* __ebx, intOrPtr* __edx, void* __esi, intOrPtr _a4) {
				char _v8;
				short _v18;
				short _v22;
				struct _SYSTEMTIME _v24;
				short _v536;
				short* _t32;
				intOrPtr* _t47;
				intOrPtr _t56;
				void* _t61;
				intOrPtr _t63;
				void* _t67;

				_v8 = 0;
				_t47 = __edx;
				_t61 = __eax;
				_push(_t67);
				_push(0x41c993);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67 + 0xfffffdec;
				E004079F4(__edx);
				_v24 =  *(_a4 - 2) & 0x0000ffff;
				_v22 =  *(_a4 - 4) & 0x0000ffff;
				_v18 =  *(_a4 - 6) & 0x0000ffff;
				if(_t61 > 2) {
					E00407E1C( &_v8, L"yyyy");
				} else {
					E00407E1C( &_v8, 0x41c9ac);
				}
				_t32 = E004084C8(_v8);
				if(GetDateFormatW(GetThreadLocale(), 4,  &_v24, _t32,  &_v536, 0x200) != 0) {
					E0040856C(_t47, 0x100,  &_v536);
					if(_t61 == 1 &&  *((short*)( *_t47)) == 0x30) {
						_t63 =  *_t47;
						if(_t63 != 0) {
							_t63 =  *((intOrPtr*)(_t63 - 4));
						}
						E0040888C( *_t47, _t63 - 1, 2, _t47);
					}
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x41c99a);
				return E004079F4( &_v8);
			}














                                                                                                                                              0x0041c8bd
                                                                                                                                              0x0041c8c0
                                                                                                                                              0x0041c8c2
                                                                                                                                              0x0041c8c6
                                                                                                                                              0x0041c8c7
                                                                                                                                              0x0041c8cc
                                                                                                                                              0x0041c8cf
                                                                                                                                              0x0041c8d4
                                                                                                                                              0x0041c8e0
                                                                                                                                              0x0041c8eb
                                                                                                                                              0x0041c8f6
                                                                                                                                              0x0041c8fd
                                                                                                                                              0x0041c916
                                                                                                                                              0x0041c8ff
                                                                                                                                              0x0041c907
                                                                                                                                              0x0041c907
                                                                                                                                              0x0041c92a
                                                                                                                                              0x0041c943
                                                                                                                                              0x0041c952
                                                                                                                                              0x0041c958
                                                                                                                                              0x0041c962
                                                                                                                                              0x0041c966
                                                                                                                                              0x0041c96b
                                                                                                                                              0x0041c96b
                                                                                                                                              0x0041c978
                                                                                                                                              0x0041c978
                                                                                                                                              0x0041c958
                                                                                                                                              0x0041c97f
                                                                                                                                              0x0041c982
                                                                                                                                              0x0041c985
                                                                                                                                              0x0041c992

                                                                                                                                              APIs
                                                                                                                                              • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000200,00000000,0041C993), ref: 0041C936
                                                                                                                                              • GetDateFormatW.KERNEL32(00000000,00000004,?,00000000,?,00000200,00000000,0041C993), ref: 0041C93C
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DateFormatLocaleThread
                                                                                                                                              • String ID: $yyyy
                                                                                                                                              • API String ID: 3303714858-404527807
                                                                                                                                              • Opcode ID: df7dc0c0cfe83e2716fada29b3ec226a844ef90c6556877d7290f236e844f23c
                                                                                                                                              • Instruction ID: 7872b70f8d9c9f4bf3ec9f73f967c83ea165cdf14193664953d7fcc649099f55
                                                                                                                                              • Opcode Fuzzy Hash: df7dc0c0cfe83e2716fada29b3ec226a844ef90c6556877d7290f236e844f23c
                                                                                                                                              • Instruction Fuzzy Hash: C8218371A502189BDB10EF55CD82AAEB3B8EF08740F5044BAF844E7291D6389E40C7AA
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040AA3C, Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                              			E0040AA3C(signed short __eax, void* __edx) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				short _v22;
				short _v24;
				char _v26;
				char _v32;
				void* __ebp;
				void* _t39;
				void* _t55;
				void* _t59;
				short* _t62;
				signed short _t66;
				void* _t67;
				void* _t68;
				signed short _t79;
				void* _t81;

				_t81 = __edx;
				_t66 = __eax;
				_v16 = 0;
				if(__eax !=  *0x4afc08()) {
					_v16 = E0040A9F8( &_v8);
					_t79 = _t66;
					_v20 = 3;
					_t62 =  &_v26;
					do {
						 *_t62 =  *(0xf + "0123456789ABCDEF") & 0x000000ff;
						_t79 = (_t79 & 0x0000ffff) >> 4;
						_v20 = _v20 - 1;
						_t62 = _t62 - 2;
					} while (_v20 != 0xffffffff);
					_v24 = 0;
					_v22 = 0;
					 *0x4afc04(4,  &_v32,  &_v20);
				}
				_t39 = E0040A9F8( &_v12);
				_t67 = _t39;
				if(_t67 != 0) {
					_t55 = _v12 - 2;
					if(_t55 >= 0) {
						_t59 = _t55 + 1;
						_v20 = 0;
						do {
							if( *((short*)(_t67 + _v20 * 2)) == 0) {
								 *((short*)(_t67 + _v20 * 2)) = 0x2c;
							}
							_v20 = _v20 + 1;
							_t59 = _t59 - 1;
						} while (_t59 != 0);
					}
					E00408530(_t81, _t67);
					_t39 = E0040540C(_t67);
				}
				if(_v16 != 0) {
					 *0x4afc04(0, 0,  &_v20);
					_t68 = E0040A9F8( &_v12);
					if(_v8 != _v12 || E0040A9D4(_v16, _v12, _t68) != 0) {
						 *0x4afc04(8, _v16,  &_v20);
					}
					E0040540C(_t68);
					return E0040540C(_v16);
				}
				return _t39;
			}





















                                                                                                                                              0x0040aa44
                                                                                                                                              0x0040aa46
                                                                                                                                              0x0040aa4a
                                                                                                                                              0x0040aa56
                                                                                                                                              0x0040aa60
                                                                                                                                              0x0040aa63
                                                                                                                                              0x0040aa65
                                                                                                                                              0x0040aa6c
                                                                                                                                              0x0040aa6f
                                                                                                                                              0x0040aa80
                                                                                                                                              0x0040aa86
                                                                                                                                              0x0040aa89
                                                                                                                                              0x0040aa8c
                                                                                                                                              0x0040aa8f
                                                                                                                                              0x0040aa95
                                                                                                                                              0x0040aa9b
                                                                                                                                              0x0040aaab
                                                                                                                                              0x0040aaab
                                                                                                                                              0x0040aab4
                                                                                                                                              0x0040aab9
                                                                                                                                              0x0040aabd
                                                                                                                                              0x0040aac2
                                                                                                                                              0x0040aac7
                                                                                                                                              0x0040aac9
                                                                                                                                              0x0040aaca
                                                                                                                                              0x0040aad1
                                                                                                                                              0x0040aad9
                                                                                                                                              0x0040aade
                                                                                                                                              0x0040aade
                                                                                                                                              0x0040aae4
                                                                                                                                              0x0040aae7
                                                                                                                                              0x0040aae7
                                                                                                                                              0x0040aad1
                                                                                                                                              0x0040aaee
                                                                                                                                              0x0040aaf5
                                                                                                                                              0x0040aaf5
                                                                                                                                              0x0040aafe
                                                                                                                                              0x0040ab08
                                                                                                                                              0x0040ab16
                                                                                                                                              0x0040ab1e
                                                                                                                                              0x0040ab3b
                                                                                                                                              0x0040ab3b
                                                                                                                                              0x0040ab43
                                                                                                                                              0x00000000
                                                                                                                                              0x0040ab4b
                                                                                                                                              0x0040ab55

                                                                                                                                              APIs
                                                                                                                                              • GetThreadUILanguage.KERNEL32(?,00000000), ref: 0040AA4D
                                                                                                                                              • SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 0040AAAB
                                                                                                                                              • SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 0040AB08
                                                                                                                                              • SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 0040AB3B
                                                                                                                                                • Part of subcall function 0040A9F8: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,0040AAB9), ref: 0040AA0F
                                                                                                                                                • Part of subcall function 0040A9F8: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,0040AAB9), ref: 0040AA2C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Thread$LanguagesPreferred$Language
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2255706666-0
                                                                                                                                              • Opcode ID: cd06836042f7dc8c715063394acf5e4e52feefd8764bcfa4f6b7f58fc5ac6852
                                                                                                                                              • Instruction ID: b1904a49824afe99751246d4952eda1d7de773daf142b1b34e0f1b3e25ee96c1
                                                                                                                                              • Opcode Fuzzy Hash: cd06836042f7dc8c715063394acf5e4e52feefd8764bcfa4f6b7f58fc5ac6852
                                                                                                                                              • Instruction Fuzzy Hash: 07317A70A0021A9BDB10EBE9C885AAFB7B8FF04304F40427AE911F72D1DB789E45CB55
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040E4A8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 65%
                                                                                                                                              			E0040E4A8(void* __ebx, void* __esi, struct HINSTANCE__* _a4, char _a8) {
				char _v8;
				_Unknown_base(*)()* _v12;
				CHAR* _t31;
				intOrPtr _t38;
				intOrPtr _t39;
				struct HINSTANCE__* _t41;
				void* _t43;
				void* _t44;
				intOrPtr _t45;

				_t43 = _t44;
				_t45 = _t44 + 0xfffffff8;
				_v8 = 0;
				_t2 =  &_a8; // 0x42300a
				_t31 =  *_t2;
				_t41 = _a4;
				_push(_t43);
				_push(0x40e546);
				_push( *[fs:eax]);
				 *[fs:eax] = _t45;
				if(_t31 >> 0x10 != 0) {
					_push(_t43);
					 *[fs:eax] = _t45;
					E00407A18( &_v8);
					E00408104( &_v8, 0, _t31,  *[fs:eax]);
					_v12 = GetProcAddress(_t41, E004081CC(_v8));
					_t38 = 0x40e529;
					 *[fs:eax] = _t38;
					_push(E0040E530);
					return E00407A18( &_v8);
				} else {
					_v12 = GetProcAddress(_t41, _t31);
					_pop(_t39);
					 *[fs:eax] = _t39;
					_push(E0040E54D);
					return E00407A18( &_v8);
				}
			}












                                                                                                                                              0x0040e4a9
                                                                                                                                              0x0040e4ab
                                                                                                                                              0x0040e4b2
                                                                                                                                              0x0040e4b5
                                                                                                                                              0x0040e4b5
                                                                                                                                              0x0040e4b8
                                                                                                                                              0x0040e4bd
                                                                                                                                              0x0040e4be
                                                                                                                                              0x0040e4c3
                                                                                                                                              0x0040e4c6
                                                                                                                                              0x0040e4ce
                                                                                                                                              0x0040e4de
                                                                                                                                              0x0040e4e7
                                                                                                                                              0x0040e4ed
                                                                                                                                              0x0040e4fc
                                                                                                                                              0x0040e510
                                                                                                                                              0x0040e515
                                                                                                                                              0x0040e518
                                                                                                                                              0x0040e51b
                                                                                                                                              0x0040e528
                                                                                                                                              0x0040e4d0
                                                                                                                                              0x0040e4d7
                                                                                                                                              0x0040e532
                                                                                                                                              0x0040e535
                                                                                                                                              0x0040e538
                                                                                                                                              0x0040e545
                                                                                                                                              0x0040e545

                                                                                                                                              APIs
                                                                                                                                              • GetProcAddress.KERNEL32(?,0B), ref: 0040E4D2
                                                                                                                                              • GetProcAddress.KERNEL32(?,00000000), ref: 0040E50B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressProc
                                                                                                                                              • String ID: 0B
                                                                                                                                              • API String ID: 190572456-3041020555
                                                                                                                                              • Opcode ID: 73c9e18d93592e43fe666bfe4bf432486626273dc5cba755a9ef1ec8c293c77a
                                                                                                                                              • Instruction ID: 64ac29280dfebcd60019ca95f25d34e387ec400068b91dc547cac48b7599c2c3
                                                                                                                                              • Opcode Fuzzy Hash: 73c9e18d93592e43fe666bfe4bf432486626273dc5cba755a9ef1ec8c293c77a
                                                                                                                                              • Instruction Fuzzy Hash: 6D117770614608BFE701DF62DC5295EB7ACDB49718BA14C7BF404F26C1E63C5F109559
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00421B7C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                              			E00421B7C(int __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				struct _cpinfo _v24;
				void* __ebp;
				void* _t14;
				struct _cpinfo _t20;
				void* _t23;
				void* _t29;
				int _t30;
				intOrPtr _t31;
				void* _t32;
				void* _t34;
				void* _t35;
				void* _t36;
				int _t40;

				_t32 = __edx;
				_t30 = __ecx;
				if(__edx != 0) {
					_t36 = _t36 + 0xfffffff0;
					_t14 = E00406284(_t14, _t35);
				}
				_t29 = _t32;
				_t34 = _t14;
				if(_t30 != 0) {
					 *(_t34 + 0xc) = _t30;
				} else {
					 *(_t34 + 0xc) = GetACP();
				}
				 *((intOrPtr*)(_t34 + 0x10)) = _a8;
				 *((intOrPtr*)(_t34 + 0x14)) = _a4;
				_t40 = GetCPInfo( *(_t34 + 0xc),  &_v24);
				if(_t40 == 0) {
					_t31 =  *0x4ac694; // 0x40ec78
					E0041F440(_t31, 1);
					E004070F0();
				}
				_t20 = _v24;
				 *(_t34 + 8) = _t20;
				 *((char*)(_t34 + 4)) = _t20 - 0x00000001 & 0xffffff00 | _t40 == 0x00000000;
				_t23 = _t34;
				if(_t29 != 0) {
					E004062DC(_t23);
					_pop( *[fs:0x0]);
				}
				return _t34;
			}
















                                                                                                                                              0x00421b7c
                                                                                                                                              0x00421b7c
                                                                                                                                              0x00421b86
                                                                                                                                              0x00421b88
                                                                                                                                              0x00421b8b
                                                                                                                                              0x00421b8b
                                                                                                                                              0x00421b90
                                                                                                                                              0x00421b92
                                                                                                                                              0x00421b96
                                                                                                                                              0x00421ba2
                                                                                                                                              0x00421b98
                                                                                                                                              0x00421b9d
                                                                                                                                              0x00421b9d
                                                                                                                                              0x00421ba8
                                                                                                                                              0x00421bae
                                                                                                                                              0x00421bbe
                                                                                                                                              0x00421bc0
                                                                                                                                              0x00421bc2
                                                                                                                                              0x00421bcf
                                                                                                                                              0x00421bd4
                                                                                                                                              0x00421bd4
                                                                                                                                              0x00421bd9
                                                                                                                                              0x00421bdc
                                                                                                                                              0x00421be3
                                                                                                                                              0x00421be6
                                                                                                                                              0x00421bea
                                                                                                                                              0x00421bec
                                                                                                                                              0x00421bf1
                                                                                                                                              0x00421bf8
                                                                                                                                              0x00421c02

                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Info
                                                                                                                                              • String ID: x@
                                                                                                                                              • API String ID: 1807457897-1747526965
                                                                                                                                              • Opcode ID: cf44248a1c658bdd47b36df632dd9645ef3597e39912394a14df77dcb10368e0
                                                                                                                                              • Instruction ID: 462749be72c426496f1a41d89de2effdbae1b1a2d75a6ab79572deab56c71eea
                                                                                                                                              • Opcode Fuzzy Hash: cf44248a1c658bdd47b36df632dd9645ef3597e39912394a14df77dcb10368e0
                                                                                                                                              • Instruction Fuzzy Hash: 9C012631A006008FC320EF6AE881957BBF89F14358700853FFC49C7752E639E9008BA9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00422EE8, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E00422EE8(void* __eax, short* __ecx, void* __edx, void** _a4, char _a8, int _a12) {
				short* _t8;
				void* _t9;
				int _t10;

				_t9 = __edx;
				_t8 = __ecx;
				_t1 =  &_a8; // 0x42300a
				_t10 =  *_t1;
				if(__eax == 2) {
					_t10 = _t10 | 0x00000100;
				}
				return RegOpenKeyExW(_t9, _t8, _a12, _t10, _a4);
			}






                                                                                                                                              0x00422ee8
                                                                                                                                              0x00422ee8
                                                                                                                                              0x00422eec
                                                                                                                                              0x00422eec
                                                                                                                                              0x00422ef1
                                                                                                                                              0x00422ef3
                                                                                                                                              0x00422ef3
                                                                                                                                              0x00422f0b

                                                                                                                                              APIs
                                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,0B,?,00000000,?,00422FAA,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,0042300A), ref: 00422F04
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Open
                                                                                                                                              • String ID: 0B$Control Panel\Desktop\ResourceLocale
                                                                                                                                              • API String ID: 71445658-3141456704
                                                                                                                                              • Opcode ID: 3b69ebcaa1c44acc297296391af532f1a488bbb5d67ca1580915a5ac9ed8a3b1
                                                                                                                                              • Instruction ID: 754d8ca44475c60336da28a52261fe1ed214884b621adf6beb20dea320f59cf5
                                                                                                                                              • Opcode Fuzzy Hash: 3b69ebcaa1c44acc297296391af532f1a488bbb5d67ca1580915a5ac9ed8a3b1
                                                                                                                                              • Instruction Fuzzy Hash: ABD092729102287BAB109A89DC41DFB7B9DAB19360F41852AFD4497200C2B4AC519BE8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00420ACC, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                              			E00420ACC() {
				void* __ebx;
				struct HINSTANCE__* _t1;
				void* _t4;

				_t1 = GetModuleHandleW(L"kernel32.dll");
				_t3 = _t1;
				if(_t1 != 0) {
					_t1 = E0040E4A8(_t3, _t4, _t3, L"GetDiskFreeSpaceExW");
					 *0x4a9e30 = _t1;
				}
				if( *0x4a9e30 == 0) {
					 *0x4a9e30 = E0041A5FC;
					return E0041A5FC;
				}
				return _t1;
			}






                                                                                                                                              0x00420ad2
                                                                                                                                              0x00420ad7
                                                                                                                                              0x00420adb
                                                                                                                                              0x00420ae3
                                                                                                                                              0x00420ae8
                                                                                                                                              0x00420ae8
                                                                                                                                              0x00420af4
                                                                                                                                              0x00420afb
                                                                                                                                              0x00000000
                                                                                                                                              0x00420afb
                                                                                                                                              0x00420b01

                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,?,00420BA8,00000000,00420BC0,?,?,00420B5D), ref: 00420AD2
                                                                                                                                                • Part of subcall function 0040E4A8: GetProcAddress.KERNEL32(?,0B), ref: 0040E4D2
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.688372706.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.688192874.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691670800.00000000004A9000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691693676.00000000004B2000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691725785.00000000004B6000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000005.00000002.691735483.00000000004B8000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                              • String ID: GetDiskFreeSpaceExW$kernel32.dll
                                                                                                                                              • API String ID: 1646373207-1127948838
                                                                                                                                              • Opcode ID: d3fba4843dc8b289438757c69ca8191ca322e81c70d910c138525665c107990f
                                                                                                                                              • Instruction ID: 4be4f1343aa80eda7f8312904a91226add29b11054fd17f8baa2da6a23536271
                                                                                                                                              • Opcode Fuzzy Hash: d3fba4843dc8b289438757c69ca8191ca322e81c70d910c138525665c107990f
                                                                                                                                              • Instruction Fuzzy Hash: 71D05EB03203115FE710DBE5A8C1B5B2ECAA307319F80043BA40065293C7BD9C50C71C
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Analysis Process: VoicemodSetup_2.8.0.4.tmp PID: 3096 Parent PID: 4876 VoicemodSetup_2.8.0.4.tmpCOMMON

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:12.2%
                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                              Signature Coverage:1.5%
                                                                                                                                              Total number of Nodes:1944
                                                                                                                                              Total number of Limit Nodes:92

                                                                                                                                              Graph

                                                                                                                                              execution_graph 23425 40f601 23426 40f608 23425->23426 23427 40f60d 23425->23427 23429 40f4e0 23426->23429 23432 40f318 23429->23432 23433 40f32d 23432->23433 23434 40f41c 23433->23434 23435 40f3e0 FreeLibrary 23433->23435 23436 40f3fd LocalFree 23433->23436 23434->23427 23435->23433 23436->23433 23437 64e4a0 23449 40efec GetModuleHandleW 23437->23449 23443 64e515 23460 643d68 23443->23460 23445 64e51a 23491 596428 23445->23491 23448 64e59a 23450 40f027 23449->23450 23499 408170 23450->23499 23453 643cf8 GetModuleHandleW 23522 412174 23453->23522 23455 643d0d 23456 596918 23455->23456 23457 596927 23456->23457 23459 596944 23456->23459 23458 596931 SendMessageW 23457->23458 23457->23459 23458->23459 23459->23443 23533 5ee934 14 API calls 23460->23533 23462 643ea0 23561 40876c 23462->23561 23463 643d96 23463->23462 23534 5a3b0c 13 API calls 23463->23534 23466 643db4 23468 643e05 23466->23468 23477 643dba 23466->23477 23470 643e94 23468->23470 23471 643e0f 23468->23471 23469 40876c 12 API calls 23472 643f1b 23469->23472 23474 643ea2 23470->23474 23475 643e9c 23470->23475 23552 5a3b6c 14 API calls 23471->23552 23472->23445 23558 642e90 136 API calls 23474->23558 23475->23462 23560 643630 283 API calls 23475->23560 23476 643e1f 23553 5aa11c 23476->23553 23477->23468 23487 5a3b6c 14 API calls 23477->23487 23490 643dda 23477->23490 23479 643eb7 23559 40856c 12 API calls 23479->23559 23483 643e2e 23557 5aa0b4 106 API calls 23483->23557 23484 643ed6 23535 40843c 23484->23535 23485 643ec1 23485->23462 23487->23477 23489 643e5c 23489->23445 23490->23468 23494 59643c 23491->23494 23492 596481 ShowWindow 23492->23448 23493 596474 23584 408aec 23493->23584 23494->23492 23494->23493 23495 596450 SetWindowTextW 23494->23495 23497 596460 23494->23497 23495->23493 23498 59646d SetWindowTextW 23497->23498 23498->23493 23500 4081a8 23499->23500 23503 408104 23500->23503 23504 40814c GetWindowLongW SetWindowLongW SetErrorMode 23503->23504 23505 408114 23503->23505 23504->23453 23505->23504 23508 5a5138 FormatMessageW 23505->23508 23512 40e8c4 GetSystemInfo 23505->23512 23509 5a515e 23508->23509 23513 408894 23509->23513 23512->23505 23514 4088a4 23513->23514 23517 408730 23514->23517 23518 408751 23517->23518 23519 408736 23517->23519 23518->23505 23519->23518 23521 4054ac 12 API calls 23519->23521 23521->23518 23523 4121a8 23522->23523 23524 41219c GetProcAddress 23522->23524 23526 408730 12 API calls 23523->23526 23525 4121fc 23524->23525 23527 408730 12 API calls 23525->23527 23529 4121be 23526->23529 23528 412211 23527->23528 23528->23455 23530 4121d5 GetProcAddress 23529->23530 23531 408730 12 API calls 23530->23531 23532 4121f4 23531->23532 23532->23455 23533->23463 23534->23466 23536 408463 23535->23536 23538 408452 23535->23538 23537 40846c GetCurrentThreadId 23536->23537 23540 408479 23536->23540 23537->23540 23572 4083a4 GetStdHandle WriteFile GetStdHandle WriteFile 23538->23572 23541 4084e8 23540->23541 23565 405554 23540->23565 23568 40809c 23541->23568 23542 40845c 23542->23536 23545 4084ed 23548 408513 FreeLibrary 23545->23548 23550 408519 23545->23550 23546 4084d0 23546->23541 23547 405554 9 API calls 23546->23547 23547->23546 23548->23550 23549 408552 23550->23549 23551 40854a ExitProcess 23550->23551 23552->23476 23554 5aa126 23553->23554 23555 5aa16b 23554->23555 23582 5aa0a0 107 API calls 23554->23582 23555->23483 23557->23489 23558->23479 23559->23485 23560->23484 23563 408772 23561->23563 23562 408798 23562->23469 23563->23562 23583 4054ac 12 API calls 23563->23583 23573 40ea80 23565->23573 23567 40555a 23567->23546 23569 4080ab 23568->23569 23570 4080e0 23568->23570 23569->23570 23571 4080da KiUserCallbackDispatcher 23569->23571 23570->23545 23571->23569 23572->23542 23574 40eab5 TlsGetValue 23573->23574 23575 40ea8f 23573->23575 23576 40ea9a 23574->23576 23577 40eabf 23574->23577 23575->23567 23581 40ea3c 12 API calls 23576->23581 23577->23567 23579 40ea9f TlsGetValue 23580 40eaae 23579->23580 23580->23567 23581->23579 23582->23555 23583->23563 23586 408af0 23584->23586 23585 408b30 23585->23492 23586->23585 23588 4054ac 12 API calls 23586->23588 23588->23585 23589 4285e7 SetErrorMode 23590 411fe4 CreateMutexW 23591 4210e4 23600 4097c0 23591->23600 23593 4210f1 DeleteFileW 23594 421103 GetLastError GetFileAttributesW 23593->23594 23595 421139 23593->23595 23596 421133 SetLastError 23594->23596 23597 421115 23594->23597 23596->23595 23597->23596 23598 42111e 23597->23598 23599 421125 RemoveDirectoryW 23598->23599 23599->23595 23601 4097c6 23600->23601 23601->23593 23602 638c84 23607 5eea00 58 API calls 23602->23607 23604 638ca4 23608 638a04 23604->23608 23607->23604 23609 638c31 23608->23609 23610 638a16 23608->23610 23654 45a5a8 23610->23654 23620 638a68 23621 638a9d 23620->23621 23693 5a4b48 GetDC 23620->23693 23622 638aad 23621->23622 23623 638abc 23621->23623 23696 408b88 23622->23696 23626 408b88 12 API calls 23623->23626 23627 638aba 23626->23627 23629 638ad2 23627->23629 23630 638ae1 23627->23630 23628 638a8a 23628->23621 23633 408aec 12 API calls 23628->23633 23631 408b88 12 API calls 23629->23631 23632 408b88 12 API calls 23630->23632 23634 638adf 23631->23634 23632->23634 23633->23621 23635 638af7 23634->23635 23636 638b06 23634->23636 23637 408b88 12 API calls 23635->23637 23638 408b88 12 API calls 23636->23638 23639 638b04 23637->23639 23638->23639 23690 5a5b74 23639->23690 23641 638b3b 23642 5a5b74 12 API calls 23641->23642 23643 638b54 23642->23643 23644 5a5b74 12 API calls 23643->23644 23645 638b6d 23644->23645 23646 5a5b74 12 API calls 23645->23646 23647 638b86 23646->23647 23648 596428 14 API calls 23647->23648 23652 638b9e 23648->23652 23649 638c12 23649->23609 23650 638c1b SendNotifyMessageW 23649->23650 23650->23609 23651 45a5a8 105 API calls 23651->23652 23652->23649 23652->23651 23653 408aec 12 API calls 23652->23653 23653->23652 23655 45a5b5 23654->23655 23656 45a5c4 23654->23656 23700 45a51c 105 API calls 23655->23700 23658 408cc0 23656->23658 23660 408c74 23658->23660 23659 408cb1 23662 5ab760 23659->23662 23660->23659 23701 4054ac 12 API calls 23660->23701 23663 5ab76e 23662->23663 23665 5ab787 23663->23665 23702 5ab6ac 12 API calls 23663->23702 23667 5ab7a9 23665->23667 23703 5ab6ac 12 API calls 23665->23703 23671 5ab7df 23667->23671 23704 5ab6ac 12 API calls 23667->23704 23670 408894 12 API calls 23670->23671 23671->23670 23672 5ab812 23671->23672 23705 5ab6ac 12 API calls 23671->23705 23673 40a3a0 23672->23673 23674 40a3b7 23673->23674 23676 40a3ed 23674->23676 23677 40a3c6 23674->23677 23706 40a430 28 API calls 23674->23706 23676->23677 23707 40e24c 26 API calls 23676->23707 23679 40a694 23677->23679 23684 40a6b1 23679->23684 23680 40a6c1 23680->23620 23682 408b88 12 API calls 23682->23684 23684->23680 23684->23682 23685 408aec 12 API calls 23684->23685 23688 40a694 59 API calls 23684->23688 23708 4086ec SysAllocStringLen SysFreeString SysReAllocStringLen 23684->23708 23709 40a670 12 API calls 23684->23709 23710 40aabc 59 API calls 23684->23710 23711 40e278 54 API calls 23684->23711 23712 40ba40 28 API calls 23684->23712 23685->23684 23688->23684 23713 421a40 23690->23713 23692 5a5b8c 23692->23641 23694 4097c0 23693->23694 23695 5a4b7d EnumFontsW ReleaseDC 23694->23695 23695->23628 23698 408b8c 23696->23698 23697 408bce 23697->23627 23698->23697 23718 4054ac 12 API calls 23698->23718 23701->23659 23702->23665 23703->23667 23704->23671 23705->23671 23706->23674 23707->23676 23708->23684 23709->23684 23710->23684 23711->23684 23712->23684 23714 421a44 23713->23714 23715 421a4e 23713->23715 23717 4054ac 12 API calls 23714->23717 23715->23692 23717->23715 23718->23697 23719 4f5da8 23720 4f5dd7 23719->23720 23725 4ee93c 117 API calls 23720->23725 23722 4f5de9 23726 4d4558 119 API calls 23722->23726 23724 4f5dee 23725->23722 23726->23724 23727 40f428 23728 40f4cf 23727->23728 23729 40f44e 23727->23729 23729->23728 23731 40f038 23729->23731 23732 40f063 23731->23732 23733 40f0d4 RaiseException 23732->23733 23734 40f0fc 23732->23734 23750 40f169 23733->23750 23736 40f191 LoadLibraryA 23734->23736 23737 40f19c 23734->23737 23740 40f232 23734->23740 23734->23750 23735 40f29b 23742 40f29f GetLastError 23735->23742 23735->23750 23736->23737 23738 40f1a0 GetLastError 23737->23738 23739 40f1eb 23737->23739 23743 40f1b1 23738->23743 23747 40f1f9 23739->23747 23748 40f22c FreeLibrary 23739->23748 23740->23735 23741 40f28f GetProcAddress 23740->23741 23740->23750 23741->23735 23744 40f2b0 23742->23744 23743->23739 23746 40f1c3 RaiseException 23743->23746 23745 40f2c2 RaiseException 23744->23745 23744->23750 23745->23750 23746->23750 23747->23740 23749 40f1ff LocalAlloc 23747->23749 23748->23740 23749->23740 23751 40f20f 23749->23751 23750->23729 23751->23740 23752 403f88 23753 403fa0 23752->23753 23754 4041e8 23752->23754 23764 403fb2 23753->23764 23766 40403d Sleep 23753->23766 23755 404300 23754->23755 23756 4041ac 23754->23756 23757 403d34 VirtualAlloc 23755->23757 23758 404309 23755->23758 23765 4041c6 Sleep 23756->23765 23767 404206 23756->23767 23760 403d6f 23757->23760 23761 403d5f 23757->23761 23759 403fc1 23776 403ce8 Sleep Sleep 23761->23776 23763 4040a0 23775 4040ac 23763->23775 23777 403c6c 23763->23777 23764->23759 23764->23763 23770 404081 Sleep 23764->23770 23765->23767 23768 4041dc Sleep 23765->23768 23766->23764 23769 404053 Sleep 23766->23769 23771 403c6c VirtualAlloc 23767->23771 23772 404224 23767->23772 23768->23756 23769->23753 23770->23763 23774 404097 Sleep 23770->23774 23771->23772 23774->23764 23776->23760 23781 403c00 23777->23781 23779 403c75 VirtualAlloc 23780 403c8c 23779->23780 23780->23775 23782 403ba0 23781->23782 23782->23779 23783 637148 23798 60da2c 23783->23798 23788 6371c4 23870 40870c 23788->23870 23789 637183 GetTickCount 23804 5ec628 23789->23804 23794 6371a5 23794->23788 23836 409a14 23794->23836 23796 6371bc 23847 5f4704 23796->23847 23874 60e188 23798->23874 23801 60da18 23802 408aec 12 API calls 23801->23802 23803 60da27 23802->23803 23803->23788 23803->23789 23835 5f3e10 50 API calls 23803->23835 23805 5ec67a 23804->23805 23815 5ec859 23804->23815 23806 5ec68c 23805->23806 23930 5eadec 23805->23930 23809 5ec69a 23806->23809 23810 5ec6b7 23806->23810 23806->23815 23807 5ec870 23811 40876c 12 API calls 23807->23811 23951 5a2b40 23809->23951 23959 5a30c4 12 API calls 23810->23959 23813 5ec8b8 23811->23813 23818 40876c 12 API calls 23813->23818 23815->23807 23945 5eafdc 23815->23945 23817 5ec6a5 23820 409a14 12 API calls 23817->23820 23821 5ec8c5 23818->23821 23819 5ec6c2 23960 408b34 23819->23960 23823 5ec6b5 23820->23823 23821->23794 23938 5eac28 23823->23938 23825 5ec6df 23825->23815 23832 5ec6ec 23825->23832 23826 5ec823 FindNextFileW 23827 5ec83b FindClose 23826->23827 23826->23832 23827->23794 23828 5ec749 23829 409a14 12 API calls 23828->23829 23964 5eb054 Wow64DisableWow64FsRedirection SetLastError Wow64RevertWow64FsRedirection SetFileAttributesW GetLastError 23828->23964 23829->23828 23830 409a14 12 API calls 23830->23832 23832->23826 23832->23827 23832->23828 23832->23830 23833 5ec628 24 API calls 23832->23833 23965 5eaad0 23832->23965 23833->23832 23835->23789 23837 409a86 23836->23837 23838 409a18 23836->23838 23839 409a20 23838->23839 23842 408aec 23838->23842 23839->23837 23841 408aec 12 API calls 23839->23841 23844 409a2f 23839->23844 23840 408b30 23840->23796 23841->23844 23842->23840 23986 4054ac 12 API calls 23842->23986 23844->23837 23845 408aec 12 API calls 23844->23845 23846 409a82 23845->23846 23846->23796 23848 5f4736 23847->23848 23849 5f484c 23847->23849 23987 5f439c GetSystemTimeAsFileTime 23848->23987 23850 5f48a6 23849->23850 23997 5f3e80 50 API calls 23849->23997 23853 40876c 12 API calls 23850->23853 23855 5f48c0 23853->23855 23854 5f473e 23856 421bbc 105 API calls 23854->23856 23857 40870c 12 API calls 23855->23857 23858 5f47af 23856->23858 23859 5f48c8 23857->23859 23990 5f46f4 23858->23990 23859->23788 23861 5f4842 23863 5f46f4 107 API calls 23861->23863 23862 5f480a 23862->23861 23865 409be4 12 API calls 23862->23865 23863->23849 23867 5f483a 23865->23867 23866 5f47b7 23866->23862 23868 5f46f4 107 API calls 23866->23868 23993 409be4 23866->23993 23869 5f46f4 107 API calls 23867->23869 23868->23866 23869->23861 23871 408712 23870->23871 23872 40872d 23870->23872 23871->23872 24030 4054ac 12 API calls 23871->24030 23875 60da38 23874->23875 23876 60e19b 23874->23876 23875->23801 23894 5f4988 23876->23894 23879 60e1e0 WaitForSingleObject 23880 60e1f5 GetExitCodeProcess 23879->23880 23881 60e1cb 23879->23881 23883 60e233 23880->23883 23884 60e203 23880->23884 23882 5f4704 112 API calls 23881->23882 23885 60e1d5 TerminateProcess 23882->23885 23888 5f4704 112 API calls 23883->23888 23886 60e215 23884->23886 23887 60e209 23884->23887 23885->23879 23890 5f4988 112 API calls 23886->23890 23889 5f4704 112 API calls 23887->23889 23891 60e23d CloseHandle 23888->23891 23892 60e213 23889->23892 23890->23892 23891->23875 23893 60e258 Sleep 23891->23893 23892->23891 23893->23875 23895 5f49ad 23894->23895 23896 5f49ce 23895->23896 23902 421bbc 23895->23902 23899 40870c 12 API calls 23896->23899 23901 5f49e3 CloseHandle 23899->23901 23900 5f4704 112 API calls 23900->23896 23901->23879 23905 421be4 23902->23905 23908 421c14 23905->23908 23909 421c1d 23908->23909 23911 421c7d 23909->23911 23921 421acc 105 API calls 23909->23921 23912 421cf0 23911->23912 23919 421c9a 23911->23919 23913 408894 12 API calls 23912->23913 23915 421bdc 23913->23915 23914 421ce4 23916 40993c 12 API calls 23914->23916 23915->23900 23916->23915 23917 40870c 12 API calls 23917->23919 23919->23914 23919->23917 23922 40993c 23919->23922 23929 421acc 105 API calls 23919->23929 23921->23911 23924 409987 23922->23924 23926 409949 23922->23926 23923 408730 12 API calls 23925 409984 23923->23925 23924->23923 23925->23919 23926->23924 23927 409961 23926->23927 23927->23925 23928 408730 12 API calls 23927->23928 23928->23925 23929->23919 23972 5ea8ec 23930->23972 23932 5eae02 23933 5eae06 23932->23933 23978 5a3460 23932->23978 23933->23806 23939 5ea8ec 2 API calls 23938->23939 23941 5eac41 23939->23941 23940 5eac45 23940->23825 23941->23940 23942 5eac64 FindFirstFileW GetLastError 23941->23942 23943 5ea928 Wow64RevertWow64FsRedirection 23942->23943 23944 5eac8a 23943->23944 23944->23825 23946 5ea8ec 2 API calls 23945->23946 23948 5eaff2 23946->23948 23947 5eaff6 23947->23807 23948->23947 23949 5eb012 RemoveDirectoryW GetLastError 23948->23949 23950 5ea928 Wow64RevertWow64FsRedirection 23949->23950 23950->23947 23952 5a2b6e 23951->23952 23955 5a2b4a 23951->23955 23953 408aec 12 API calls 23952->23953 23954 5a2b77 23953->23954 23954->23817 23955->23952 23956 5a2b5d 23955->23956 23957 409a14 12 API calls 23956->23957 23958 5a2b6b 23957->23958 23958->23817 23959->23819 23962 408b38 23960->23962 23961 408b5c 23961->23823 23962->23961 23985 4054ac 12 API calls 23962->23985 23964->23832 23966 5ea8ec 2 API calls 23965->23966 23967 5eaae6 23966->23967 23968 5eaaea 23967->23968 23969 5eab06 DeleteFileW GetLastError 23967->23969 23968->23832 23970 5ea928 Wow64RevertWow64FsRedirection 23969->23970 23971 5eab2c 23970->23971 23971->23832 23973 5ea8fa 23972->23973 23974 5ea8f6 23972->23974 23975 5ea91c SetLastError 23973->23975 23976 5ea903 Wow64DisableWow64FsRedirection 23973->23976 23974->23932 23977 5ea917 23975->23977 23976->23977 23977->23932 23979 4097c0 23978->23979 23980 5a346a GetFileAttributesW 23979->23980 23981 5a3475 23980->23981 23982 5ea928 23981->23982 23983 5ea92d Wow64RevertWow64FsRedirection 23982->23983 23984 5ea937 23982->23984 23983->23984 23984->23806 23985->23961 23986->23840 23998 5a7930 23987->23998 23989 5f43bb FileTimeToSystemTime 23989->23854 23999 5aa6b0 23990->23999 23994 409bef 23993->23994 23995 408894 12 API calls 23994->23995 23996 409c25 23995->23996 23996->23866 23997->23850 23998->23989 24006 40e4d0 23999->24006 24004 408730 12 API calls 24005 5aa6f4 24004->24005 24005->23866 24007 408730 12 API calls 24006->24007 24008 40e4f9 24007->24008 24021 40e573 24008->24021 24026 4092e8 12 API calls 24008->24026 24010 408730 12 API calls 24011 40e59d 24010->24011 24022 5aa5e4 24011->24022 24012 40e521 24027 40e3a0 WideCharToMultiByte 24012->24027 24014 40e548 24015 40e560 24014->24015 24016 40e54e 24014->24016 24018 408730 12 API calls 24015->24018 24028 4092e8 12 API calls 24016->24028 24019 40e55e 24018->24019 24020 408b88 12 API calls 24019->24020 24020->24021 24021->24010 24023 5aa5fb 24022->24023 24024 5aa63d 24022->24024 24023->24024 24029 5aa0b4 106 API calls 24023->24029 24024->24004 24026->24012 24027->24014 24028->24019 24029->24024 24030->23872 24031 637708 24032 637742 24031->24032 24039 63776d 24031->24039 24041 637550 24032->24041 24033 408aec 12 API calls 24036 6377a9 24033->24036 24038 40870c 12 API calls 24036->24038 24037 408aec 12 API calls 24037->24039 24040 6377be 24038->24040 24039->24033 24042 637580 24041->24042 24043 637615 24042->24043 24045 6375df 24042->24045 24044 40870c 12 API calls 24043->24044 24046 63761c 24044->24046 24054 5a2f64 24045->24054 24048 5f4988 112 API calls 24046->24048 24050 637613 24048->24050 24052 40876c 12 API calls 24050->24052 24053 637668 24052->24053 24053->24037 24055 5a2f6d 24054->24055 24056 5a2f94 GetFullPathNameW 24055->24056 24057 5a2fa0 24056->24057 24058 5a2fb7 24056->24058 24057->24058 24059 5a2fa8 24057->24059 24060 408aec 12 API calls 24058->24060 24061 408894 12 API calls 24059->24061 24062 5a2fb5 24060->24062 24061->24062 24063 5a3318 24062->24063 24064 5a3329 24063->24064 24065 5a336f 24064->24065 24066 5a3364 24064->24066 24068 409be4 12 API calls 24065->24068 24067 408aec 12 API calls 24066->24067 24069 5a336d 24067->24069 24068->24069 24069->24050 24070 642fef 24071 64300a 24070->24071 24072 5a5b74 12 API calls 24071->24072 24073 64304e 24072->24073 24074 5a5b74 12 API calls 24073->24074 24075 643067 24074->24075 24076 5a5b74 12 API calls 24075->24076 24077 643080 24076->24077 24078 5a5b74 12 API calls 24077->24078 24079 643099 24078->24079 24080 596428 14 API calls 24079->24080 24081 6430b1 24080->24081 24103 5a3418 24081->24103 24084 6430e3 24086 6430fc 24084->24086 24087 6430ec 24084->24087 24107 641d90 24086->24107 24262 641770 107 API calls 24087->24262 24089 6430de 24261 4265b0 76 API calls 24089->24261 24091 643101 24255 5f3b34 24091->24255 24093 6430f1 24093->24091 24094 6430f5 24093->24094 24263 641930 147 API calls 24094->24263 24097 6430fa 24097->24091 24100 643129 24101 40876c 12 API calls 24100->24101 24102 643143 24101->24102 24104 4097c0 24103->24104 24105 5a3422 GetFileAttributesW 24104->24105 24106 5a342d 24105->24106 24106->24084 24260 640df4 132 API calls 24106->24260 24108 641dc3 24107->24108 24109 641de1 24108->24109 24110 641dda 24108->24110 24112 641e1f 24109->24112 24265 5f3980 SendMessageW 24109->24265 24584 638ce4 6 API calls 24110->24584 24114 641e49 24112->24114 24115 641e3f 24112->24115 24116 641e4b 24112->24116 24117 5f4704 112 API calls 24114->24117 24278 5f44c4 24115->24278 24585 5f46a8 113 API calls 24116->24585 24120 641e96 24117->24120 24121 409a14 12 API calls 24120->24121 24122 641ea9 24121->24122 24123 5f4704 112 API calls 24122->24123 24124 641eb1 24123->24124 24125 409a14 12 API calls 24124->24125 24126 641ec4 24125->24126 24127 5f4704 112 API calls 24126->24127 24128 641ecc 24127->24128 24299 5a3a4c 13 API calls 24128->24299 24130 641ed4 24131 409a14 12 API calls 24130->24131 24132 641ee4 24131->24132 24133 5f4704 112 API calls 24132->24133 24134 641eec 24133->24134 24300 638e94 24134->24300 24138 641ef8 24327 610d9c 12 API calls 24138->24327 24140 641f09 24328 6139e4 13 API calls 24140->24328 24142 641f24 24329 5ab66c 12 API calls 24142->24329 24144 641f36 24145 408aec 12 API calls 24144->24145 24148 641f43 24145->24148 24146 641fcb 24330 6416bc 107 API calls 24146->24330 24150 641f87 24148->24150 24586 63977c 132 API calls 24148->24586 24149 641fe4 24331 611254 13 API calls 24149->24331 24150->24146 24588 63977c 132 API calls 24150->24588 24154 641f82 24587 4265b0 76 API calls 24154->24587 24155 642002 24158 642010 24155->24158 24590 5eb6a0 12 API calls 24155->24590 24156 641fc6 24589 4265b0 76 API calls 24156->24589 24159 642019 24158->24159 24160 64202b 24158->24160 24591 408bd0 12 API calls 24159->24591 24592 641d30 12 API calls 24160->24592 24165 642029 24332 639db0 24165->24332 24169 642066 24341 636f08 24169->24341 24172 64219c 24174 64222d 24172->24174 24499 62dfbc 24172->24499 24176 642267 24174->24176 24598 640df4 132 API calls 24174->24598 24175 64208a 24461 637240 24175->24461 24502 641530 113 API calls 24176->24502 24183 408aec 12 API calls 24187 64209f 24183->24187 24184 64225d 24184->24176 24599 4265b0 76 API calls 24184->24599 24185 5f4704 112 API calls 24188 642228 24185->24188 24189 408aec 12 API calls 24187->24189 24597 4265b0 76 API calls 24188->24597 24194 6420b2 24189->24194 24192 642270 24193 6422a3 24192->24193 24503 61129c 18 API calls 24192->24503 24600 640df4 132 API calls 24192->24600 24601 4265b0 76 API calls 24192->24601 24197 6422a5 Sleep 24193->24197 24198 6422c2 24193->24198 24195 408aec 12 API calls 24194->24195 24199 6420d4 24195->24199 24602 5968dc 162 API calls 24197->24602 24504 5ab66c 12 API calls 24198->24504 24202 408aec 12 API calls 24199->24202 24205 6420e1 24202->24205 24204 6422dc 24603 5a534c 16 API calls 24204->24603 24206 408aec 12 API calls 24205->24206 24208 6420ee 24206->24208 24210 408aec 12 API calls 24208->24210 24209 6422f1 24505 640c28 24209->24505 24213 6420fb 24210->24213 24594 641c78 105 API calls 24213->24594 24215 6422ff GetTickCount 24515 612070 24215->24515 24218 642111 24595 62d85c 16 API calls 24218->24595 24219 642323 24221 5f4988 112 API calls 24219->24221 24224 642349 24221->24224 24222 64211d 24596 62d954 105 API calls 24222->24596 24225 6423d8 24224->24225 24604 62dbb0 12 API calls 24224->24604 24226 5f4988 112 API calls 24225->24226 24228 64242a 24226->24228 24230 642462 24228->24230 24605 5968dc 162 API calls 24228->24605 24229 642389 24229->24225 24232 642393 24229->24232 24233 6423fd 24229->24233 24606 641530 113 API calls 24230->24606 24234 62dfbc 113 API calls 24232->24234 24235 5f4704 112 API calls 24233->24235 24238 6423c6 24234->24238 24235->24225 24236 64243f GetTickCount 24236->24230 24239 64244e MsgWaitForMultipleObjects 24236->24239 24238->24225 24243 5f4704 112 API calls 24238->24243 24239->24228 24240 642481 24241 642487 24240->24241 24242 6424c3 24240->24242 24244 6424c1 24241->24244 24607 640df4 132 API calls 24241->24607 24245 6424f3 24242->24245 24608 640df4 132 API calls 24242->24608 24243->24225 24609 641530 113 API calls 24244->24609 24245->24244 24247 5f4704 112 API calls 24245->24247 24247->24244 24250 642515 24251 6425b6 24250->24251 24610 62dd54 24250->24610 24613 5a53dc 15 API calls 24251->24613 24254 6425eb 24254->24091 24256 5f3b5f 24255->24256 24257 5f3b44 SendMessageW 24255->24257 24258 5f3b72 24256->24258 25472 46dcb4 GetWindowLongW DestroyWindow 24256->25472 24257->24256 24264 40856c 12 API calls 24258->24264 24260->24089 24262->24093 24263->24097 24264->24100 24266 5f39dc 24265->24266 24267 5f39a9 24265->24267 24614 46dc00 GetClassInfoW 24266->24614 24624 426618 105 API calls 24267->24624 24270 5f39d7 24625 407e08 12 API calls 24270->24625 24273 5f3a0a 24277 5f3a24 SendMessageW 24273->24277 24627 5a529c 17 API calls 24273->24627 24274 5f3a00 24626 5eb6a0 12 API calls 24274->24626 24277->24112 24279 5f44f9 24278->24279 24280 5f4617 24278->24280 24636 5a41a0 24279->24636 24282 40870c 12 API calls 24280->24282 24284 5f462c 24282->24284 24286 40876c 12 API calls 24284->24286 24285 5f439c 2 API calls 24287 5f4509 24285->24287 24288 5f4639 24286->24288 24289 421bbc 105 API calls 24287->24289 24288->24114 24294 5f4540 24289->24294 24290 421bbc 105 API calls 24290->24294 24291 409a14 12 API calls 24291->24294 24293 5aa11c 107 API calls 24293->24294 24294->24290 24294->24291 24294->24293 24295 5f45f3 24294->24295 24661 5a3450 24294->24661 24296 408aec 12 API calls 24295->24296 24297 5f4608 24296->24297 24664 5f43d4 24297->24664 24299->24130 24301 638f18 24300->24301 24302 638ebe 24300->24302 24303 5f4988 112 API calls 24301->24303 24693 4207a0 12 API calls 24302->24693 24305 638f7f 24303->24305 24308 5f4988 112 API calls 24305->24308 24306 638ed4 24307 409a14 12 API calls 24306->24307 24310 638ee4 24307->24310 24309 638fa5 24308->24309 24311 5f4988 112 API calls 24309->24311 24310->24301 24694 4207a0 12 API calls 24310->24694 24313 638fcb 24311->24313 24315 638fe7 24313->24315 24318 638fe9 24313->24318 24319 638fdd 24313->24319 24314 638f08 24695 409a9c 24314->24695 24317 40876c 12 API calls 24315->24317 24322 639022 24317->24322 24320 638ff2 24318->24320 24321 638ffe 24318->24321 24323 5f4704 112 API calls 24319->24323 24324 5f4704 112 API calls 24320->24324 24325 5f4704 112 API calls 24321->24325 24326 6416bc 107 API calls 24322->24326 24323->24315 24324->24315 24325->24315 24326->24138 24327->24140 24328->24142 24329->24144 24330->24149 24331->24155 24333 5f4988 112 API calls 24332->24333 24334 639df0 24333->24334 24701 5eb900 24334->24701 24337 5f4988 112 API calls 24338 639e28 24337->24338 24339 40870c 12 API calls 24338->24339 24340 639e3d 24339->24340 24340->24169 24593 5eb6a0 12 API calls 24340->24593 24342 636f10 24341->24342 24342->24342 24730 5ebe94 24342->24730 24345 408aec 12 API calls 24346 636f3c 24345->24346 24347 409a14 12 API calls 24346->24347 24348 636f4f 24347->24348 24349 5f4704 112 API calls 24348->24349 24350 636f57 24349->24350 24351 636f6b 24350->24351 24761 5f3e10 50 API calls 24350->24761 24353 5a2b40 12 API calls 24351->24353 24354 636f78 24353->24354 24355 409a14 12 API calls 24354->24355 24356 636f88 24355->24356 24357 636f92 CreateDirectoryW 24356->24357 24358 637001 24357->24358 24359 636f9c GetLastError 24357->24359 24749 60d9c0 24358->24749 24762 5ab66c 12 API calls 24359->24762 24362 637009 24364 637032 24362->24364 24368 409a14 12 API calls 24362->24368 24363 636fb4 24763 4207c8 12 API calls 24363->24763 24367 40876c 12 API calls 24364->24367 24366 636fc8 24369 5a5138 13 API calls 24366->24369 24370 63704c 24367->24370 24371 63701f 24368->24371 24372 636fd8 24369->24372 24373 40876c 12 API calls 24370->24373 24756 636eb0 24371->24756 24764 5ab63c 12 API calls 24372->24764 24376 637059 24373->24376 24376->24172 24383 6368cc 24376->24383 24377 63702a 24378 60da18 12 API calls 24377->24378 24378->24364 24379 636fed 24765 4265dc 12 API calls 24379->24765 24381 636ffc 24766 407e08 12 API calls 24381->24766 24384 6368d4 24383->24384 24384->24384 24385 5a3fec GetWindowsDirectoryW 24384->24385 24386 6368f1 24385->24386 24387 408aec 12 API calls 24386->24387 24388 6368fe 24387->24388 24888 5a4018 GetSystemDirectoryW 24388->24888 24390 636906 24391 408aec 12 API calls 24390->24391 24392 636913 24391->24392 24890 5a4044 24392->24890 24394 63691b 24395 408aec 12 API calls 24394->24395 24396 636928 24395->24396 24895 5a40ec 24396->24895 24399 408aec 12 API calls 24400 636944 24399->24400 24401 4272ec 48 API calls 24400->24401 24402 636949 24401->24402 24403 63696a 24402->24403 24404 63694e 24402->24404 24406 40870c 12 API calls 24403->24406 24405 5a3918 13 API calls 24404->24405 24407 63695b 24405->24407 24408 636968 24406->24408 24409 408aec 12 API calls 24407->24409 24410 6369af 24408->24410 24931 5a303c 12 API calls 24408->24931 24409->24408 24911 636760 24410->24911 24413 63698a 24415 408aec 12 API calls 24413->24415 24417 636997 24415->24417 24416 408aec 12 API calls 24418 6369cb 24416->24418 24417->24410 24420 408aec 12 API calls 24417->24420 24419 6369e9 24418->24419 24421 409a14 12 API calls 24418->24421 24422 636760 16 API calls 24419->24422 24420->24410 24421->24419 24423 6369f8 24422->24423 24424 408aec 12 API calls 24423->24424 24425 636a05 24424->24425 24426 5a2b40 12 API calls 24425->24426 24427 636a2d 24425->24427 24428 636a1b 24426->24428 24430 636760 16 API calls 24427->24430 24439 636a94 24427->24439 24433 409a14 12 API calls 24428->24433 24429 636b5a 24431 636b63 24429->24431 24432 636b84 24429->24432 24434 636a45 24430->24434 24435 5a2b40 12 API calls 24431->24435 24436 5a2b40 12 API calls 24432->24436 24433->24427 24437 408aec 12 API calls 24434->24437 24438 636b70 24435->24438 24440 636b91 24436->24440 24441 636a52 24437->24441 24442 409a14 12 API calls 24438->24442 24439->24429 24443 636b07 24439->24443 24444 636ace 24439->24444 24445 409a14 12 API calls 24440->24445 24446 636a65 24441->24446 24932 5eb6a0 12 API calls 24441->24932 24447 636b82 24442->24447 24443->24429 24453 636b21 24443->24453 24451 636ae9 CoTaskMemFree 24444->24451 24445->24447 24449 636760 16 API calls 24446->24449 24922 636810 24447->24922 24450 636a74 24449->24450 24454 408aec 12 API calls 24450->24454 24451->24175 24459 636b3c CoTaskMemFree 24453->24459 24457 636a81 24454->24457 24456 40876c 12 API calls 24458 636bc2 24456->24458 24457->24439 24933 5eb6a0 12 API calls 24457->24933 24458->24175 24459->24175 24462 637248 24461->24462 24462->24462 24463 5a4018 GetSystemDirectoryW 24462->24463 24464 637267 24463->24464 24465 5a2b40 12 API calls 24464->24465 24466 637272 24465->24466 24467 409a14 12 API calls 24466->24467 24468 637282 24467->24468 24977 5ea458 24468->24977 24471 6372f2 24473 5a4018 GetSystemDirectoryW 24471->24473 24472 5a2b40 12 API calls 24474 6372d5 24472->24474 24475 6372fa 24473->24475 24476 409a14 12 API calls 24474->24476 24477 5a2b40 12 API calls 24475->24477 24478 6372e5 24476->24478 24479 637305 24477->24479 24480 636eb0 117 API calls 24478->24480 24481 4099bc 12 API calls 24479->24481 24480->24471 24482 637312 24481->24482 24980 42858c SetErrorMode 24482->24980 24484 63731f 24485 42858c 2 API calls 24484->24485 24486 63732c 24485->24486 24487 63735f 24486->24487 24488 421bbc 105 API calls 24486->24488 24489 412174 14 API calls 24487->24489 24490 637357 24488->24490 24491 63736f 24489->24491 24983 5eb6a0 12 API calls 24490->24983 24493 637385 24491->24493 24984 5eb6a0 12 API calls 24491->24984 24495 40876c 12 API calls 24493->24495 24496 63739f 24495->24496 24497 40870c 12 API calls 24496->24497 24498 6373a7 24497->24498 24498->24183 25001 62dd70 24499->25001 24501 62dfda 24501->24174 24501->24185 24502->24192 24503->24192 24504->24204 25081 6062d8 24505->25081 24509 640c6e 24510 62dd54 113 API calls 24509->24510 24511 640ca7 24509->24511 24510->24511 24512 640cdf 24511->24512 25106 591c58 111 API calls 24511->25106 24514 641530 113 API calls 24512->24514 24514->24215 24516 612079 24515->24516 24517 5f4704 112 API calls 24516->24517 24518 6120bb 24517->24518 24519 5a4018 GetSystemDirectoryW 24518->24519 24520 6120c6 24519->24520 25360 4216e4 24520->25360 24522 612ce9 24525 612cff 24522->24525 24526 612cef SHChangeNotify 24522->24526 24529 612d0d 24525->24529 25431 5ee8fc SendMessageTimeoutW 24525->25431 24526->24525 24579 612d1c 24529->24579 25432 611f88 136 API calls 24529->25432 24531 421bbc 105 API calls 24565 612769 24531->24565 24532 409a14 12 API calls 24532->24565 24537 5ab66c 12 API calls 24537->24565 24538 5a45d0 RegOpenKeyExW 24538->24565 24540 5ec628 26 API calls 24540->24565 24542 4265dc 12 API calls 24542->24565 24545 612b0f RegSetValueExW 24549 612b32 RegCloseKey 24545->24549 24545->24565 24547 408b34 12 API calls 24547->24565 24548 61269e 24554 5f4988 112 API calls 24548->24554 25417 5ee62c 53 API calls 24548->25417 24549->24565 24553 612534 24553->24548 24553->24565 25412 61201c 13 API calls 24553->25412 25413 611874 122 API calls 24553->25413 25414 5eaf6c GetFileAttributesW Wow64DisableWow64FsRedirection SetLastError Wow64RevertWow64FsRedirection GetLastError 24553->25414 25415 61197c 188 API calls 24553->25415 25416 611c0c 143 API calls 24553->25416 25418 611e20 128 API calls 24553->25418 25419 611014 12 API calls 24553->25419 24554->24548 24556 407e08 12 API calls 24556->24565 24557 6128f4 SHChangeNotify 25421 5a3014 12 API calls 24557->25421 24559 5eeca0 12 API calls 24559->24579 24562 612c03 RegCloseKey 24562->24565 24563 612beb RegDeleteValueW 24563->24562 24566 612bd9 24563->24566 24565->24522 24565->24531 24565->24532 24565->24537 24565->24538 24565->24540 24565->24542 24565->24545 24565->24547 24565->24549 24565->24556 24565->24557 24565->24566 24577 611310 142 API calls 24565->24577 25420 61201c 13 API calls 24565->25420 25422 5eec1c 12 API calls 24565->25422 25423 611874 122 API calls 24565->25423 25424 5a3890 WritePrivateProfileStringW WriteProfileStringW 24565->25424 25425 5a3734 GetPrivateProfileStringW GetProfileStringW 24565->25425 25426 5a38dc WritePrivateProfileStringW WriteProfileStringW 24565->25426 25427 5a4690 55 API calls 24565->25427 25428 5a4814 19 API calls 24565->25428 25430 611014 12 API calls 24565->25430 24566->24562 24566->24563 25429 5a4510 50 API calls 24566->25429 24567 409a14 12 API calls 24575 6120d1 24567->24575 24568 5a343c 13 API calls 24568->24579 24572 5a3450 13 API calls 24572->24575 24574 612da0 24574->24219 24575->24553 24575->24567 24575->24572 24576 6123e7 24575->24576 24578 5f4704 112 API calls 24575->24578 24580 5f4988 112 API calls 24575->24580 25363 61201c 13 API calls 24575->25363 25364 5ed658 24575->25364 25408 5eaf6c GetFileAttributesW Wow64DisableWow64FsRedirection SetLastError Wow64RevertWow64FsRedirection GetLastError 24575->25408 25410 5eebc8 12 API calls 24575->25410 25411 611014 12 API calls 24575->25411 24576->24575 24582 5f4988 112 API calls 24576->24582 25409 5ed924 19 API calls 24576->25409 24577->24565 24578->24575 24579->24559 24579->24568 24579->24574 24581 612d8c SHChangeNotify 24579->24581 24580->24575 24581->24579 24582->24576 24584->24109 24585->24114 24586->24154 24588->24156 24590->24158 24591->24165 24592->24165 24593->24169 24594->24218 24595->24222 24596->24172 24598->24184 24600->24192 24602->24193 24603->24209 24604->24229 24605->24236 24606->24240 24607->24244 24608->24245 24609->24250 25453 62dc10 24610->25453 24612 62dd68 24612->24251 24613->24254 24615 46dc30 24614->24615 24616 46dc59 24615->24616 24617 46dc3e UnregisterClassW 24615->24617 24618 46dc4f RegisterClassW 24615->24618 24628 412e9c 24616->24628 24617->24618 24618->24616 24620 46dc87 24621 46dca4 24620->24621 24632 46da64 24620->24632 24621->24273 24621->24274 24623 46dc9b SetWindowLongW 24623->24621 24624->24270 24626->24273 24627->24273 24635 405988 24628->24635 24630 412eaf CreateWindowExW 24631 412ee9 24630->24631 24631->24620 24633 46da74 VirtualAlloc 24632->24633 24634 46daa2 24632->24634 24633->24634 24634->24623 24635->24630 24668 5a3918 24636->24668 24639 5a41d0 24641 5a3918 13 API calls 24639->24641 24643 5a421d 24639->24643 24642 5a41e0 24641->24642 24644 5a41ec 24642->24644 24646 5a343c 13 API calls 24642->24646 24645 5a2f64 13 API calls 24643->24645 24644->24643 24679 4272ec 24644->24679 24648 5a4227 24645->24648 24646->24644 24649 5a2b40 12 API calls 24648->24649 24653 5a4232 24649->24653 24651 5a4212 24651->24643 24683 5a3fec GetWindowsDirectoryW 24651->24683 24655 408aec 12 API calls 24653->24655 24654 5a3918 13 API calls 24656 5a4206 24654->24656 24657 5a423c 24655->24657 24656->24651 24658 5a343c 13 API calls 24656->24658 24659 40876c 12 API calls 24657->24659 24658->24651 24660 5a4256 24659->24660 24660->24285 24662 5a33c4 13 API calls 24661->24662 24663 5a345a 24662->24663 24663->24294 24665 5f43f2 24664->24665 24666 5f4988 112 API calls 24665->24666 24667 5f4463 24666->24667 24667->24280 24669 40993c 12 API calls 24668->24669 24671 5a392b 24669->24671 24670 5a3946 GetEnvironmentVariableW 24670->24671 24672 5a3952 24670->24672 24671->24670 24675 5a3959 24671->24675 24685 5a4388 12 API calls 24671->24685 24673 40870c 12 API calls 24672->24673 24673->24675 24675->24639 24676 5a343c 24675->24676 24686 5a33c4 24676->24686 24680 4272f5 24679->24680 24681 4272fa 24679->24681 24692 42729c 48 API calls 24680->24692 24681->24651 24681->24654 24684 5a400d 24683->24684 24684->24643 24685->24671 24687 5a3318 12 API calls 24686->24687 24688 5a33e4 24687->24688 24689 5a33ec GetFileAttributesW 24688->24689 24690 40870c 12 API calls 24689->24690 24691 5a3409 24690->24691 24691->24639 24692->24681 24693->24306 24694->24314 24696 409ab2 24695->24696 24697 409b37 24696->24697 24698 40993c 12 API calls 24696->24698 24699 409aed 24696->24699 24697->24697 24698->24699 24699->24697 24700 408aec 12 API calls 24699->24700 24700->24697 24702 5eb926 24701->24702 24703 5eb912 24701->24703 24706 5eb92d 24702->24706 24707 5eb989 24702->24707 24704 5eb97b 24703->24704 24705 5eb914 24703->24705 24712 408aec 12 API calls 24704->24712 24708 5eb91b 24705->24708 24709 5eb943 24705->24709 24710 5eb997 24706->24710 24711 5eb930 24706->24711 24713 408aec 12 API calls 24707->24713 24714 5eb91e 24708->24714 24715 5eb951 24708->24715 24717 408aec 12 API calls 24709->24717 24718 408aec 12 API calls 24710->24718 24716 5eb937 24711->24716 24727 5eb924 24711->24727 24723 5eb941 24712->24723 24713->24723 24720 5eb95f 24714->24720 24721 5eb921 24714->24721 24724 408aec 12 API calls 24715->24724 24729 5eb6a0 12 API calls 24716->24729 24717->24723 24718->24723 24719 421bbc 105 API calls 24719->24723 24725 408aec 12 API calls 24720->24725 24726 5eb96d 24721->24726 24721->24727 24723->24337 24724->24723 24725->24723 24728 408aec 12 API calls 24726->24728 24727->24719 24728->24723 24729->24723 24746 5ebe9c 24730->24746 24731 5a41a0 52 API calls 24731->24746 24733 5ebedb CreateDirectoryW 24734 5ebf57 24733->24734 24735 5ebee5 GetLastError 24733->24735 24736 408aec 12 API calls 24734->24736 24735->24746 24737 5ebf61 24736->24737 24739 40876c 12 API calls 24737->24739 24740 5ebf7b 24739->24740 24742 40876c 12 API calls 24740->24742 24743 5ebf88 24742->24743 24743->24345 24744 5a5138 13 API calls 24744->24746 24746->24731 24746->24733 24746->24744 24767 5ebbfc 24746->24767 24787 5ab66c 12 API calls 24746->24787 24788 4207c8 12 API calls 24746->24788 24789 5ab63c 12 API calls 24746->24789 24790 4265dc 12 API calls 24746->24790 24791 407e08 12 API calls 24746->24791 24750 60d9dd 24749->24750 24751 60d9cf 24749->24751 24753 40870c 12 API calls 24750->24753 24752 408aec 12 API calls 24751->24752 24754 60d9db 24752->24754 24755 60d9e4 24753->24755 24754->24362 24755->24362 24818 45f9b4 24756->24818 24758 636ecc 24822 636dc8 24758->24822 24760 636ee7 24760->24377 24761->24351 24762->24363 24763->24366 24764->24379 24765->24381 24768 5ebc20 24767->24768 24769 5a2b40 12 API calls 24768->24769 24770 5ebc39 24769->24770 24771 408b34 12 API calls 24770->24771 24778 5ebc44 24771->24778 24773 5a3318 12 API calls 24773->24778 24774 409a9c 12 API calls 24774->24778 24778->24773 24778->24774 24779 5ebcc0 24778->24779 24792 5ebb84 24778->24792 24800 5eabb8 24778->24800 24808 5ab66c 12 API calls 24778->24808 24809 4265dc 12 API calls 24778->24809 24810 407e08 12 API calls 24778->24810 24781 408aec 12 API calls 24779->24781 24782 5ebccb 24781->24782 24783 40876c 12 API calls 24782->24783 24784 5ebce5 24783->24784 24785 40876c 12 API calls 24784->24785 24786 5ebcf2 24785->24786 24786->24746 24787->24746 24788->24746 24789->24746 24790->24746 24793 40870c 12 API calls 24792->24793 24794 5ebba5 24793->24794 24797 5ebbd6 24794->24797 24811 4097e8 24794->24811 24814 409c88 24794->24814 24798 40870c 12 API calls 24797->24798 24799 5ebbeb 24798->24799 24799->24778 24801 5ea8ec 2 API calls 24800->24801 24802 5eabce 24801->24802 24803 5eabd2 24802->24803 24804 5a3450 13 API calls 24802->24804 24803->24778 24805 5eabed GetLastError 24804->24805 24806 5ea928 Wow64RevertWow64FsRedirection 24805->24806 24807 5eac0d 24806->24807 24807->24778 24808->24778 24809->24778 24812 408894 12 API calls 24811->24812 24813 4097f5 24812->24813 24813->24794 24815 409c9d 24814->24815 24816 40993c 12 API calls 24815->24816 24817 409cf2 24815->24817 24816->24817 24817->24794 24819 45f9be 24818->24819 24829 45faac FindResourceW 24819->24829 24821 45f9ee 24821->24758 24841 45f484 24822->24841 24824 636dfd 24825 40876c 12 API calls 24824->24825 24826 636e97 24825->24826 24827 40870c 12 API calls 24826->24827 24828 636e9f 24827->24828 24828->24760 24830 45fad1 24829->24830 24831 45fad8 LoadResource 24829->24831 24839 45fa0c 105 API calls 24830->24839 24833 45faf2 SizeofResource LockResource 24831->24833 24834 45faeb 24831->24834 24837 45fb10 24833->24837 24840 45fa0c 105 API calls 24834->24840 24835 45fad7 24835->24831 24837->24821 24838 45faf1 24838->24833 24839->24835 24840->24838 24844 45f14c 24841->24844 24843 45f49e 24843->24824 24845 45f155 24844->24845 24848 45f190 24845->24848 24847 45f171 24847->24843 24849 45f1ab 24848->24849 24850 45f256 24849->24850 24851 45f1d8 24849->24851 24883 420e40 CreateFileW 24850->24883 24875 420e98 24851->24875 24854 45f260 24855 45f254 24854->24855 24884 421294 14 API calls 24854->24884 24858 408aec 12 API calls 24855->24858 24857 45f1f5 24857->24855 24879 421294 14 API calls 24857->24879 24861 45f2c5 24858->24861 24859 45f27b GetLastError 24885 425328 14 API calls 24859->24885 24864 40876c 12 API calls 24861->24864 24863 45f214 GetLastError 24880 425328 14 API calls 24863->24880 24867 45f2df 24864->24867 24865 45f294 24886 4266d4 105 API calls 24865->24886 24867->24847 24869 45f22d 24881 4266d4 105 API calls 24869->24881 24870 45f2b6 24887 407e08 12 API calls 24870->24887 24873 45f24f 24882 407e08 12 API calls 24873->24882 24876 420ee6 24875->24876 24877 420eae 24875->24877 24876->24857 24878 420ee0 CreateFileW 24877->24878 24878->24876 24879->24863 24880->24869 24881->24873 24883->24854 24884->24859 24885->24865 24886->24870 24889 5a4039 24888->24889 24889->24390 24891 40870c 12 API calls 24890->24891 24892 5a4054 GetModuleHandleW 24891->24892 24893 412174 14 API calls 24892->24893 24894 5a4069 24893->24894 24894->24394 24896 5a410b GetVersion 24895->24896 24897 5a4147 24895->24897 24896->24897 24899 5a411b 24896->24899 24898 40870c 12 API calls 24897->24898 24901 5a414e 24898->24901 24900 5a4018 GetSystemDirectoryW 24899->24900 24902 5a4123 24900->24902 24903 40876c 12 API calls 24901->24903 24904 5a2b40 12 API calls 24902->24904 24905 5a4168 24903->24905 24906 5a412e 24904->24906 24905->24399 24934 4099bc 24906->24934 24908 5a413b 24909 5a2f64 13 API calls 24908->24909 24910 5a4145 24909->24910 24910->24901 24947 5a45d0 24911->24947 24913 636786 24914 63678a 24913->24914 24915 6367ac 24913->24915 24950 5a44f8 24914->24950 24916 40870c 12 API calls 24915->24916 24918 6367b3 24916->24918 24918->24416 24920 6367a1 RegCloseKey 24920->24918 24921 40870c 12 API calls 24921->24920 24923 63681e 24922->24923 24924 5a45d0 RegOpenKeyExW 24923->24924 24925 636846 24924->24925 24926 636877 24925->24926 24927 5a44f8 14 API calls 24925->24927 24926->24456 24928 63685c 24927->24928 24929 5a44f8 14 API calls 24928->24929 24930 63686e RegCloseKey 24929->24930 24930->24926 24931->24413 24932->24446 24933->24439 24935 409a0b 24934->24935 24936 4099c0 24934->24936 24935->24908 24937 4099ca 24936->24937 24943 408aec 24936->24943 24937->24935 24938 409a00 24937->24938 24939 4099e5 24937->24939 24942 40993c 12 API calls 24938->24942 24941 40993c 12 API calls 24939->24941 24940 408b30 24940->24908 24945 4099ea 24941->24945 24942->24945 24943->24940 24946 4054ac 12 API calls 24943->24946 24945->24908 24946->24940 24948 5a45db 24947->24948 24949 5a45e1 RegOpenKeyExW 24947->24949 24948->24949 24949->24913 24953 5a43b0 24950->24953 24954 5a43d6 RegQueryValueExW 24953->24954 24955 5a441b 24954->24955 24962 5a43f9 24954->24962 24956 40870c 12 API calls 24955->24956 24958 5a44e5 24956->24958 24957 5a4413 24959 40870c 12 API calls 24957->24959 24958->24920 24958->24921 24959->24955 24961 408894 12 API calls 24961->24962 24962->24955 24962->24957 24962->24961 24971 408cb8 24962->24971 24975 4265d0 12 API calls 24962->24975 24965 5a446a 24965->24955 24966 40993c 12 API calls 24965->24966 24967 5a44aa 24966->24967 24968 5a44bc 24967->24968 24970 408cb8 12 API calls 24967->24970 24969 408aec 12 API calls 24968->24969 24969->24955 24970->24968 24973 408c30 24971->24973 24972 408c6b RegQueryValueExW 24972->24954 24972->24965 24973->24972 24976 4054ac 12 API calls 24973->24976 24975->24962 24976->24972 24985 5ea394 24977->24985 24979 5ea465 24979->24471 24979->24472 24981 4097c0 24980->24981 24982 4285c4 LoadLibraryW 24981->24982 24982->24484 24983->24487 24984->24493 24986 4097c0 24985->24986 24987 5ea3b1 GetFileVersionInfoSizeW 24986->24987 24988 5ea3bf 24987->24988 24989 5ea432 24987->24989 24991 5ea3c6 GetFileVersionInfoW 24988->24991 24990 4272ec 48 API calls 24989->24990 24992 5ea437 24990->24992 24993 5ea3ea VerQueryValueW 24991->24993 24994 5ea404 24991->24994 24997 5ea444 24992->24997 25000 5ea1b8 108 API calls 24992->25000 24993->24994 24999 4054ac 12 API calls 24994->24999 24997->24979 24998 5ea42a 24998->24979 24999->24998 25000->24997 25002 62dd8b 25001->25002 25021 62da00 25002->25021 25005 62ddb6 25007 62ddd7 25005->25007 25053 62ccd0 12 API calls 25005->25053 25006 62decb 25010 62ded8 25006->25010 25056 62cce8 105 API calls 25006->25056 25033 6077d4 25007->25033 25010->24501 25012 62dde6 25012->25010 25040 62cf78 25012->25040 25016 62de40 25054 62cd7c 105 API calls 25016->25054 25019 62de71 25055 5bc42c 113 API calls 25019->25055 25020 62deb5 25020->24501 25057 5c917c 25021->25057 25023 62db60 25024 62db77 25023->25024 25026 5b58e8 12 API calls 25023->25026 25025 40876c 12 API calls 25024->25025 25027 62db94 25025->25027 25026->25024 25028 408730 12 API calls 25027->25028 25029 62db9c 25028->25029 25029->25005 25029->25006 25031 62da3c 25031->25023 25062 5d3a7c 12 API calls 25031->25062 25063 5b58e8 25031->25063 25073 5c93fc 25033->25073 25035 6077e3 25036 5c93fc 12 API calls 25035->25036 25037 607805 25036->25037 25038 5c93fc 12 API calls 25037->25038 25039 607827 25038->25039 25039->25012 25041 62d0cf 25040->25041 25045 62cf92 25040->25045 25049 62d144 25041->25049 25044 5b58e8 12 API calls 25044->25045 25045->25041 25045->25044 25046 408aec 12 API calls 25045->25046 25047 408b88 12 API calls 25045->25047 25078 4086ec SysAllocStringLen SysFreeString SysReAllocStringLen 25045->25078 25079 4265dc 12 API calls 25045->25079 25080 407e08 12 API calls 25045->25080 25046->25045 25047->25045 25050 62d161 25049->25050 25051 5b58e8 12 API calls 25050->25051 25052 62d171 25051->25052 25052->25016 25053->25007 25054->25019 25055->25020 25056->25010 25067 5b5b74 25057->25067 25059 5c91a7 25060 408730 12 API calls 25059->25060 25061 5c922d 25060->25061 25061->25031 25062->25031 25064 5b58f6 25063->25064 25065 5b5934 25064->25065 25072 5b5874 12 API calls 25064->25072 25065->25031 25068 408b88 12 API calls 25067->25068 25070 5b5b84 25068->25070 25069 5b5bbe 25069->25059 25070->25069 25071 408cc0 12 API calls 25070->25071 25071->25070 25072->25065 25074 5b5b74 12 API calls 25073->25074 25075 5c9426 25074->25075 25076 408730 12 API calls 25075->25076 25077 5c9478 25076->25077 25077->25035 25078->25045 25079->25045 25082 6062e9 25081->25082 25107 5ae94c 25082->25107 25084 60630d 25111 5aed7c 25084->25111 25086 606320 25125 4d104c 119 API calls 25086->25125 25088 606345 25126 4f06c4 25088->25126 25090 60635c 25131 4d5ca4 114 API calls 25090->25131 25092 60636c 25132 4d1820 25092->25132 25094 606379 25136 4d5ca4 114 API calls 25094->25136 25096 6063df 25097 606420 25096->25097 25099 409a9c 12 API calls 25096->25099 25098 4f06c4 12 API calls 25097->25098 25100 606441 25098->25100 25101 606412 25099->25101 25103 40870c 12 API calls 25100->25103 25102 4f06c4 12 API calls 25101->25102 25102->25097 25104 606456 25103->25104 25105 6064c8 12 API calls 25104->25105 25105->24509 25106->24512 25108 5ae955 25107->25108 25137 58b834 25108->25137 25110 5ae987 25110->25084 25314 5ac498 25111->25314 25115 5aedc6 25116 5aeebd 25115->25116 25345 5af3cc 105 API calls 25115->25345 25116->25086 25118 5aedf0 25346 5ae864 105 API calls 25118->25346 25120 5aee0c 25347 5ac6fc 109 API calls 25120->25347 25122 5aee2e MulDiv MulDiv 25124 5aee86 25122->25124 25124->25086 25125->25088 25358 4f0670 12 API calls 25126->25358 25128 4f06e7 25129 40870c 12 API calls 25128->25129 25130 4f0718 25129->25130 25130->25090 25131->25092 25133 4d1831 25132->25133 25134 4d1869 25133->25134 25359 4d179c 119 API calls 25133->25359 25134->25094 25136->25096 25138 58b848 25137->25138 25152 58ae68 25138->25152 25140 58b987 25140->25110 25141 58b86e 25141->25140 25156 45a198 25141->25156 25144 58b949 25144->25110 25146 58b918 25169 40e810 76 API calls 25146->25169 25148 58b935 25170 426618 105 API calls 25148->25170 25150 58b944 25171 407e08 12 API calls 25150->25171 25153 58ae71 25152->25153 25172 4f37fc 25153->25172 25155 58ae87 25155->25141 25157 45a1ae 25156->25157 25158 45a1e3 25157->25158 25221 45a000 105 API calls 25157->25221 25207 45a10c 25158->25207 25161 45a1fe 25164 45a21b 25161->25164 25222 45a064 76 API calls 25161->25222 25163 45a233 25163->25144 25166 4068c8 25163->25166 25164->25163 25223 45a09c 76 API calls 25164->25223 25294 40e7c4 25166->25294 25169->25148 25170->25150 25173 4f3806 25172->25173 25182 4ef0d0 25173->25182 25175 4f381c 25176 46da64 VirtualAlloc 25175->25176 25177 4f3827 25176->25177 25188 4d165c 25177->25188 25179 4f3839 25180 4d1820 119 API calls 25179->25180 25181 4f384b 25180->25181 25181->25155 25183 4ef0da 25182->25183 25192 46b49c 25183->25192 25185 4ef0f0 25196 4d09f4 25185->25196 25187 4ef112 25187->25175 25189 4d1662 25188->25189 25190 4d0124 113 API calls 25189->25190 25191 4d1686 25190->25191 25191->25179 25193 46b4a3 25192->25193 25194 46b4c8 25193->25194 25200 46b7dc 109 API calls 25193->25200 25194->25185 25197 4d09fa 25196->25197 25201 4d0124 25197->25201 25199 4d0a25 25199->25187 25200->25194 25202 4d00b0 25201->25202 25203 4d0140 EnterCriticalSection 25202->25203 25204 46adf8 111 API calls 25203->25204 25206 4d0167 25204->25206 25205 4d01fa LeaveCriticalSection 25205->25199 25206->25205 25208 45a170 25207->25208 25209 45a12d 25207->25209 25210 40870c 12 API calls 25208->25210 25209->25208 25212 45a10c 114 API calls 25209->25212 25211 45a187 25210->25211 25211->25161 25213 45a145 25212->25213 25214 4068c8 13 API calls 25213->25214 25215 45a152 25214->25215 25224 40bca8 25215->25224 25219 45a162 25232 458904 25219->25232 25221->25158 25222->25164 25223->25163 25240 40bc80 VirtualQuery 25224->25240 25227 40bcf8 25228 40bd25 25227->25228 25229 40bd06 25227->25229 25228->25219 25229->25228 25242 40bcb0 25229->25242 25233 458915 25232->25233 25234 458924 FindResourceW 25233->25234 25235 458934 25234->25235 25236 458960 25234->25236 25237 45f9b4 109 API calls 25235->25237 25236->25208 25238 458945 25237->25238 25256 45efa0 25238->25256 25241 40bc9a 25240->25241 25241->25227 25243 40bcc0 GetModuleFileNameW 25242->25243 25244 40bcdc 25242->25244 25246 40cf3c GetModuleFileNameW 25243->25246 25244->25219 25247 40cf8a 25246->25247 25248 40ce18 72 API calls 25247->25248 25249 40cfb6 25248->25249 25250 40cfd0 25249->25250 25251 40cfc8 LoadLibraryExW 25249->25251 25252 40876c 12 API calls 25250->25252 25251->25250 25253 40cfed 25252->25253 25254 40870c 12 API calls 25253->25254 25255 40cff5 25254->25255 25255->25244 25261 45fb80 25256->25261 25258 45efbc 25265 463bcc 25258->25265 25260 45efd7 25260->25236 25262 45fb8b 25261->25262 25263 40b8d8 59 API calls 25262->25263 25264 45fbc0 25263->25264 25264->25258 25266 463fe0 76 API calls 25265->25266 25267 463c05 25266->25267 25268 463c44 25267->25268 25269 463c79 25267->25269 25271 464004 107 API calls 25268->25271 25270 464004 107 API calls 25269->25270 25272 463c8a 25270->25272 25273 463c4f 25271->25273 25274 463c93 25272->25274 25275 463ca0 25272->25275 25276 455634 105 API calls 25273->25276 25277 464004 107 API calls 25274->25277 25278 464004 107 API calls 25275->25278 25279 463c57 25276->25279 25284 463c6c 25277->25284 25280 463cbb 25278->25280 25282 464004 107 API calls 25279->25282 25281 463b64 105 API calls 25280->25281 25281->25284 25282->25284 25283 455340 105 API calls 25285 463cf1 25283->25285 25284->25283 25286 40ea80 12 API calls 25285->25286 25287 463d16 25286->25287 25288 470290 12 API calls 25287->25288 25289 463d25 25287->25289 25288->25289 25290 4b6ce4 59 API calls 25289->25290 25292 463d8e 25289->25292 25290->25292 25291 463e0c 25291->25260 25292->25291 25293 4b678c 76 API calls 25292->25293 25293->25292 25297 40e734 25294->25297 25298 40870c 12 API calls 25297->25298 25299 40e755 25298->25299 25300 40e7a0 25299->25300 25301 40993c 12 API calls 25299->25301 25302 40870c 12 API calls 25300->25302 25304 40e767 25301->25304 25303 4068da 25302->25303 25303->25146 25313 40e440 MultiByteToWideChar 25304->25313 25306 40e77b 25307 40e781 25306->25307 25308 40e78e 25306->25308 25309 40993c 12 API calls 25307->25309 25310 40870c 12 API calls 25308->25310 25311 40e78c 25309->25311 25310->25311 25312 408aec 12 API calls 25311->25312 25312->25300 25313->25306 25315 5ac51c 25314->25315 25316 5ac4c6 25314->25316 25354 5a4f74 15 API calls 25315->25354 25317 5a4b48 3 API calls 25316->25317 25319 5ac4cd 25317->25319 25321 5ac4d1 25319->25321 25325 5ac4f1 25319->25325 25320 5ac524 25355 4d0fa8 120 API calls 25320->25355 25348 4d0fa8 120 API calls 25321->25348 25324 5ac52e 25356 5ac480 MulDiv 25324->25356 25325->25315 25328 5a4b48 3 API calls 25325->25328 25326 5ac4da 25349 5ac480 MulDiv 25326->25349 25331 5ac4fc 25328->25331 25330 5ac536 25357 4d0ee8 119 API calls 25330->25357 25331->25315 25332 5ac500 25331->25332 25351 4d0fa8 120 API calls 25332->25351 25333 5ac4e2 25350 4d0ee8 119 API calls 25333->25350 25337 5ac4eb 25338 40870c 12 API calls 25337->25338 25340 5ac554 25338->25340 25339 5ac509 25352 5ac480 MulDiv 25339->25352 25344 5ac56c 20 API calls 25340->25344 25342 5ac511 25353 4d0ee8 119 API calls 25342->25353 25344->25115 25345->25118 25346->25120 25347->25122 25348->25326 25349->25333 25350->25337 25351->25339 25352->25342 25353->25337 25354->25320 25355->25324 25356->25330 25357->25337 25358->25128 25359->25134 25361 4097c0 25360->25361 25362 4216ee SetCurrentDirectoryW 25361->25362 25362->24575 25363->24575 25365 5ed68a 25364->25365 25366 5ed6a6 25365->25366 25367 5ed6b5 25365->25367 25368 408b34 12 API calls 25366->25368 25369 409a9c 12 API calls 25367->25369 25370 5ed6b0 25368->25370 25371 5ed6cd 25369->25371 25375 5a4018 GetSystemDirectoryW 25370->25375 25377 5ed7d0 25370->25377 25372 5ed6e7 25371->25372 25373 409a9c 12 API calls 25371->25373 25449 5a306c 12 API calls 25372->25449 25373->25372 25375->25377 25376 5ed6f1 25380 5ed70c 25376->25380 25450 5a306c 12 API calls 25376->25450 25433 5ea9b0 25377->25433 25391 5ed75b 25380->25391 25451 5a43a4 48 API calls 25380->25451 25381 5ed722 25383 5ed75d 25381->25383 25384 5ed726 25381->25384 25385 5a3fec GetWindowsDirectoryW 25383->25385 25387 5a4018 GetSystemDirectoryW 25384->25387 25388 5ed76a 25385->25388 25386 5ed803 25389 5ed80d GetLastError 25386->25389 25390 5ed816 CloseHandle 25386->25390 25392 5ed733 25387->25392 25393 5a2b40 12 API calls 25388->25393 25394 5ed82f 25389->25394 25440 5ed5c4 25390->25440 25391->25370 25452 5a3014 12 API calls 25391->25452 25396 5a2b40 12 API calls 25392->25396 25397 5ed775 25393->25397 25399 40876c 12 API calls 25394->25399 25400 5ed73e 25396->25400 25401 409a9c 12 API calls 25397->25401 25402 5ed849 25399->25402 25403 409a9c 12 API calls 25400->25403 25401->25391 25404 40870c 12 API calls 25402->25404 25403->25391 25405 5ed851 25404->25405 25406 40870c 12 API calls 25405->25406 25407 5ed859 25406->25407 25407->24575 25408->24575 25409->24576 25410->24575 25411->24575 25412->24553 25413->24553 25414->24553 25415->24553 25416->24553 25417->24553 25418->24553 25419->24553 25420->24565 25421->24565 25422->24565 25423->24565 25424->24565 25425->24565 25426->24565 25427->24565 25428->24565 25429->24566 25430->24565 25431->24529 25432->24579 25434 5ea8ec 2 API calls 25433->25434 25435 5ea9c9 25434->25435 25436 5ea9cd 25435->25436 25437 5ea9d4 CreateProcessW GetLastError 25435->25437 25436->25386 25438 5ea928 Wow64RevertWow64FsRedirection 25437->25438 25439 5eaa29 25438->25439 25439->25386 25441 5ed5fc 25440->25441 25442 5ed5e8 WaitForInputIdle 25440->25442 25443 5ed61e GetExitCodeProcess 25441->25443 25447 5ed603 MsgWaitForMultipleObjects 25441->25447 25442->25441 25444 5ed62c 25443->25444 25445 5ed632 CloseHandle 25443->25445 25444->25445 25445->25394 25447->25441 25448 5ed61c 25447->25448 25448->25443 25449->25376 25450->25380 25451->25381 25452->25370 25454 62dc2b 25453->25454 25455 62da00 12 API calls 25454->25455 25456 62dc4e 25455->25456 25457 62dd06 25456->25457 25458 62dc56 25456->25458 25460 62dd13 25457->25460 25471 62cce8 105 API calls 25457->25471 25459 6077d4 12 API calls 25458->25459 25462 62dc61 25459->25462 25460->24612 25462->25460 25463 62cf78 15 API calls 25462->25463 25464 62dcaa 25463->25464 25469 62cd7c 105 API calls 25464->25469 25466 62dcdb 25470 5bc42c 113 API calls 25466->25470 25468 62dcf0 25468->24612 25469->25466 25470->25468 25471->25460 25473 46dcd0 25472->25473 25473->24258 25474 60d2ec 25475 60d313 25474->25475 25476 60d2ff 25474->25476 25482 5a5e84 25475->25482 25476->25475 25499 5eb6a0 12 API calls 25476->25499 25481 60d33d 25483 5a5e90 25482->25483 25484 5a5eb3 GetActiveWindow GetFocus 25483->25484 25501 589dc0 GetCurrentThreadId EnumThreadWindows 25484->25501 25487 5a5ee7 25489 5a5f79 SetFocus 25487->25489 25491 412e9c CreateWindowExW 25487->25491 25488 5a5ed7 RegisterClassW 25488->25487 25490 40870c 12 API calls 25489->25490 25492 5a5f95 25490->25492 25493 5a5f1f 25491->25493 25500 60d01c 179 API calls 25492->25500 25493->25489 25503 59621c 25493->25503 25495 5a5f52 25496 412e9c CreateWindowExW 25495->25496 25497 5a5f68 25496->25497 25497->25489 25498 5a5f71 ShowWindow 25497->25498 25498->25489 25499->25475 25500->25481 25502 589e48 25501->25502 25502->25487 25502->25488 25504 596279 25503->25504 25505 596231 25503->25505 25506 408aec 12 API calls 25504->25506 25505->25504 25507 59623a GetWindowTextW 25505->25507 25511 596277 25506->25511 25508 408894 12 API calls 25507->25508 25509 59625b 25508->25509 25510 408aec 12 API calls 25509->25510 25509->25511 25510->25511 25511->25495 25512 5ec210 25513 5ec219 25512->25513 25514 5a2f64 13 API calls 25513->25514 25515 5ec257 25514->25515 25516 408b34 12 API calls 25515->25516 25517 5ec262 25516->25517 25518 5ec27e 25517->25518 25520 5a2f64 13 API calls 25517->25520 25577 5a43a4 48 API calls 25518->25577 25522 5ec273 25520->25522 25521 5ec283 25523 5ec28b 25521->25523 25524 5ec4b7 25521->25524 25525 408b34 12 API calls 25522->25525 25527 5a3fec GetWindowsDirectoryW 25523->25527 25526 5ec4ed 25524->25526 25595 5ebfb0 17 API calls 25524->25595 25525->25518 25597 5eaed0 Wow64DisableWow64FsRedirection SetLastError Wow64RevertWow64FsRedirection MoveFileExW GetLastError 25526->25597 25529 5ec293 25527->25529 25532 5a2b40 12 API calls 25529->25532 25531 5ec4c6 25534 408b34 12 API calls 25531->25534 25535 5ec29e 25532->25535 25533 5ec4fc 25536 5ec50a 25533->25536 25598 5eb7f4 14 API calls 25533->25598 25538 5ec4d1 25534->25538 25539 409a14 12 API calls 25535->25539 25537 40876c 12 API calls 25536->25537 25541 5ec524 25537->25541 25538->25526 25596 5ebfb0 17 API calls 25538->25596 25542 5ec2ae 25539->25542 25543 40876c 12 API calls 25541->25543 25545 5ebbfc 17 API calls 25542->25545 25546 5ec531 25543->25546 25548 5ec2c1 25545->25548 25547 5ec4e2 25549 408b34 12 API calls 25547->25549 25550 5ec2ef WritePrivateProfileStringW 25548->25550 25549->25526 25551 5aa11c 107 API calls 25550->25551 25552 5ec310 25551->25552 25553 5aa11c 107 API calls 25552->25553 25567 5ec328 25553->25567 25554 5ec390 25556 5ec3a3 25554->25556 25557 5aa704 107 API calls 25554->25557 25558 5ec3a9 25556->25558 25559 5ec3b6 25556->25559 25557->25556 25593 5a3f94 13 API calls 25558->25593 25562 408b34 12 API calls 25559->25562 25563 5ec3b4 25562->25563 25594 5a3f94 13 API calls 25563->25594 25566 5ec3d6 25568 409a9c 12 API calls 25566->25568 25567->25554 25578 5aa3cc 25567->25578 25585 41fd88 12 API calls 25567->25585 25586 5aa704 25567->25586 25569 5ec3e6 25568->25569 25570 5aa704 107 API calls 25569->25570 25571 5ec3f1 25570->25571 25572 5aa704 107 API calls 25571->25572 25574 5ec400 25571->25574 25572->25574 25573 5ec424 25574->25573 25575 5aa3cc 107 API calls 25574->25575 25576 5aa704 107 API calls 25574->25576 25575->25574 25576->25574 25577->25521 25599 5aa438 25578->25599 25581 5aa40b 25583 408730 12 API calls 25581->25583 25584 5aa42a 25583->25584 25584->25567 25585->25567 25587 409a14 12 API calls 25586->25587 25588 5aa72c 25587->25588 25589 5aa6b0 107 API calls 25588->25589 25590 5aa736 25589->25590 25591 40870c 12 API calls 25590->25591 25592 5aa74b 25591->25592 25592->25567 25593->25563 25594->25566 25595->25531 25596->25547 25597->25533 25598->25536 25600 5aa45c 25599->25600 25601 5aa469 25600->25601 25610 408cc0 12 API calls 25600->25610 25611 5aa47f 25600->25611 25615 4265d0 12 API calls 25600->25615 25616 4092e8 12 API calls 25600->25616 25601->25611 25614 5a9fec 106 API calls 25601->25614 25603 408b88 12 API calls 25604 5aa596 25603->25604 25605 408730 12 API calls 25604->25605 25609 5aa3f1 25605->25609 25608 5aa57a 25608->25603 25609->25581 25613 40a0c8 13 API calls 25609->25613 25610->25600 25611->25608 25617 40922c 12 API calls 25611->25617 25613->25581 25614->25611 25615->25600 25616->25600 25617->25608 25618 63752c 25619 63754e 25618->25619 25620 63753c FreeLibrary 25618->25620 25620->25619 25621 606490 25622 60649b 25621->25622 25627 602854 25622->25627 25626 6064ba 25638 6027b0 25627->25638 25629 60285c 25630 58bc9c 25629->25630 25631 58bca7 25630->25631 25643 58fdc4 115 API calls 25631->25643 25633 58bcfe 25644 5934ac 110 API calls 25633->25644 25635 58bd22 25645 58af08 25635->25645 25637 58bdbd 25637->25626 25639 6027cd GetVersion 25638->25639 25642 6027fc 25638->25642 25640 6027da 25639->25640 25639->25642 25641 6027e2 CoCreateInstance 25640->25641 25641->25642 25642->25629 25643->25633 25644->25635 25646 58af12 25645->25646 25649 4f3948 25646->25649 25648 58af58 25648->25637 25650 4f3954 25649->25650 25664 46b958 76 API calls 25650->25664 25652 4f395f 25665 4fa4cc 111 API calls 25652->25665 25654 4f3966 25657 4f398a 25654->25657 25670 4edae8 105 API calls 25654->25670 25656 4f39e3 25661 4f3a2e 25656->25661 25671 4f4f4c 105 API calls 25656->25671 25672 4f4d40 105 API calls 25656->25672 25657->25656 25666 4f4cd0 25657->25666 25673 4ef250 97 API calls 25661->25673 25663 4f3ab2 25663->25648 25664->25652 25665->25654 25667 4f4cdf 25666->25667 25668 4f4cec 25667->25668 25674 58f87c 25667->25674 25668->25656 25670->25657 25671->25656 25672->25656 25673->25663 25676 58f889 25674->25676 25675 58f8bd 25675->25668 25676->25675 25678 58f7a0 25676->25678 25679 58f82f 25678->25679 25683 58f7c2 25678->25683 25681 40870c 12 API calls 25679->25681 25680 58f813 25680->25679 25693 58fbe0 107 API calls 25680->25693 25682 58f84f 25681->25682 25682->25675 25683->25680 25690 40e810 76 API calls 25683->25690 25686 58f7ff 25691 4265dc 12 API calls 25686->25691 25688 58f80e 25692 407e08 12 API calls 25688->25692 25690->25686 25691->25688 25693->25679 25694 5967c8 PeekMessageW 25695 5967e9 25694->25695 25700 5968ca 25694->25700 25696 5967f9 25695->25696 25697 5967ef IsWindowUnicode 25695->25697 25698 59680a PeekMessageW 25696->25698 25699 596820 PeekMessageA 25696->25699 25697->25696 25701 596834 25698->25701 25699->25701 25701->25700 25715 598540 GetCapture 25701->25715 25703 59686f 25703->25700 25722 596660 25703->25722 25712 5968ad TranslateMessage 25713 5968ba DispatchMessageW 25712->25713 25714 5968c2 DispatchMessageA 25712->25714 25713->25700 25714->25700 25716 598555 25715->25716 25717 598567 25715->25717 25716->25717 25750 4ecc00 7 API calls 25716->25750 25717->25703 25719 598572 25719->25717 25720 598578 GetParent 25719->25720 25751 4ecc00 7 API calls 25719->25751 25720->25717 25720->25719 25723 59668b 25722->25723 25724 596674 25722->25724 25723->25700 25726 596518 25723->25726 25724->25723 25752 597b20 162 API calls 25724->25752 25727 596562 25726->25727 25728 596528 25726->25728 25727->25700 25730 596568 25727->25730 25728->25727 25729 59654f TranslateMDISysAccel 25728->25729 25729->25727 25731 596583 25730->25731 25732 596656 25730->25732 25731->25732 25733 59658e GetCapture 25731->25733 25732->25700 25745 5964d0 25732->25745 25734 596618 GetWindowThreadProcessId GetWindowThreadProcessId 25733->25734 25738 596599 25733->25738 25734->25732 25735 596639 SendMessageW 25734->25735 25735->25732 25736 5965f5 25735->25736 25736->25732 25739 5965ca 25738->25739 25741 5965b3 GetParent 25738->25741 25742 5965aa 25738->25742 25753 4ecc5c 7 API calls 25738->25753 25740 5965d0 IsWindowUnicode 25739->25740 25739->25742 25743 5965f9 SendMessageA 25740->25743 25744 5965da SendMessageW 25740->25744 25741->25738 25742->25740 25743->25732 25743->25736 25744->25732 25744->25736 25746 5964e1 IsWindowUnicode 25745->25746 25747 596515 25745->25747 25748 5964ed IsDialogMessageW 25746->25748 25749 596502 IsDialogMessageA 25746->25749 25747->25700 25747->25712 25748->25747 25749->25747 25750->25719 25751->25719 25752->25723 25753->25738 25754 405374 25755 405399 25754->25755 25756 405387 VirtualFree 25755->25756 25757 40539d 25755->25757 25756->25755 25758 405403 VirtualFree 25757->25758 25759 405419 25757->25759 25758->25757 25760 5eaca8 25761 5ea8ec 2 API calls 25760->25761 25763 5eacbe 25761->25763 25762 5eacc2 25763->25762 25764 5eace0 GetFileAttributesW GetLastError 25763->25764 25765 5ea928 Wow64RevertWow64FsRedirection 25764->25765 25766 5ead06 25765->25766 25767 6370f4 25768 6370ff 25767->25768 25769 5eaad0 5 API calls 25768->25769 25770 637114 GetLastError 25768->25770 25771 63713f 25768->25771 25769->25768 25770->25771 25772 63711e GetLastError 25770->25772 25772->25771 25773 637128 GetTickCount 25772->25773 25773->25771 25774 637136 Sleep 25773->25774 25774->25768 25775 63a6d4 25780 45a850 25775->25780 25777 63a740 25778 63a6f5 25778->25777 25786 62e930 25778->25786 25781 45a85b 25780->25781 25782 45a86a 25780->25782 25804 45a51c 105 API calls 25781->25804 25785 45a883 25782->25785 25805 40b8d8 25782->25805 25785->25778 25797 62e9ac 25786->25797 25803 62e961 25786->25803 25787 62e9f9 25841 5ab488 25787->25841 25788 5ab488 106 API calls 25788->25803 25789 5ab488 106 API calls 25789->25797 25792 408730 12 API calls 25795 62ea26 25792->25795 25794 40993c 12 API calls 25794->25803 25796 40870c 12 API calls 25795->25796 25798 62ea2e 25796->25798 25797->25787 25797->25789 25799 408cc0 12 API calls 25797->25799 25801 408b88 12 API calls 25797->25801 25840 4092e8 12 API calls 25797->25840 25798->25778 25799->25797 25800 408cb8 12 API calls 25800->25803 25801->25797 25802 408aec 12 API calls 25802->25803 25803->25788 25803->25794 25803->25797 25803->25800 25803->25802 25808 40b610 25805->25808 25809 40b633 25808->25809 25813 40b64e 25808->25813 25810 40b63e 25809->25810 25831 4055ec 12 API calls 25809->25831 25832 40b9fc 28 API calls 25810->25832 25814 40b69b 25813->25814 25833 4055ec 12 API calls 25813->25833 25816 40b6a9 25814->25816 25834 4055ec 12 API calls 25814->25834 25818 40b6bb 25816->25818 25820 40b783 25816->25820 25825 40b745 25818->25825 25835 40b5cc 12 API calls 25818->25835 25826 40b7c9 25820->25826 25838 40ad0c 59 API calls 25820->25838 25821 40b649 25821->25785 25823 40b610 59 API calls 25823->25825 25825->25821 25825->25823 25839 40b9fc 28 API calls 25826->25839 25827 40b6d3 25827->25825 25836 40abe0 59 API calls 25827->25836 25829 40b71f 25837 4054ac 12 API calls 25829->25837 25831->25810 25832->25821 25833->25814 25834->25816 25835->25827 25836->25829 25837->25825 25838->25826 25839->25825 25840->25797 25842 5ab498 25841->25842 25843 5ab4a3 25841->25843 25842->25792 25849 5ab42c 106 API calls 25843->25849 25845 5ab4ae 25845->25842 25850 4265dc 12 API calls 25845->25850 25847 5ab4c3 25851 407e08 12 API calls 25847->25851 25849->25845 25850->25847 25852 5a4ae0 25855 5a489c 25852->25855 25854 5a4aea 25856 4272ec 48 API calls 25855->25856 25857 5a48ab 25856->25857 25858 5a48b9 AllocateAndInitializeSid 25857->25858 25877 5a48b0 25857->25877 25859 5a48eb GetVersion 25858->25859 25858->25877 25860 5a490b GetModuleHandleW 25859->25860 25861 5a4922 25859->25861 25862 412174 14 API calls 25860->25862 25863 5a4949 GetCurrentThread OpenThreadToken 25861->25863 25864 5a4926 CheckTokenMembership 25861->25864 25865 5a4920 25862->25865 25868 5a499a GetTokenInformation 25863->25868 25869 5a4965 GetLastError 25863->25869 25866 5a493a 25864->25866 25867 5a4a70 FreeSid 25864->25867 25865->25861 25866->25867 25867->25854 25870 5a49c4 GetLastError 25868->25870 25872 5a49dd 25868->25872 25871 5a497b GetCurrentProcess OpenProcessToken 25869->25871 25869->25877 25870->25872 25870->25877 25871->25868 25871->25877 25873 5a49e5 GetTokenInformation 25872->25873 25873->25877 25878 5a4a0f 25873->25878 25874 5a4a40 25880 4054ac 12 API calls 25874->25880 25875 5a4a1c EqualSid 25875->25878 25877->25854 25878->25874 25878->25875 25879 5a4a5f CloseHandle 25879->25854 25880->25879

                                                                                                                                              Executed Functions

                                                                                                                                              Function 005A489C, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 181memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • AllocateAndInitializeSid.ADVAPI32(00000005,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005A48DE
                                                                                                                                              • GetVersion.KERNEL32(00000000,005A4A87,?,00000005,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005A48FB
                                                                                                                                              • GetModuleHandleW.KERNEL32(advapi32.dll,CheckTokenMembership,00000000,005A4A87,?,00000005,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005A4915
                                                                                                                                              • CheckTokenMembership.KERNELBASE(00000000,00000000,?,00000000,005A4A87,?,00000005,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005A4930
                                                                                                                                              • FreeSid.ADVAPI32(00000000,005A4A8E,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005A4A81
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateCheckFreeHandleInitializeMembershipModuleTokenVersion
                                                                                                                                              • String ID: CheckTokenMembership$D1d$advapi32.dll
                                                                                                                                              • API String ID: 2691416632-2458382196
                                                                                                                                              • Opcode ID: 39e696f68cd5026ca06a7068356c6ca05008e58f7453967f00fb3cbcb47e6f34
                                                                                                                                              • Instruction ID: d0ba369c610d7d9976f0c999ed061f442761f972767409ddf9d792ec533d3c58
                                                                                                                                              • Opcode Fuzzy Hash: 39e696f68cd5026ca06a7068356c6ca05008e58f7453967f00fb3cbcb47e6f34
                                                                                                                                              • Instruction Fuzzy Hash: D2517671A44309AFDB50DBE5CC42BBF7BACFB46704F100466FA00E7592D6B8D9508B69
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 006027B0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52comCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetVersion.KERNEL32(00000000,00602846,?,00000000,00000000,?,0060285C,?,006064AF), ref: 006027CD
                                                                                                                                              • CoCreateInstance.OLE32(00653B28,00000000,00000001,00653B38,00000000,00000000,00602846,?,00000000,00000000,?,0060285C,?,006064AF), ref: 006027F3
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateInstanceVersion
                                                                                                                                              • String ID: (;e$8;e
                                                                                                                                              • API String ID: 1462612201-1511215480
                                                                                                                                              • Opcode ID: 870e8561ac3ee009a2ea952f5a7f3cdf9bc18348f10e9d1f4c81e767c2789d77
                                                                                                                                              • Instruction ID: 19b98ff2caba0516729a68c9a31be911bb1773e05db31374249b7821fa599299
                                                                                                                                              • Opcode Fuzzy Hash: 870e8561ac3ee009a2ea952f5a7f3cdf9bc18348f10e9d1f4c81e767c2789d77
                                                                                                                                              • Instruction Fuzzy Hash: 9811CB34684202AFEB15EBA5CD5AB9EB7EEEB05304F4180A5F500DB6A0DF749D488718
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040CD4C, Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,0040CE0C,?,?), ref: 0040CD7E
                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,0040CE0C,?,?), ref: 0040CD87
                                                                                                                                                • Part of subcall function 0040CBFC: FindFirstFileW.KERNEL32(00000000,?,00000000,0040CC5A,?,?), ref: 0040CC2F
                                                                                                                                                • Part of subcall function 0040CBFC: FindClose.KERNEL32(00000000,00000000,?,00000000,0040CC5A,?,?), ref: 0040CC3F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3216391948-0
                                                                                                                                              • Opcode ID: cff3a771b4cd9330fe69c64e8ee45a113bd77ee1a77b8c2479f5eb231e02d6b2
                                                                                                                                              • Instruction ID: 1e6bc69c0a1381f92b9e69733a46d54d0aa19dc84cca161867292b39dd9e4508
                                                                                                                                              • Opcode Fuzzy Hash: cff3a771b4cd9330fe69c64e8ee45a113bd77ee1a77b8c2479f5eb231e02d6b2
                                                                                                                                              • Instruction Fuzzy Hash: 96116670A00209DBDB00EBA6D992AAEB7B8EF48304F50457FB504B73D2DB785E05C669
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005EAC28, Relevance: 3.0, APIs: 2, Instructions: 45fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000000,005EAC8B,?,?,?,00000000), ref: 005EAC65
                                                                                                                                              • GetLastError.KERNEL32(00000000,?,00000000,005EAC8B,?,?,?,00000000), ref: 005EAC6D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorFileFindFirstLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 873889042-0
                                                                                                                                              • Opcode ID: 1f23de28fc6b4c3ba19d583adeafa5f20a13bc1b7b1905b234815227928aeffb
                                                                                                                                              • Instruction ID: 3e89aba3af30474c85f560e1df93807b28535af1dbdf8d67cfc94789412ed504
                                                                                                                                              • Opcode Fuzzy Hash: 1f23de28fc6b4c3ba19d583adeafa5f20a13bc1b7b1905b234815227928aeffb
                                                                                                                                              • Instruction Fuzzy Hash: 2CF02831A04204AB8B15DFBBAC0149DFBACFB8672072147BBF958D3282EA756D018199
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040CBFC, Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000000,0040CC5A,?,?), ref: 0040CC2F
                                                                                                                                              • FindClose.KERNEL32(00000000,00000000,?,00000000,0040CC5A,?,?), ref: 0040CC3F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                              • Opcode ID: bfe9fc320dad8258fdd0243a276f2572e5741aaab784a45e850e39ab4e0d93b5
                                                                                                                                              • Instruction ID: 3a670b773e27689e6367c7af3837c4a9af7244e7933b1c0da2c77d0df124bc1d
                                                                                                                                              • Opcode Fuzzy Hash: bfe9fc320dad8258fdd0243a276f2572e5741aaab784a45e850e39ab4e0d93b5
                                                                                                                                              • Instruction Fuzzy Hash: 3CF05471514604EED711EBB9CE9395DB7ACEB4471576006B6F404F32D2EA385F00A558
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040C820, Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040CA45,?,?), ref: 0040C859
                                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040CA45,?,?), ref: 0040C8A2
                                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040CA45,?,?), ref: 0040C8C4
                                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000), ref: 0040C8E2
                                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 0040C900
                                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 0040C91E
                                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 0040C93C
                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,0040CA28,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040CA45), ref: 0040C97C
                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,0040CA28,?,80000001), ref: 0040C9A7
                                                                                                                                              • RegCloseKey.ADVAPI32(?,0040CA2F,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,0040CA28,?,80000001,Software\Embarcadero\Locales), ref: 0040CA22
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Open$QueryValue$CloseFileModuleName
                                                                                                                                              • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                                                                                                              • API String ID: 2701450724-3496071916
                                                                                                                                              • Opcode ID: d26a71a092777d7a7a404293e07efc613cec9f1592485332ec8d766ca02a3516
                                                                                                                                              • Instruction ID: 0710d48149da5ae319f413f3ef24fbf4f5cead902eccefb92f2df938dc6c631d
                                                                                                                                              • Opcode Fuzzy Hash: d26a71a092777d7a7a404293e07efc613cec9f1592485332ec8d766ca02a3516
                                                                                                                                              • Instruction Fuzzy Hash: 0A510276B4024CFEEB10EB95CC82FEE77ACDB08704F50417ABA04F62C1D6789A448A59
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 006368CC, Relevance: 21.2, APIs: 2, Strings: 10, Instructions: 197COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • CoTaskMemFree.OLE32(?,00636B07,?,00000000,00000000,?,0064208A,00000006,?,00000000,00642640,?,00000000,006426FF), ref: 00636AFA
                                                                                                                                              • CoTaskMemFree.OLE32(?,00636B5A,?,00000000,00000000,?,0064208A,00000006,?,00000000,00642640,?,00000000,006426FF), ref: 00636B4D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeTask
                                                                                                                                              • String ID: @&d$COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                                                                                                              • API String ID: 734271698-2239561693
                                                                                                                                              • Opcode ID: 1572ba151e9b692a76701fb9367c4339cc386bbcecbf6f64831e7ee0fa929e81
                                                                                                                                              • Instruction ID: 0a163672446dfaf2e64a88bf991466de3efd40b9aa3b11949e8eecdd8e4d760e
                                                                                                                                              • Opcode Fuzzy Hash: 1572ba151e9b692a76701fb9367c4339cc386bbcecbf6f64831e7ee0fa929e81
                                                                                                                                              • Instruction Fuzzy Hash: B171A334700205ABCB10EF94D943ADEBBB7EB88315F50A426FA40A7391CB74AD05CFA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040F038, Relevance: 13.8, APIs: 9, Instructions: 258COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 178 40f038-40f0d2 call 40f4e8 call 40f4f8 call 40f508 call 40f518 * 3 191 40f0d4-40f0f7 RaiseException 178->191 192 40f0fc-40f109 178->192 193 40f30c-40f312 191->193 194 40f10b 192->194 195 40f10e-40f12e 192->195 194->195 196 40f130-40f13f call 40f528 195->196 197 40f141-40f149 195->197 199 40f14c-40f155 196->199 197->199 201 40f157-40f167 199->201 202 40f16e-40f170 199->202 201->202 212 40f169 201->212 203 40f232-40f23c 202->203 204 40f176-40f17d 202->204 208 40f24c-40f24e 203->208 209 40f23e-40f24a 203->209 206 40f18d-40f18f 204->206 207 40f17f-40f18b 204->207 213 40f191-40f19a LoadLibraryA 206->213 214 40f19c-40f19e 206->214 207->206 210 40f250-40f254 208->210 211 40f29b-40f29d 208->211 209->208 218 40f256-40f25a 210->218 219 40f28f-40f299 GetProcAddress 210->219 221 40f2e5-40f2e8 211->221 222 40f29f-40f2ae GetLastError 211->222 220 40f2ea-40f2f1 212->220 213->214 216 40f1a0-40f1af GetLastError 214->216 217 40f1eb-40f1f7 call 40e9c0 214->217 224 40f1b1-40f1bd 216->224 225 40f1bf-40f1c1 216->225 238 40f1f9-40f1fd 217->238 239 40f22c-40f22d FreeLibrary 217->239 218->219 228 40f25c-40f267 218->228 219->211 226 40f2f3-40f302 220->226 227 40f30a 220->227 221->220 230 40f2b0-40f2bc 222->230 231 40f2be-40f2c0 222->231 224->225 225->217 233 40f1c3-40f1e6 RaiseException 225->233 226->227 227->193 228->219 234 40f269-40f26f 228->234 230->231 231->221 232 40f2c2-40f2e2 RaiseException 231->232 232->221 233->193 234->219 237 40f271-40f27e 234->237 237->219 241 40f280-40f28b 237->241 238->203 242 40f1ff-40f20d LocalAlloc 238->242 239->203 241->219 243 40f28d 241->243 242->203 244 40f20f-40f22a 242->244 243->221 244->203
                                                                                                                                              APIs
                                                                                                                                              • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0040F0F0
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExceptionRaise
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3997070919-0
                                                                                                                                              • Opcode ID: 1cda7eb6ef4096b0fbc0db0d8579ef9b41e6a024936517b4192c62da5781920c
                                                                                                                                              • Instruction ID: feccda6cf3c7acad02ef86d66c2cb92077e77be799be19eff5c8ecfb26a5ad14
                                                                                                                                              • Opcode Fuzzy Hash: 1cda7eb6ef4096b0fbc0db0d8579ef9b41e6a024936517b4192c62da5781920c
                                                                                                                                              • Instruction Fuzzy Hash: DEA17F75A003099FDB24DFA5D881BAEB7B5BB88310F10453EE905BB7C0DB78A949CB54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005ED658, Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 157COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • GetLastError.KERNEL32(?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,005ED888,005ED888,?,005ED888,00000000), ref: 005ED80D
                                                                                                                                              • CloseHandle.KERNEL32(00642323,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,005ED888,005ED888,?,005ED888), ref: 005ED81A
                                                                                                                                                • Part of subcall function 005ED5C4: WaitForInputIdle.USER32 ref: 005ED5F0
                                                                                                                                                • Part of subcall function 005ED5C4: MsgWaitForMultipleObjects.USER32 ref: 005ED612
                                                                                                                                                • Part of subcall function 005ED5C4: GetExitCodeProcess.KERNEL32 ref: 005ED623
                                                                                                                                                • Part of subcall function 005ED5C4: CloseHandle.KERNEL32(00000001,005ED650,005ED649,?,?,?,00000001,?,?,005ED9F2,?,00000000,005EDA08,?,?,?), ref: 005ED643
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseHandleWait$CodeErrorExitIdleInputLastMultipleObjectsProcess
                                                                                                                                              • String ID: .bat$.cmd$COMMAND.COM" /C $D$cmd.exe" /C "
                                                                                                                                              • API String ID: 854858120-615399546
                                                                                                                                              • Opcode ID: cddef7386685175d22e721624df1793368a268c901056a33dfa2bd54596a7226
                                                                                                                                              • Instruction ID: cf8cff18646340f51478fd82ec7785caee8c1fc40c648b8e5a59f67db6d80d6f
                                                                                                                                              • Opcode Fuzzy Hash: cddef7386685175d22e721624df1793368a268c901056a33dfa2bd54596a7226
                                                                                                                                              • Instruction Fuzzy Hash: 24514034A042499BDF14EFE6C982BDEBBB5FF45304F60403AB584A7282D7749E05DB64
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005967C8, Relevance: 10.6, APIs: 7, Instructions: 105windowCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 359 5967c8-5967e3 PeekMessageW 360 5967e9-5967ed 359->360 361 5968d1-5968d8 359->361 362 5967fd 360->362 363 5967ef-5967f7 IsWindowUnicode 360->363 365 5967ff-596808 362->365 363->362 364 5967f9-5967fb 363->364 364->365 366 59680a-59681e PeekMessageW 365->366 367 596820-596833 PeekMessageA 365->367 368 596834-596836 366->368 367->368 368->361 369 59683c-596842 368->369 370 596848-596854 369->370 371 5968ca 369->371 372 596866-596871 call 598540 370->372 373 596856-59685a 370->373 371->361 372->361 376 596873-59687e call 596660 372->376 373->372 376->361 379 596880-596884 376->379 379->361 380 596886-596891 call 596518 379->380 380->361 383 596893-59689e call 596568 380->383 383->361 386 5968a0-5968ab call 5964d0 383->386 386->361 389 5968ad-5968b8 TranslateMessage 386->389 390 5968ba-5968c0 DispatchMessageW 389->390 391 5968c2-5968c8 DispatchMessageA 389->391 390->361 391->361
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Message$Peek$Dispatch$TranslateUnicodeWindow
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2190272339-0
                                                                                                                                              • Opcode ID: 4472aa6e513a5574d8785d02682aab41d060d065da8711b643bb2aa4e8fec0a8
                                                                                                                                              • Instruction ID: 7fde5241b0eb32650a4f148c00a4375d94ee377ee13946f56739d5ce7654fa3a
                                                                                                                                              • Opcode Fuzzy Hash: 4472aa6e513a5574d8785d02682aab41d060d065da8711b643bb2aa4e8fec0a8
                                                                                                                                              • Instruction Fuzzy Hash: A521053070435036EE313A290D42BBE9EC9BF92B48F24442EF9C4D7182DE99984E8336
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005A5E84, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91windowregistryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • GetActiveWindow.USER32 ref: 005A5EB3
                                                                                                                                              • GetFocus.USER32(00000000,005A5F96,?,?,00000000,00000001,00000000,?,0060D31F,0065B16C,?,00000000,00643946,?,00000001,00000000), ref: 005A5EBB
                                                                                                                                              • RegisterClassW.USER32 ref: 005A5EDC
                                                                                                                                              • ShowWindow.USER32(00000000,00000008,00000000,?,00000000,41178000,00000000,00000000,00000000,00000000,80000000,00000000,?,00000000,00000000,00000000), ref: 005A5F74
                                                                                                                                              • SetFocus.USER32(00000000,00000000,005A5F96,?,?,00000000,00000001,00000000,?,0060D31F,0065B16C,?,00000000,00643946,?,00000001), ref: 005A5F7B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FocusWindow$ActiveClassRegisterShow
                                                                                                                                              • String ID: TWindowDisabler-Window
                                                                                                                                              • API String ID: 495420250-1824977358
                                                                                                                                              • Opcode ID: e7d9be63efcdb89af98c647ac90367f16703b1cd1dce49ab08c1c73dd9e54fc8
                                                                                                                                              • Instruction ID: 968a9bb20246be1b3313d03204b3345bab2930c4af1eadb8c7873cad5d3a2d0e
                                                                                                                                              • Opcode Fuzzy Hash: e7d9be63efcdb89af98c647ac90367f16703b1cd1dce49ab08c1c73dd9e54fc8
                                                                                                                                              • Instruction Fuzzy Hash: A6219FB1700B00AFE720EB75DD02F6EBAA5EB45B04F114529B900EB6D1EBB4AD5087D8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00636F08, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 102COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,00000000,0063705A,?,?,00000005,00000000,00000000,?,006437AD,00000000,00643960,?,00000000,006439C4), ref: 00636F93
                                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,00000000,0063705A,?,?,00000005,00000000,00000000,?,006437AD,00000000,00643960,?,00000000,006439C4), ref: 00636F9C
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                                              • String ID: Created temporary directory: $\_setup64.tmp$_isetup
                                                                                                                                              • API String ID: 1375471231-2952887711
                                                                                                                                              • Opcode ID: 03a6c423bd23fc3a448d4d28dedc1ab0c16beb695e83f3f905b9fdd1da5aaf5d
                                                                                                                                              • Instruction ID: f7bc0129703bc293d7b6bdde5ef303e95730e5205113c469d35c3380222b8bba
                                                                                                                                              • Opcode Fuzzy Hash: 03a6c423bd23fc3a448d4d28dedc1ab0c16beb695e83f3f905b9fdd1da5aaf5d
                                                                                                                                              • Instruction Fuzzy Hash: 96414674A041099FDB15EFA4D892AEEB7B6FF84300F50406AF501B7392DB34AE05CBA4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0064E4A0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0040EFEC: GetModuleHandleW.KERNEL32(00000000,?,0064E4B3), ref: 0040EFF8
                                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 0064E4C3
                                                                                                                                              • SetWindowLongW.USER32 ref: 0064E4DF
                                                                                                                                              • SetErrorMode.KERNEL32(00000001,00000000,0064E524,?,?,000000EC,00000000), ref: 0064E4F4
                                                                                                                                                • Part of subcall function 00643CF8: GetModuleHandleW.KERNEL32(user32.dll,DisableProcessWindowsGhosting,0064E4FE,00000001,00000000,0064E524,?,?,000000EC,00000000), ref: 00643D02
                                                                                                                                                • Part of subcall function 00596918: SendMessageW.USER32(?,0000B020,00000000,?), ref: 0059693D
                                                                                                                                                • Part of subcall function 00596428: SetWindowTextW.USER32(?,00000000), ref: 00596459
                                                                                                                                              • ShowWindow.USER32(?,00000005,00000000,0064E524,?,?,000000EC,00000000), ref: 0064E55E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$HandleLongModule$ErrorMessageModeSendShowText
                                                                                                                                              • String ID: Setup
                                                                                                                                              • API String ID: 1533765661-3839654196
                                                                                                                                              • Opcode ID: de8eae240fffc11e5891fb197b46b02600172a125dadf514773e36cbc875aff6
                                                                                                                                              • Instruction ID: 6a50ebe2baf01f01f32c87922564657e870154096d5d6381a5669e7090f09ffa
                                                                                                                                              • Opcode Fuzzy Hash: de8eae240fffc11e5891fb197b46b02600172a125dadf514773e36cbc875aff6
                                                                                                                                              • Instruction Fuzzy Hash: E0215B34204700EFD700EF69DC82D967BEAEB4E714B5252A4F914CB3A1CB35A980CB55
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004210E4, Relevance: 7.5, APIs: 5, Instructions: 41fileCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 507 4210e4-421101 call 4097c0 DeleteFileW 510 421103-421113 GetLastError GetFileAttributesW 507->510 511 421139-42113f 507->511 512 421133-421134 SetLastError 510->512 513 421115-421118 510->513 512->511 513->512 514 42111a-42111c 513->514 514->512 515 42111e-421131 call 4097c0 RemoveDirectoryW 514->515 515->511
                                                                                                                                              APIs
                                                                                                                                              • DeleteFileW.KERNEL32(00000000,?,?,0065B16C,?,0064396F,00000000,006439C4,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex), ref: 004210F4
                                                                                                                                              • GetLastError.KERNEL32(00000000,?,?,0065B16C,?,0064396F,00000000,006439C4,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex), ref: 00421103
                                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,00000000,?,?,0065B16C,?,0064396F,00000000,006439C4,?,?,00000005,?,00000000,00000000,00000000), ref: 0042110B
                                                                                                                                              • RemoveDirectoryW.KERNEL32(00000000,00000000,00000000,?,?,0065B16C,?,0064396F,00000000,006439C4,?,?,00000005,?,00000000,00000000), ref: 00421126
                                                                                                                                              • SetLastError.KERNEL32(00000000,00000000,00000000,?,?,0065B16C,?,0064396F,00000000,006439C4,?,?,00000005,?,00000000,00000000), ref: 00421134
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorFileLast$AttributesDeleteDirectoryRemove
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2814369299-0
                                                                                                                                              • Opcode ID: d2c0dd33d7c18eed22adcf814cdc53b7dc46d9a0f2dfd44c826b3f52e1cb17a1
                                                                                                                                              • Instruction ID: 33908bd15dec3b7179841ebfa4c9c74ba473a92bca8e8e457bbb177678e8ffb0
                                                                                                                                              • Opcode Fuzzy Hash: d2c0dd33d7c18eed22adcf814cdc53b7dc46d9a0f2dfd44c826b3f52e1cb17a1
                                                                                                                                              • Instruction Fuzzy Hash: CAF027613102181999103D7E2C81ABF514CC98276DF540B3FFF90D31A2C57D4C6641AD
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005AED7C, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 107COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 005AC56C: GetDC.USER32(00000000), ref: 005AC57D
                                                                                                                                                • Part of subcall function 005AC56C: SelectObject.GDI32(hZ`,00000000), ref: 005AC59F
                                                                                                                                                • Part of subcall function 005AC56C: GetTextExtentPointW.GDI32(hZ`,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz,00000034,?), ref: 005AC5B3
                                                                                                                                                • Part of subcall function 005AC56C: GetTextMetricsW.GDI32(hZ`,?,00000000,005AC5F8,?,00000000,?,?,00605A68), ref: 005AC5D5
                                                                                                                                                • Part of subcall function 005AC56C: ReleaseDC.USER32 ref: 005AC5F2
                                                                                                                                              • MulDiv.KERNEL32(Wd`,00000006,00000006), ref: 005AEE49
                                                                                                                                              • MulDiv.KERNEL32(?,?,0000000D), ref: 005AEE60
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Text$ExtentMetricsObjectPointReleaseSelect
                                                                                                                                              • String ID: c`$Wd`
                                                                                                                                              • API String ID: 844173074-1325605884
                                                                                                                                              • Opcode ID: b685ac98f4c28091e779b180296c8c4a52dd16ebf372e82418af6bed2d9b8263
                                                                                                                                              • Instruction ID: 35fca830049c4535ebc9280e25c70911453fb92b03361f3599db3c041714bf6c
                                                                                                                                              • Opcode Fuzzy Hash: b685ac98f4c28091e779b180296c8c4a52dd16ebf372e82418af6bed2d9b8263
                                                                                                                                              • Instruction Fuzzy Hash: 4441E734A00109EFDB04DBA8D986EADB7F9FB49700F2541A5F908EB361D770AE05DB50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040843C, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93threadCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 540 40843c-408450 541 408452-40845e call 40831c call 4083a4 540->541 542 408463-40846a 540->542 541->542 544 40846c-408477 GetCurrentThreadId 542->544 545 40848d-408491 542->545 544->545 547 408479-408488 call 408074 call 408378 544->547 548 408493-40849a 545->548 549 4084b5-4084b9 545->549 547->545 548->549 554 40849c-4084b3 548->554 550 4084c5-4084c9 549->550 551 4084bb-4084be 549->551 556 4084e8-4084f1 call 40809c 550->556 557 4084cb-4084d4 call 405554 550->557 551->550 555 4084c0-4084c2 551->555 554->549 555->550 567 4084f3-4084f6 556->567 568 4084f8-4084fd 556->568 557->556 566 4084d6-4084e6 call 4069c8 call 405554 557->566 566->556 567->568 569 408519-408524 call 408074 567->569 568->569 570 4084ff-40850d call 40d114 568->570 579 408526 569->579 580 408529-40852d 569->580 570->569 578 40850f-408511 570->578 578->569 582 408513-408514 FreeLibrary 578->582 579->580 583 408536-408539 580->583 584 40852f-408531 call 408378 580->584 582->569 586 408552 583->586 587 40853b-408542 583->587 584->583 588 408544 587->588 589 40854a-40854d ExitProcess 587->589 588->589
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0040846C
                                                                                                                                              • FreeLibrary.KERNEL32(00400000,?,?,?,00408576,0040559F,004055E6,?,?,004055FF,?,?,?,?,004A11AA,00000000), ref: 00408514
                                                                                                                                              • ExitProcess.KERNEL32(00000000,?,?,?,00408576,0040559F,004055E6,?,?,004055FF,?,?,?,?,004A11AA,00000000), ref: 0040854D
                                                                                                                                                • Part of subcall function 004083A4: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,0040845C,?,?,?,00408576,0040559F,004055E6,?,?,004055FF), ref: 004083DD
                                                                                                                                                • Part of subcall function 004083A4: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,0040845C,?,?,?,00408576,0040559F,004055E6,?,?), ref: 004083E3
                                                                                                                                                • Part of subcall function 004083A4: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,0040845C,?,?,?), ref: 004083FE
                                                                                                                                                • Part of subcall function 004083A4: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,0040845C,?,?), ref: 00408404
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                                                                                              • String ID: MZP
                                                                                                                                              • API String ID: 3490077880-2889622443
                                                                                                                                              • Opcode ID: 823e50cc4a22acca23d7278d26c7b304afc1e7bac03ca18441e15878ea125db2
                                                                                                                                              • Instruction ID: 5b76d8d968706fbbf4964f61baaaa707930081d864b01115aa6b3d2e9f9cd81a
                                                                                                                                              • Opcode Fuzzy Hash: 823e50cc4a22acca23d7278d26c7b304afc1e7bac03ca18441e15878ea125db2
                                                                                                                                              • Instruction Fuzzy Hash: 7B31AD60A007429BDB30EF7A9A9871B7AE56B54319F14053FE485A32D2DE7CD888CB1D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00408434, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86threadCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 590 408434-408450 591 408452-40845e call 40831c call 4083a4 590->591 592 408463-40846a 590->592 591->592 594 40846c-408477 GetCurrentThreadId 592->594 595 40848d-408491 592->595 594->595 597 408479-408488 call 408074 call 408378 594->597 598 408493-40849a 595->598 599 4084b5-4084b9 595->599 597->595 598->599 604 40849c-4084b3 598->604 600 4084c5-4084c9 599->600 601 4084bb-4084be 599->601 606 4084e8-4084f1 call 40809c 600->606 607 4084cb-4084d4 call 405554 600->607 601->600 605 4084c0-4084c2 601->605 604->599 605->600 617 4084f3-4084f6 606->617 618 4084f8-4084fd 606->618 607->606 616 4084d6-4084e6 call 4069c8 call 405554 607->616 616->606 617->618 619 408519-408524 call 408074 617->619 618->619 620 4084ff-40850d call 40d114 618->620 629 408526 619->629 630 408529-40852d 619->630 620->619 628 40850f-408511 620->628 628->619 632 408513-408514 FreeLibrary 628->632 629->630 633 408536-408539 630->633 634 40852f-408531 call 408378 630->634 632->619 636 408552 633->636 637 40853b-408542 633->637 634->633 638 408544 637->638 639 40854a-40854d ExitProcess 637->639 638->639
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0040846C
                                                                                                                                              • FreeLibrary.KERNEL32(00400000,?,?,?,00408576,0040559F,004055E6,?,?,004055FF,?,?,?,?,004A11AA,00000000), ref: 00408514
                                                                                                                                              • ExitProcess.KERNEL32(00000000,?,?,?,00408576,0040559F,004055E6,?,?,004055FF,?,?,?,?,004A11AA,00000000), ref: 0040854D
                                                                                                                                                • Part of subcall function 004083A4: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,0040845C,?,?,?,00408576,0040559F,004055E6,?,?,004055FF), ref: 004083DD
                                                                                                                                                • Part of subcall function 004083A4: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,0040845C,?,?,?,00408576,0040559F,004055E6,?,?), ref: 004083E3
                                                                                                                                                • Part of subcall function 004083A4: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,0040845C,?,?,?), ref: 004083FE
                                                                                                                                                • Part of subcall function 004083A4: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,0040845C,?,?), ref: 00408404
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                                                                                              • String ID: MZP
                                                                                                                                              • API String ID: 3490077880-2889622443
                                                                                                                                              • Opcode ID: b90dee6dea632e89a70614c4da1824bfde99783d1505cf4ce789d4dcae1d4ab6
                                                                                                                                              • Instruction ID: d9973903a459195fd0393e29f567787384c4c27e1d63a0512fc27f5b04fdd805
                                                                                                                                              • Opcode Fuzzy Hash: b90dee6dea632e89a70614c4da1824bfde99783d1505cf4ce789d4dcae1d4ab6
                                                                                                                                              • Instruction Fuzzy Hash: 7831AB60A007829ADB31AF759A9871A3BE15F55319F14043FA4C5A22D2DE7CD888CB1D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005EBE94, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 82COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,?,00000000,005EBF89,?,0065B16C,?,00000003,00000000,00000000,?,00636F2F,00000000,0063705A), ref: 005EBEDC
                                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,?,00000000,005EBF89,?,0065B16C,?,00000003,00000000,00000000,?,00636F2F,00000000,0063705A), ref: 005EBEE5
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                                              • String ID: $d$.tmp
                                                                                                                                              • API String ID: 1375471231-983619410
                                                                                                                                              • Opcode ID: cdab6ff00da8ce607eb810b3eb7e54ca140ff267d130d2c37cd1289dae885ebd
                                                                                                                                              • Instruction ID: aeb5f0c272d6a9c201c8e5309a7996fcdab19ccc48c83a4190106961b9fc619b
                                                                                                                                              • Opcode Fuzzy Hash: cdab6ff00da8ce607eb810b3eb7e54ca140ff267d130d2c37cd1289dae885ebd
                                                                                                                                              • Instruction Fuzzy Hash: 78217675A002099FEB05EBA1CD92ADFB7F9FB88300F50417AF540A3341DB746E018BA4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0046DC00, Relevance: 6.1, APIs: 4, Instructions: 59registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Class$InfoLongRegisterUnregisterWindow
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4025006896-0
                                                                                                                                              • Opcode ID: faf9abdf83bdc3e3505faceefb293c3ef03bd65f92d908ad1a1541aaef1fcbaa
                                                                                                                                              • Instruction ID: 4ee0ac4904b471166c115f7fd8161f58ea7d04121eaa5f920348a45fd023421a
                                                                                                                                              • Opcode Fuzzy Hash: faf9abdf83bdc3e3505faceefb293c3ef03bd65f92d908ad1a1541aaef1fcbaa
                                                                                                                                              • Instruction Fuzzy Hash: 8E01A171B00304AFCB00EB99DD81F9A73AAE719305F049216B904EB291DAB9DD50C759
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005ED5C4, Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WaitForInputIdle.USER32 ref: 005ED5F0
                                                                                                                                              • MsgWaitForMultipleObjects.USER32 ref: 005ED612
                                                                                                                                              • GetExitCodeProcess.KERNEL32 ref: 005ED623
                                                                                                                                              • CloseHandle.KERNEL32(00000001,005ED650,005ED649,?,?,?,00000001,?,?,005ED9F2,?,00000000,005EDA08,?,?,?), ref: 005ED643
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Wait$CloseCodeExitHandleIdleInputMultipleObjectsProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4071923889-0
                                                                                                                                              • Opcode ID: 2e3bc6ec6f0ea2daaea63df67a6995eb879b8cc21a54e86b7ee1f3a42f25a013
                                                                                                                                              • Instruction ID: a70327a024a7c74889a257386479784a7318cc78147b7eac6dacf4cbd3de8df7
                                                                                                                                              • Opcode Fuzzy Hash: 2e3bc6ec6f0ea2daaea63df67a6995eb879b8cc21a54e86b7ee1f3a42f25a013
                                                                                                                                              • Instruction Fuzzy Hash: 6E01F570A402047AEB249BA78D06AAA7FBCEB48760F500527F648C31D1CAB48D40CA74
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 006370F4, Relevance: 6.0, APIs: 4, Instructions: 34sleepCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLast$CountSleepTick
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2227064392-0
                                                                                                                                              • Opcode ID: bbef68878445aa52f843517cc0a61e3efb054ee1ff50d08424351e196b2d19b3
                                                                                                                                              • Instruction ID: dbe203701572d7e3b041f8ca5e3606a3482ca6b63ddac884ff1781b21219bc08
                                                                                                                                              • Opcode Fuzzy Hash: bbef68878445aa52f843517cc0a61e3efb054ee1ff50d08424351e196b2d19b3
                                                                                                                                              • Instruction Fuzzy Hash: A2E092B330D1D095A63A35BE2D855BD5A8ECED2359F2D097FF1D9C3242C444888592E6
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00636760, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 005A45D0: RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,005A4CAA,?,00000000,?,005A4C4A,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005A4CAA), ref: 005A45EC
                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,@&d,?,006369BE,00000000,00636BC3,?,00000000,00000000), ref: 006367A5
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseOpen
                                                                                                                                              • String ID: @&d$Software\Microsoft\Windows\CurrentVersion
                                                                                                                                              • API String ID: 47109696-2294625965
                                                                                                                                              • Opcode ID: 79a8a7ec5f4a8ff64c631923f4686015b9a57dbeb3cd128649ee67e53d87656c
                                                                                                                                              • Instruction ID: ae1a775c98ce06d3c26a93bd1f311b4b5e4ceae4989cd4f2948fed1a03bb4a3d
                                                                                                                                              • Opcode Fuzzy Hash: 79a8a7ec5f4a8ff64c631923f4686015b9a57dbeb3cd128649ee67e53d87656c
                                                                                                                                              • Instruction Fuzzy Hash: ACF0823570411477EA00A1DEDD42BAEA7EEDBC9728F60402EFA04D7341DEA5DD0146E9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00636810, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,00636BA8,00000000,00636BC3,?,00000000,00000000,?,0064208A,00000006), ref: 00636872
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Close
                                                                                                                                              • String ID: RegisteredOrganization$RegisteredOwner
                                                                                                                                              • API String ID: 3535843008-1113070880
                                                                                                                                              • Opcode ID: 04b92aed3882c4fe210e23576ba01fc356887cf5fb16f5a9c0e500fa44ad322a
                                                                                                                                              • Instruction ID: 00be0e157597af12bbca6b6a970fd2ff42349e1b069aa6cf2dbf32560d529aaf
                                                                                                                                              • Opcode Fuzzy Hash: 04b92aed3882c4fe210e23576ba01fc356887cf5fb16f5a9c0e500fa44ad322a
                                                                                                                                              • Instruction Fuzzy Hash: 93F0B431B04244BFD710DBD4DC46BAE7BABEB8A744F246064B6005B391DB71AD00C774
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005EA394, Relevance: 4.6, APIs: 3, Instructions: 74COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetFileVersionInfoSizeW.VERSION(00000000,?,?,?,?), ref: 005EA3B4
                                                                                                                                              • GetFileVersionInfoW.VERSION(00000000,?,00000000,?,00000000,005EA42B,?,00000000,?,?,?,?), ref: 005EA3E1
                                                                                                                                              • VerQueryValueW.VERSION(?,005EA454,?,?,00000000,?,00000000,?,00000000,005EA42B,?,00000000,?,?,?,?), ref: 005EA3FB
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileInfoVersion$QuerySizeValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2179348866-0
                                                                                                                                              • Opcode ID: 47dbdcafc8180e00b58ea90f5456f85c7ff63f68acdd8447d60396d2e4b1ddf5
                                                                                                                                              • Instruction ID: 2cd7527119d130a455d03c1d750dc8efed3ea5c01217b7d7ef0ecfd0a7a8cbce
                                                                                                                                              • Opcode Fuzzy Hash: 47dbdcafc8180e00b58ea90f5456f85c7ff63f68acdd8447d60396d2e4b1ddf5
                                                                                                                                              • Instruction Fuzzy Hash: 44216231A04149AEDB05DABA8C45AFFBBEDEB45714F450476F840E3281D6B8AE00C766
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00405374, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualFree.KERNEL32(00655ADC,00000000,00008000), ref: 00405392
                                                                                                                                              • VirtualFree.KERNEL32(00657B80,00000000,00008000), ref: 0040540E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeVirtual
                                                                                                                                              • String ID: |[e
                                                                                                                                              • API String ID: 1263568516-3325909358
                                                                                                                                              • Opcode ID: d5dfa00da18ff06502df05bc27ad955e416656a01f2e95a0bcfdda7618d2d590
                                                                                                                                              • Instruction ID: be871639bf00461a8aa8d925601398a5ac4ef890cfbab00df30ca50c7ce44b4f
                                                                                                                                              • Opcode Fuzzy Hash: d5dfa00da18ff06502df05bc27ad955e416656a01f2e95a0bcfdda7618d2d590
                                                                                                                                              • Instruction Fuzzy Hash: 8B11B2B1600A008FD7649F199894B17BAE1FB88711F21807EE509EF781D678DC01CB98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00638A04, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 148windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SendNotifyMessageW.USER32(00050230,00000496,00002711,-00000001), ref: 00638C2C
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MessageNotifySend
                                                                                                                                              • String ID: MS PGothic
                                                                                                                                              • API String ID: 3556456075-3532686627
                                                                                                                                              • Opcode ID: b25ee7ff8c8294e4cb2fa36c9e30e2abd509d50dfb0fda0d31ec1a05ce5b1f3f
                                                                                                                                              • Instruction ID: 9b56dc0600cb7db497198a8661a15b5d2dff33f58fffbb73328d8d37a8ba38b8
                                                                                                                                              • Opcode Fuzzy Hash: b25ee7ff8c8294e4cb2fa36c9e30e2abd509d50dfb0fda0d31ec1a05ce5b1f3f
                                                                                                                                              • Instruction Fuzzy Hash: 3E514D70211305CFCB00EF25DD85A9A77A7EB85306F5462BAB8049B3A6DF34EC46CB95
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00637148, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • Failed to remove temporary directory: , xrefs: 006371B2
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CountTick
                                                                                                                                              • String ID: Failed to remove temporary directory:
                                                                                                                                              • API String ID: 536389180-3544197614
                                                                                                                                              • Opcode ID: f154fef67ac6e8a2d1217657ae74403b32565fc76f3e749d26bee00b86042428
                                                                                                                                              • Instruction ID: c7f8ce6164dca082ce13a1a869d854b7bbd546e15af477b45018a3ae8ac61c35
                                                                                                                                              • Opcode Fuzzy Hash: f154fef67ac6e8a2d1217657ae74403b32565fc76f3e749d26bee00b86042428
                                                                                                                                              • Instruction Fuzzy Hash: 4101D4707483096ADB25F7B5CC07BAA7BD7EB48700F551465F600971D2DBB99C40C654
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00412E9C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateWindow
                                                                                                                                              • String ID: TWindowDisabler-Window
                                                                                                                                              • API String ID: 716092398-1824977358
                                                                                                                                              • Opcode ID: 1653f63f676bffe5bc40360ae22fbcb9191e2eba770d270949da5ea5edff6c54
                                                                                                                                              • Instruction ID: d31c8e9f8f9f279fc589f7dfdf6bc4310c0540d177500a1ea8fe7812b47fcc3c
                                                                                                                                              • Opcode Fuzzy Hash: 1653f63f676bffe5bc40360ae22fbcb9191e2eba770d270949da5ea5edff6c54
                                                                                                                                              • Instruction Fuzzy Hash: 01F07FB2600118AF8B84DE9DDC81EDB77ECEB4D2A4B05412ABA08E3201D634ED118BA4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005A45D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,005A4CAA,?,00000000,?,005A4C4A,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005A4CAA), ref: 005A45EC
                                                                                                                                              Strings
                                                                                                                                              • Control Panel\Desktop\ResourceLocale, xrefs: 005A45EA
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Open
                                                                                                                                              • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                              • API String ID: 71445658-1109908249
                                                                                                                                              • Opcode ID: 4159c5193cd55600c611da14b8cfa255fcf362317ada1f8500961d1ba403f106
                                                                                                                                              • Instruction ID: 2b5e8e499a14b184964abae4c20495cb349ea00cc6543fe53daaaac95870c44d
                                                                                                                                              • Opcode Fuzzy Hash: 4159c5193cd55600c611da14b8cfa255fcf362317ada1f8500961d1ba403f106
                                                                                                                                              • Instruction Fuzzy Hash: 7DD0C9769542287B9B10AA89DC42DFB779DEB5A760F44801AFE0497100C2B4EC918BF4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005EC628, Relevance: 3.2, APIs: 2, Instructions: 192fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindNextFileW.KERNEL32(000000FF,?,00000000,005EC852,?,00000000,005EC8C6,?,?,?,006371A5,00000000,006370F4,00000000,00000000,00000001), ref: 005EC82E
                                                                                                                                              • FindClose.KERNEL32(000000FF,005EC859,005EC852,?,00000000,005EC8C6,?,?,?,006371A5,00000000,006370F4,00000000,00000000,00000001,00000001), ref: 005EC84C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$CloseFileNext
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2066263336-0
                                                                                                                                              • Opcode ID: 53bc865317e1e349c559c6e5f887747edc9896c55d65702db22018073b299cb7
                                                                                                                                              • Instruction ID: 5488b1b805e6da98bb7f9ad588351a08cf618685d19068ed1b26a0edbbeb3108
                                                                                                                                              • Opcode Fuzzy Hash: 53bc865317e1e349c559c6e5f887747edc9896c55d65702db22018073b299cb7
                                                                                                                                              • Instruction Fuzzy Hash: 54819E70D082C99ADF29DFA6C5457EEBFB4BB45304F1481AAE88873291C7349E46CB60
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005A43B0, Relevance: 3.1, APIs: 2, Instructions: 112registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegQueryValueExW.ADVAPI32(00000001,?,00000000,00000000,00000000,?,00000000,005A44E6,?,00638C5C,00000000,00000000), ref: 005A43EC
                                                                                                                                              • RegQueryValueExW.ADVAPI32(00000001,?,00000000,00000000,00000000,70000000,00000001,?,00000000,00000000,00000000,?,00000000,005A44E6,?,00638C5C), ref: 005A445A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: QueryValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3660427363-0
                                                                                                                                              • Opcode ID: 09be3a900e0f6306225119b1394ef7d89922bdc208fa1f34e3eb6dd64bd95672
                                                                                                                                              • Instruction ID: 516fee1c56fc05fa3883517f43a11979dcf01a738b553202ee81e14d032bbd71
                                                                                                                                              • Opcode Fuzzy Hash: 09be3a900e0f6306225119b1394ef7d89922bdc208fa1f34e3eb6dd64bd95672
                                                                                                                                              • Instruction Fuzzy Hash: AD413C31900118AFDF10DFD5D981AAFBBB8FB89704F61456AE800F7284D7B4AE448FA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040F318, Relevance: 3.1, APIs: 2, Instructions: 106COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 0040F3E7
                                                                                                                                              • LocalFree.KERNEL32(00000000,00000000), ref: 0040F401
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Free$LibraryLocal
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3007483513-0
                                                                                                                                              • Opcode ID: 20840f1ce028ef29236574f3fa037a7e88394d9fbcb1a8b1c3a444736f524869
                                                                                                                                              • Instruction ID: 423d3d733e0dd39cddbf62de097052e210234c2df6f7b067a59f6a801a4de290
                                                                                                                                              • Opcode Fuzzy Hash: 20840f1ce028ef29236574f3fa037a7e88394d9fbcb1a8b1c3a444736f524869
                                                                                                                                              • Instruction Fuzzy Hash: 8931A872900115ABC724DF95D8C196F73B8AF98314B14403EFD04B7781DB38DD458B98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040CE18, Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetUserDefaultUILanguage.KERNEL32(00000000,0040CF2F,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040CFB6,00000000,?,00000105), ref: 0040CEC3
                                                                                                                                              • GetSystemDefaultUILanguage.KERNEL32(00000000,0040CF2F,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040CFB6,00000000,?,00000105), ref: 0040CEEB
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DefaultLanguage$SystemUser
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 384301227-0
                                                                                                                                              • Opcode ID: 623476b294e4157c8f26e068f3d5193810c32f141019045db7e7e2775c26e31f
                                                                                                                                              • Instruction ID: c788e334060a25e6d2cd168b269f6364243901e4ff697a841f6e5fd8733cb216
                                                                                                                                              • Opcode Fuzzy Hash: 623476b294e4157c8f26e068f3d5193810c32f141019045db7e7e2775c26e31f
                                                                                                                                              • Instruction Fuzzy Hash: FA312F70A14209DFDB10EB99C9C1AAEB7B5EB44704F60467BE400B73D1DB78AD41CB99
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005EA9B0, Relevance: 3.1, APIs: 2, Instructions: 60processCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateProcessW.KERNEL32 ref: 005EAA04
                                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,0065B16C,?,?,0060D1CC,00000000,0060D1B0,?,00000000,00000000,005EAA2A,?,?,00000000,00000001), ref: 005EAA0C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateErrorLastProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2919029540-0
                                                                                                                                              • Opcode ID: d67839d4922f9f28c50906aa1fc3325f2ec468ff47279d95a345216ad888b828
                                                                                                                                              • Instruction ID: 7e56c289884b0a03067bf97474e3bbaa7abe0a68c2b9c7601e9c6b22023cb317
                                                                                                                                              • Opcode Fuzzy Hash: d67839d4922f9f28c50906aa1fc3325f2ec468ff47279d95a345216ad888b828
                                                                                                                                              • Instruction Fuzzy Hash: DE113C72604248AF8B44DEAADD41DEE7BECFB8D310B114566F908D3601E674AD10C765
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00412174, Relevance: 3.1, APIs: 2, Instructions: 57libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetProcAddress.KERNEL32(?,?), ref: 0041219E
                                                                                                                                              • GetProcAddress.KERNEL32(?,00000000), ref: 004121D7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressProc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 190572456-0
                                                                                                                                              • Opcode ID: b505409bb2b6c5c1b3c8618489fb579310ea6e957dc175e5bfb36aa969615ef3
                                                                                                                                              • Instruction ID: c235e8af4864aa2492a3e9253a8948da1b1d6369952aa228640533ef2e312267
                                                                                                                                              • Opcode Fuzzy Hash: b505409bb2b6c5c1b3c8618489fb579310ea6e957dc175e5bfb36aa969615ef3
                                                                                                                                              • Instruction Fuzzy Hash: 8211E570614608BFD701DF61CE529DEB7ACEB4A714BA144BBF804E3281DB785E14A668
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040CF3C, Relevance: 3.1, APIs: 2, Instructions: 55libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040CFF6,?,?,00000000), ref: 0040CF78
                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040CFF6,?,?,00000000), ref: 0040CFC9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileLibraryLoadModuleName
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1159719554-0
                                                                                                                                              • Opcode ID: 1f4e2380d52d609bd7b274542df80a10bff1a013fbbefc9b33ec8f5fc500ad21
                                                                                                                                              • Instruction ID: bcd7cfb62d12acf44e760b2cc37d5a9a6c3f2f2744d4c9653b1ef10c08e20f9b
                                                                                                                                              • Opcode Fuzzy Hash: 1f4e2380d52d609bd7b274542df80a10bff1a013fbbefc9b33ec8f5fc500ad21
                                                                                                                                              • Instruction Fuzzy Hash: 6311BF71A4020CEBDB20EF60CC86BDEB3B9DB44704F5145BAB408B32C1DA785F80CA99
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00589DC0, Relevance: 3.0, APIs: 2, Instructions: 50threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00589E12
                                                                                                                                              • EnumThreadWindows.USER32(00000000,00589D70,00000000), ref: 00589E18
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Thread$CurrentEnumWindows
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2396873506-0
                                                                                                                                              • Opcode ID: b3a765046ff80d7748bfbb59cf8be241bb4955e8173e64e0149b2d941b4e0cb4
                                                                                                                                              • Instruction ID: e7ef9ddf06f9b858c8a3b1d5f7bce01450b13bc54f0a25f27d3de93d88bbb4c9
                                                                                                                                              • Opcode Fuzzy Hash: b3a765046ff80d7748bfbb59cf8be241bb4955e8173e64e0149b2d941b4e0cb4
                                                                                                                                              • Instruction Fuzzy Hash: 2E11ADB4604744BFD301CF6AEC11A56BFEDF349B90F61896AE800D3760E7355A00DB10
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005EAAD0, Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • DeleteFileW.KERNEL32(00000000,00000000,005EAB2D,?,?,?), ref: 005EAB07
                                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,005EAB2D,?,?,?), ref: 005EAB0F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DeleteErrorFileLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2018770650-0
                                                                                                                                              • Opcode ID: f5fba9cab6aa84a388c53f1cbc659f1a60c6d8af3bc02bd995784b6f55aa62d7
                                                                                                                                              • Instruction ID: ffc8ed4bcda025316478e5cbd939d18a88f2640e5fdab513d7878b142f222996
                                                                                                                                              • Opcode Fuzzy Hash: f5fba9cab6aa84a388c53f1cbc659f1a60c6d8af3bc02bd995784b6f55aa62d7
                                                                                                                                              • Instruction Fuzzy Hash: 54F04C71E14348EFCB09DFB69C4189DBBECFB4831071149B7F804D3201EA746D108195
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005EAFDC, Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RemoveDirectoryW.KERNEL32(00000000,00000000,005EB039,?,?,00000000), ref: 005EB013
                                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,005EB039,?,?,00000000), ref: 005EB01B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DirectoryErrorLastRemove
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 377330604-0
                                                                                                                                              • Opcode ID: 5a1c694f2366649f8eda05fc410337f94306deaf59423e960bb57ae6aad3d38a
                                                                                                                                              • Instruction ID: 0b7a2b15ffe2abcf475324cc839f45690e9a3580a39a18e8e1c041eb8ff4c703
                                                                                                                                              • Opcode Fuzzy Hash: 5a1c694f2366649f8eda05fc410337f94306deaf59423e960bb57ae6aad3d38a
                                                                                                                                              • Instruction Fuzzy Hash: 28F04C71E14348AF9B04DFB69C4149EBBECFB483107114AB6F814D3201E7386E108195
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005EACA8, Relevance: 3.0, APIs: 2, Instructions: 41COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,00000000,005EAD07,?,?), ref: 005EACE1
                                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,005EAD07,?,?), ref: 005EACE9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesErrorFileLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1799206407-0
                                                                                                                                              • Opcode ID: 607383c6ee1db9f122a28f20762d92aa61b3e925c3765ea8706c5e21c73f8a2f
                                                                                                                                              • Instruction ID: 2bcfb0b4b9fc6de4a960201fdfb51b58833bb2325b11e856f059b74b0ae952ce
                                                                                                                                              • Opcode Fuzzy Hash: 607383c6ee1db9f122a28f20762d92aa61b3e925c3765ea8706c5e21c73f8a2f
                                                                                                                                              • Instruction Fuzzy Hash: 6FF04C31A04748AB8B04DFB69D414DDBBACFB4572076146B6F854D3682EB346D008595
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042858C, Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetErrorMode.KERNEL32(00008000,00000000), ref: 00428596
                                                                                                                                              • LoadLibraryW.KERNEL32(00000000,00000000,004285E0,?,00000000,004285FE,?,00008000,00000000), ref: 004285C5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLibraryLoadMode
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2987862817-0
                                                                                                                                              • Opcode ID: cccba409fd71758c450bdc09f3605f5ebb195000e755d01cef27cf6f2d1ab9ef
                                                                                                                                              • Instruction ID: d8c1249a74f8eb8d4a6cab5e522d58e6c818b0b883e37cc639c50bc57f8c311c
                                                                                                                                              • Opcode Fuzzy Hash: cccba409fd71758c450bdc09f3605f5ebb195000e755d01cef27cf6f2d1ab9ef
                                                                                                                                              • Instruction Fuzzy Hash: FBF08971614748BFDB015F769C5245E76ACE709B007524879F910D2651E97C5910C56C
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00596428, Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetWindowTextW.USER32(?,00000000), ref: 00596459
                                                                                                                                              • SetWindowTextW.USER32(?,00000000), ref: 0059646F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: TextWindow
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 530164218-0
                                                                                                                                              • Opcode ID: 7d4e02af8b1b92250300a7628deebae6766f2eb33fc13d234f738f330ad3a05b
                                                                                                                                              • Instruction ID: dfd7ec95108044f247ed4b8c4748db8ea2d21422d79635748dbe673102fc7b54
                                                                                                                                              • Opcode Fuzzy Hash: 7d4e02af8b1b92250300a7628deebae6766f2eb33fc13d234f738f330ad3a05b
                                                                                                                                              • Instruction Fuzzy Hash: 32F027743001001ADF01EA9985C0BEA2AA86F81714F0C40BBFD48DF247CBB85D4583AA
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0046DCB4, Relevance: 3.0, APIs: 2, Instructions: 16COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetWindowLongW.USER32(00000000,000000FC), ref: 0046DCBB
                                                                                                                                              • DestroyWindow.USER32(00000000,00000000,000000FC,?,?,005F3B72,006431F3,?,?,?,?,00643CC3), ref: 0046DCC3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$DestroyLong
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2871862000-0
                                                                                                                                              • Opcode ID: 9b92c83e8b74dff3ebadd6b7b51af9a67c5921d913e511263af9cecc5ecd8745
                                                                                                                                              • Instruction ID: 128f23eebebf85abcebc516856fa7b8b98620b9c6451190957c160702afb9a26
                                                                                                                                              • Opcode Fuzzy Hash: 9b92c83e8b74dff3ebadd6b7b51af9a67c5921d913e511263af9cecc5ecd8745
                                                                                                                                              • Instruction Fuzzy Hash: 79C01221F0A1342A5A1431AF1DC18EF008888062AA320036BBA11C62A2EA8D4E9192AE
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00458904, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindResourceW.KERNEL32(00000000,00000000,0000000A,?,108B0065,00000000,0045A24F,?,0045A170,00000000,0045A188,?,0000FFA2,00000000,00000000), ref: 00458926
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FindResource
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1635176832-0
                                                                                                                                              • Opcode ID: 957450498c7c92986245ba73e4c62c567596b919269b3a12c1135815b207fd4b
                                                                                                                                              • Instruction ID: 2054bb9ee86ab89efe65685d499d8ba7fafe260d6d241ecc3d442eecf814a2e7
                                                                                                                                              • Opcode Fuzzy Hash: 957450498c7c92986245ba73e4c62c567596b919269b3a12c1135815b207fd4b
                                                                                                                                              • Instruction Fuzzy Hash: C301F7B2304300AFE700EF2ADC82A2AB7ADDB89715711007EF900E7352DE799C059658
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040809C, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(00000000,004080EA,?,0064F000,00657B9C,?,?,004084ED,?,?,?,00408576,0040559F,004055E6,?,?), ref: 004080DA
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CallbackDispatcherUser
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2492992576-0
                                                                                                                                              • Opcode ID: 69e11a24f340328c18f2d9be56b44da271c48c2f71d82d3fcd94aacb92b41937
                                                                                                                                              • Instruction ID: 434d55dea42e4eb783923b6c6240ed25121136ceb7b774c695cbfae6dc9160ed
                                                                                                                                              • Opcode Fuzzy Hash: 69e11a24f340328c18f2d9be56b44da271c48c2f71d82d3fcd94aacb92b41937
                                                                                                                                              • Instruction Fuzzy Hash: 6EF090312097059FE3319F4AAA90A13BB9CFB58760767407FD844A77A1DE759804C968
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00420E98, Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateFileW.KERNEL32(00000000,C0000000,00000004,00000000,00000004,00000080,00000000,?,?,0043ED1C,0045F1F5,00000000,0045F2E0,?,?,0043ED1C), ref: 00420EE1
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateFile
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                              • Opcode ID: eaabb3df203c373a8592df7799a7129b6e26a3248832c594464aafe6c67633fb
                                                                                                                                              • Instruction ID: 703296ee242e387639998729ecd1f3e35793bc5fa2500fe458a8911f4cf5187d
                                                                                                                                              • Opcode Fuzzy Hash: eaabb3df203c373a8592df7799a7129b6e26a3248832c594464aafe6c67633fb
                                                                                                                                              • Instruction Fuzzy Hash: CBE048E3B1052467F720A99D9C81FAB5149C7427B9F0A0635FB50DB6D2C155DC0182E4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005A5138, Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FormatMessageW.KERNEL32(00003200,00000000,00000000,00000000,?,00000400,00000000,00000000,005AA012,00000000,005AA063,?,005AA244), ref: 005A5157
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FormatMessage
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1306739567-0
                                                                                                                                              • Opcode ID: 9c7c482907608852fe8e85e125f4b2bbb5839a1521eca50335b1b5e5ce463a28
                                                                                                                                              • Instruction ID: a123e14318d563f42caaf372b724bdc410a53afba582930a6e0b1a6c51a4f49c
                                                                                                                                              • Opcode Fuzzy Hash: 9c7c482907608852fe8e85e125f4b2bbb5839a1521eca50335b1b5e5ce463a28
                                                                                                                                              • Instruction Fuzzy Hash: ACE026B1B9470122F33421184C03F7E150AA7C1B00FA0823977C0CE3E6FAFA9855C2DA
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005A33C4, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,00000000,005A340A,?,00000000,00000000,?,005A345A,00000000,005EABED,00000000,005EAC0E,?,00000000,00000000,00000000), ref: 005A33ED
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesFile
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                              • Opcode ID: 13df66b590d957aecc8e8c87c02ec5921d55c772f7722981022eabdd423587e5
                                                                                                                                              • Instruction ID: 1eeb9f90e6c6e55c7de15b4faa6f0bfe43840e27ec70114c8276a947f11d9ef3
                                                                                                                                              • Opcode Fuzzy Hash: 13df66b590d957aecc8e8c87c02ec5921d55c772f7722981022eabdd423587e5
                                                                                                                                              • Instruction Fuzzy Hash: 1EE09231304304BFDB02EBB1CD9395DBBECE78AB04B914875F500E3642DAB86E00C558
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00636B07, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CoTaskMemFree.OLE32(?,00636B5A,?,00000000,00000000,?,0064208A,00000006,?,00000000,00642640,?,00000000,006426FF), ref: 00636B4D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeTask
                                                                                                                                              • String ID: @&d$COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                                                                                                              • API String ID: 734271698-2239561693
                                                                                                                                              • Opcode ID: 18bc00421fa6cfcf0cbf33a9db1819f0daec58b470e908140e56dbee04d9db5d
                                                                                                                                              • Instruction ID: 5ee7e681a15a115197332ba645bf67f34a57e6d4eb46640273edc69be4a22c5a
                                                                                                                                              • Opcode Fuzzy Hash: 18bc00421fa6cfcf0cbf33a9db1819f0daec58b470e908140e56dbee04d9db5d
                                                                                                                                              • Instruction Fuzzy Hash: BCE09275304700BEEB21CBA1DC12EA9B7A9E748B05F6284A1FA00E3680D674AD20DA24
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040BCB0, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,0000020A), ref: 0040BCCE
                                                                                                                                                • Part of subcall function 0040CF3C: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040CFF6,?,?,00000000), ref: 0040CF78
                                                                                                                                                • Part of subcall function 0040CF3C: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040CFF6,?,?,00000000), ref: 0040CFC9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileModuleName$LibraryLoad
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4113206344-0
                                                                                                                                              • Opcode ID: fb461025cbe681df2a143f1f7a0c40bf3d41b7aceca76d0f144364663fdcf8d6
                                                                                                                                              • Instruction ID: 1f5600aeeeef4e32b1f9c7225543f83e9437731e2d57e16c847b264f9fd5aaae
                                                                                                                                              • Opcode Fuzzy Hash: fb461025cbe681df2a143f1f7a0c40bf3d41b7aceca76d0f144364663fdcf8d6
                                                                                                                                              • Instruction Fuzzy Hash: 29E039B1A003109BDB10DF58C8C1A5737D8AB08714F004A6AAC24EF386D374CD1087D9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005A3460, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,?,005EAE21,00000000,005EAE3A,?,?,00000000), ref: 005A346B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesFile
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                              • Opcode ID: 6861d55d64d5a0217f3f67fa5b7210bc0a048e91bcfb9455ab5f252c750c6684
                                                                                                                                              • Instruction ID: 036bb60445a9c9df4261973b8ac3c9e38cc714fa3a176997cd4be329a7dae0da
                                                                                                                                              • Opcode Fuzzy Hash: 6861d55d64d5a0217f3f67fa5b7210bc0a048e91bcfb9455ab5f252c750c6684
                                                                                                                                              • Instruction Fuzzy Hash: 3CD012A125120005EF1599FE19CD75D09845B4A72CF140B6ABAA4E25E3E2399D926064
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005A3418, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,?,005AB833,00000000), ref: 005A3423
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesFile
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                              • Opcode ID: a09f4a230c5db3e9d5d71ed516ef819ae92c102d436925260b5ff468fb73bb5a
                                                                                                                                              • Instruction ID: 9c44455bda8900f520fc4d700dd04581e05575d4daccd84d3715ff71685678df
                                                                                                                                              • Opcode Fuzzy Hash: a09f4a230c5db3e9d5d71ed516ef819ae92c102d436925260b5ff468fb73bb5a
                                                                                                                                              • Instruction Fuzzy Hash: 37C08CB222124006AF14A9BD0CCE14E0288590A23C3A40ABAF428E32D3D23998622024
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00411FE4, Relevance: 1.5, APIs: 1, Instructions: 14synchronizationCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateMutexW.KERNEL32(?,00000001,00000000,?,006436CF,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,006439F3,?,?,00000000), ref: 00411FFA
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateMutex
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1964310414-0
                                                                                                                                              • Opcode ID: 21e0619b74412fae9514185c35c6bd95fbb7b52f213a822672066e7264c0ded7
                                                                                                                                              • Instruction ID: 17771853574b2dc6cb8315a9c587b9dce1d3e72867bd59f58d8409b472a021cf
                                                                                                                                              • Opcode Fuzzy Hash: 21e0619b74412fae9514185c35c6bd95fbb7b52f213a822672066e7264c0ded7
                                                                                                                                              • Instruction Fuzzy Hash: B1C01273150248AF8B00EEA9CC05D9B33DC5718609F008419F518C7110C239E5908B60
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004216E4, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(00000000,?,00642EFE,00000000,0064310B,?,?,00000005,00000000,00643144,?,?,00000000), ref: 004216EF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentDirectory
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1611563598-0
                                                                                                                                              • Opcode ID: b2424d4afce5e7595779a634ab0a0acb73743b12e1cfe20e88ecaf03756299e2
                                                                                                                                              • Instruction ID: ec86ccbe554637bc951493b6e1f1b2a766ebe528299fc0060909979810ac5e9e
                                                                                                                                              • Opcode Fuzzy Hash: b2424d4afce5e7595779a634ab0a0acb73743b12e1cfe20e88ecaf03756299e2
                                                                                                                                              • Instruction Fuzzy Hash: C2B092A27202409ADA0079BE0CC1A09008C9A0850A710083AB119D2103D46EC8540018
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0063752C, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FreeLibrary.KERNEL32(?,006431D0,00000000,006431DF,?,?,?,?,?,00643CC3), ref: 00637542
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3664257935-0
                                                                                                                                              • Opcode ID: 03ed8f92721c513f80bc751a3c45628b4b032f91b9907b38831a4b4a03f89218
                                                                                                                                              • Instruction ID: 2999c6b492917f162e79b1db4c67ac3da160f4504bd1cf53720f1ed43d8202d7
                                                                                                                                              • Opcode Fuzzy Hash: 03ed8f92721c513f80bc751a3c45628b4b032f91b9907b38831a4b4a03f89218
                                                                                                                                              • Instruction Fuzzy Hash: 64C002B0958B00AFE774EB79AC48B8136E6A708326F102829A105C3266EE748490EB00
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004285E7, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetErrorMode.KERNEL32(?,00428605), ref: 004285F8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorMode
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2340568224-0
                                                                                                                                              • Opcode ID: 61d6d1bf65d71f45c20624622cf15422850222f04e55705d506df7c62d71be57
                                                                                                                                              • Instruction ID: 6092b4e565faa912364368a0b53709fa88fee8673bc1ff4374f6ad419f503533
                                                                                                                                              • Opcode Fuzzy Hash: 61d6d1bf65d71f45c20624622cf15422850222f04e55705d506df7c62d71be57
                                                                                                                                              • Instruction Fuzzy Hash: 71B09B7670C2045DA70D9EE5751545C63D4E7C47143E1446BF510D2540DD7C5410451C
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040E8C4, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InfoSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 31276548-0
                                                                                                                                              • Opcode ID: 3c697633d840bb24647ac05e8ba59606fced48aa54a110b736518492aea7a936
                                                                                                                                              • Instruction ID: 47ab257af6e364695ea890f9b43c82e37ccfc4e8ddd737aab863078b62403aa0
                                                                                                                                              • Opcode Fuzzy Hash: 3c697633d840bb24647ac05e8ba59606fced48aa54a110b736518492aea7a936
                                                                                                                                              • Instruction Fuzzy Hash: 0DA012108084001AC404BB194C4340F39C45941514FC40264745CB56C2E61A866403DB
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0046DA64, Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,?,?,?,004F3827,004F5DA8,?,?,?,00000000,?,0058AE87), ref: 0046DA82
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                              • Opcode ID: 69608c35da323266a88174ba23825f890fd543474c3aa200817881a38e89cd5f
                                                                                                                                              • Instruction ID: 04955fb74af14217ff167fdbe149b84110ccfd463c8290406e1278a593ec6975
                                                                                                                                              • Opcode Fuzzy Hash: 69608c35da323266a88174ba23825f890fd543474c3aa200817881a38e89cd5f
                                                                                                                                              • Instruction Fuzzy Hash: 9F114874A087159BC710DF5AC881B82FBE5EF48350F10C53AE9598B385E374E805CBAA
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00403C6C, Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,000001A3,00404283,000000FF,00404828,00000000,0040D8EF,00000000,0040DDFD,00000000,0040E0BF,00000000), ref: 00403C83
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                              • Opcode ID: 51ac886e1e83838c8b9ee289be8911c4b8e88b2741cbd5baf9ae164a04828aa8
                                                                                                                                              • Instruction ID: 79ccbc5e9370f0309e1745d71c9ee528bf438e40847fc7af751ef40f5eac90af
                                                                                                                                              • Opcode Fuzzy Hash: 51ac886e1e83838c8b9ee289be8911c4b8e88b2741cbd5baf9ae164a04828aa8
                                                                                                                                              • Instruction Fuzzy Hash: 68F08CF2B003114FE714DF789D987027BE6BB04356F11427EE90AEB794D7B098018784
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 0060DBC8, Relevance: 40.4, APIs: 11, Strings: 12, Instructions: 187pipeprocessfileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetTickCount.KERNEL32 ref: 0060DC30
                                                                                                                                              • QueryPerformanceCounter.KERNEL32(00000000,00000000,0060DEC3,?,?,00000000,00000000,?,0060E8C2,?,00000000,00000000), ref: 0060DC39
                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(00000000,00000000,00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 0060DC43
                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00000000,00000000,0060DEC3,?,?,00000000,00000000,?,0060E8C2,?,00000000,00000000), ref: 0060DC4C
                                                                                                                                              • CreateNamedPipeW.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 0060DCC2
                                                                                                                                              • GetLastError.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 0060DCD0
                                                                                                                                              • CreateFileW.KERNEL32(00000000,C0000000,00000000,00653F74,00000003,00000000,00000000,00000000,0060DE7F,?,00000000,40080003,00000006,00000001,00002000,00002000), ref: 0060DD18
                                                                                                                                              • SetNamedPipeHandleState.KERNEL32(000000FF,00000002,00000000,00000000,00000000,0060DE6E,?,00000000,C0000000,00000000,00653F74,00000003,00000000,00000000,00000000,0060DE7F), ref: 0060DD51
                                                                                                                                                • Part of subcall function 005A4018: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005A402B
                                                                                                                                              • CreateProcessW.KERNEL32 ref: 0060DDFA
                                                                                                                                              • CloseHandle.KERNEL32(?,00000000,00000000,?,00000000,00000000,000000FF,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000), ref: 0060DE30
                                                                                                                                              • CloseHandle.KERNEL32(000000FF,0060DE75,?,00000000,00000000,000000FF,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 0060DE68
                                                                                                                                                • Part of subcall function 005EB7F4: GetLastError.KERNEL32(00000000,005EC50A,00000005,00000000,005EC532,?,?,0065B16C,?,00000000,00000000,00000000,?,00643607,00000000,00643622), ref: 005EB7F7
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateHandle$CloseErrorFileLastNamedPipeProcessSystemTime$CountCounterCurrentDirectoryPerformanceQueryStateTick
                                                                                                                                              • String ID: 64-bit helper EXE wasn't extracted$Cannot utilize 64-bit features on this version of Windows$CreateFile$CreateNamedPipe$CreateProcess$D$Helper process PID: %u$SetNamedPipeHandleState$Starting 64-bit helper process.$\\.\pipe\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x$helper %d 0x%x$i
                                                                                                                                              • API String ID: 770386003-3271284199
                                                                                                                                              • Opcode ID: 1567ea8ad72bbf2b3879cf6de52fa226540745d228f8f1250339dc390fee7a99
                                                                                                                                              • Instruction ID: 187a149884b31458f99981907c30474831c00f0d8500e97742374e4898c52bbb
                                                                                                                                              • Opcode Fuzzy Hash: 1567ea8ad72bbf2b3879cf6de52fa226540745d228f8f1250339dc390fee7a99
                                                                                                                                              • Instruction Fuzzy Hash: ED718F70A403589EEB24DFA9CC45B9FBBF9AF09704F1045A9F508EB2C2D7B49940CB65
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00630904, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 93COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00630720: GetModuleHandleW.KERNEL32(kernel32.dll,GetFinalPathNameByHandleW), ref: 0063074C
                                                                                                                                                • Part of subcall function 00630720: GetFileAttributesW.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 00630765
                                                                                                                                                • Part of subcall function 00630720: CreateFileW.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 0063078F
                                                                                                                                                • Part of subcall function 00630720: CloseHandle.KERNEL32(00000000), ref: 006307AD
                                                                                                                                                • Part of subcall function 00630830: GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,006308C1,?,00000097,?,?,0063093B,00000000,00630A53,?,?,00000001), ref: 0063085F
                                                                                                                                              • ShellExecuteExW.SHELL32(0000003C), ref: 0063098B
                                                                                                                                              • GetLastError.KERNEL32(0000003C,00000000,00630A53,?,?,00000001), ref: 00630994
                                                                                                                                              • MsgWaitForMultipleObjects.USER32 ref: 006309E1
                                                                                                                                              • GetExitCodeProcess.KERNEL32 ref: 00630A07
                                                                                                                                              • CloseHandle.KERNEL32(00000000,00630A38,00000000,00000000,000000FF,000004FF,00000000,00630A31,?,0000003C,00000000,00630A53,?,?,00000001), ref: 00630A2B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Handle$CloseFile$AttributesCodeCreateCurrentDirectoryErrorExecuteExitLastModuleMultipleObjectsProcessShellWait
                                                                                                                                              • String ID: <$GetExitCodeProcess$MsgWaitForMultipleObjects$ShellExecuteEx$ShellExecuteEx returned hProcess=0$runas
                                                                                                                                              • API String ID: 254331816-221126205
                                                                                                                                              • Opcode ID: c0f1d12c97d4ba8331f56f08f8ab753618716390bab56625502d8731d4a5c945
                                                                                                                                              • Instruction ID: 78221f82e92dc6c0d99be36522eacc4be13d37e4818336bb4f5c3f530f69a9dc
                                                                                                                                              • Opcode Fuzzy Hash: c0f1d12c97d4ba8331f56f08f8ab753618716390bab56625502d8731d4a5c945
                                                                                                                                              • Instruction Fuzzy Hash: 98317270A00208AFFB50EFE9D861ADEBABAFF48714F50443AF514E7282D7748944CB95
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040C630, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,0041AE38,?,?), ref: 0040C64D
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 0040C65E
                                                                                                                                              • FindFirstFileW.KERNEL32(?,?,kernel32.dll,0041AE38,?,?), ref: 0040C75E
                                                                                                                                              • FindClose.KERNEL32(?,?,?,kernel32.dll,0041AE38,?,?), ref: 0040C770
                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,?,kernel32.dll,0041AE38,?,?), ref: 0040C77C
                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,?,?,kernel32.dll,0041AE38,?,?), ref: 0040C7C1
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                                                              • String ID: GetLongPathNameW$\$kernel32.dll
                                                                                                                                              • API String ID: 1930782624-3908791685
                                                                                                                                              • Opcode ID: 4773db546d1690116369375d742ab2497b584d83e0c4ddfbfa3afb5929d1cbd5
                                                                                                                                              • Instruction ID: 39d58d8c64e7cc71e6dd469938ce122afd0884a6e0bc7c1439aad5226bf35ab4
                                                                                                                                              • Opcode Fuzzy Hash: 4773db546d1690116369375d742ab2497b584d83e0c4ddfbfa3afb5929d1cbd5
                                                                                                                                              • Instruction Fuzzy Hash: 98418172A00619DBCB10EBA4C8C5ADEB3B9AB44314F1486BAE505F72C1E7789E45CE49
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 006310CC, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 159windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • IsIconic.USER32 ref: 00631121
                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0063113E
                                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 00631163
                                                                                                                                                • Part of subcall function 00589E80: IsWindow.USER32(?), ref: 00589E8E
                                                                                                                                                • Part of subcall function 00589E80: EnableWindow.USER32(?,000000FF), ref: 00589E9D
                                                                                                                                              • GetActiveWindow.USER32 ref: 0063122F
                                                                                                                                              • SetActiveWindow.USER32(00000005,00631297,006312AD,?,?,000000EC,?,000000F0,?,00000000,?,00000000), ref: 00631280
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$ActiveLong$EnableIconic
                                                                                                                                              • String ID: `$hhR
                                                                                                                                              • API String ID: 4222481217-516289494
                                                                                                                                              • Opcode ID: 8772461b16c12eb22764d9a3ed67b61a9672de2721ff07c8fe5045664fd62126
                                                                                                                                              • Instruction ID: 022266b6d9a05591d458c6aeb7dd7be0aad5a18db784bb486b81531c830e1fa3
                                                                                                                                              • Opcode Fuzzy Hash: 8772461b16c12eb22764d9a3ed67b61a9672de2721ff07c8fe5045664fd62126
                                                                                                                                              • Instruction Fuzzy Hash: 17514774A043489FDB00DFA9D884ADEBBF6FB4A314F154169F914EB361DB34A981CB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005EDCC4, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42shutdownCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028), ref: 005EDCD4
                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 005EDCDA
                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 005EDCF3
                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 005EDD1A
                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 005EDD1F
                                                                                                                                              • ExitWindowsEx.USER32(00000002,00000000), ref: 005EDD30
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                                              • String ID: SeShutdownPrivilege
                                                                                                                                              • API String ID: 107509674-3733053543
                                                                                                                                              • Opcode ID: f7016a65b10f6e8908a94aeecc6df9d3bbb80576d95540169103823156bbe953
                                                                                                                                              • Instruction ID: f74baa1d674e0612d61dce8a45388a7a6b1513911d55653863c07ea95806a116
                                                                                                                                              • Opcode Fuzzy Hash: f7016a65b10f6e8908a94aeecc6df9d3bbb80576d95540169103823156bbe953
                                                                                                                                              • Instruction Fuzzy Hash: DDF0967034438175E614A7B78E07FAB29ACBB45B48F500C19FA85DA0D2D7E9D8448236
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 006432DC, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000000,00643419,?,0065B16C,?,?,006435CE,00000000,00643622,?,00000000,00000000,00000000), ref: 0064332D
                                                                                                                                              • SetFileAttributesW.KERNEL32(00000000,00000010), ref: 006433B0
                                                                                                                                              • FindNextFileW.KERNEL32(000000FF,?,00000000,006433EC,?,00000000,?,00000000,00643419,?,0065B16C,?,?,006435CE,00000000,00643622), ref: 006433C8
                                                                                                                                              • FindClose.KERNEL32(000000FF,006433F3,006433EC,?,00000000,?,00000000,00643419,?,0065B16C,?,?,006435CE,00000000,00643622), ref: 006433E6
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileFind$AttributesCloseFirstNext
                                                                                                                                              • String ID: isRS-$isRS-???.tmp
                                                                                                                                              • API String ID: 134685335-3422211394
                                                                                                                                              • Opcode ID: 7a7b796717df1a52059b7ad62de252e99c23a277e8418aea9fdcd84b84ec265b
                                                                                                                                              • Instruction ID: 6fc0356962574d8b8d88b2f0cca2d81031866045f2f08b922cccc5d61f7c013c
                                                                                                                                              • Opcode Fuzzy Hash: 7a7b796717df1a52059b7ad62de252e99c23a277e8418aea9fdcd84b84ec265b
                                                                                                                                              • Instruction Fuzzy Hash: C431B430A006689FDB11EF65CC85ADEB7F9EB88304F5145BAE904E3392DA789F40CE54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005A5C70, Relevance: 9.1, APIs: 6, Instructions: 98windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • IsIconic.USER32 ref: 005A5CB5
                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 005A5CD2
                                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 005A5CF7
                                                                                                                                              • GetActiveWindow.USER32 ref: 005A5D05
                                                                                                                                              • MessageBoxW.USER32(00000000,00000000,?,-0000002D), ref: 005A5D32
                                                                                                                                              • SetActiveWindow.USER32(?,005A5D60,-0000002D,00000000,005A5D59,?,?,000000EC,?,000000F0,?,00000000,005A5D96,?,?,00000000), ref: 005A5D53
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$ActiveLong$IconicMessage
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1633107849-0
                                                                                                                                              • Opcode ID: 8d660194da5c4d9076ea257e4421d7419cc145321d54d97418ccddce74176f11
                                                                                                                                              • Instruction ID: 0542b22c6adf4e2176714885d7e7c8910606464b04ea2131dce4164a82c4f16f
                                                                                                                                              • Opcode Fuzzy Hash: 8d660194da5c4d9076ea257e4421d7419cc145321d54d97418ccddce74176f11
                                                                                                                                              • Instruction Fuzzy Hash: 14319E34A04704AFEB10EFA9D956EAD7BE9FB4A314F5544A5F400D7361EB34AE40DB10
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005A56F8, Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • InitializeSecurityDescriptor.ADVAPI32(00000001,00000001), ref: 005A5705
                                                                                                                                              • SetSecurityDescriptorDacl.ADVAPI32(00000000,000000FF,00000000,00000000,00000001,00000001), ref: 005A5715
                                                                                                                                                • Part of subcall function 00411FE4: CreateMutexW.KERNEL32(?,00000001,00000000,?,006436CF,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,006439F3,?,?,00000000), ref: 00411FFA
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DescriptorSecurity$CreateDaclInitializeMutex
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3525989157-0
                                                                                                                                              • Opcode ID: 338bbfb3b82640dc99afb7d6d67cf4362c71fe66854db9ba600efdc491af1be7
                                                                                                                                              • Instruction ID: dc41c1bf403f01e50fcf204102a3f95e2db8d65bb8f23d2a9785caaf8e82bb17
                                                                                                                                              • Opcode Fuzzy Hash: 338bbfb3b82640dc99afb7d6d67cf4362c71fe66854db9ba600efdc491af1be7
                                                                                                                                              • Instruction Fuzzy Hash: 9AE065B16443006FE600DFB58C82F8B73DC9B44714F10492EB764D71D1E778D549879A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00643630, Relevance: 23.0, APIs: 6, Strings: 7, Instructions: 260COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ShowWindow.USER32(?,00000005,00000000,006439F3,?,?,00000000,?,00000000,00000000,?,00643ED6,00000000,00643EE0,?,00000000), ref: 006436B7
                                                                                                                                              • ShowWindow.USER32(?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,006439F3,?,?,00000000,?,00000000,00000000), ref: 006436DD
                                                                                                                                              • MsgWaitForMultipleObjects.USER32 ref: 006436FE
                                                                                                                                              • ShowWindow.USER32(?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,006439F3,?,?,00000000,?,00000000), ref: 00643713
                                                                                                                                                • Part of subcall function 005A3B6C: GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,005A3C01,?,?,?,00000001,?,005EE95A,00000000,005EE9C5), ref: 005A3BA1
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ShowWindow$FileModuleMultipleNameObjectsWait
                                                                                                                                              • String ID: $d$.lst$.msg$/REG$/REGU$Inno-Setup-RegSvr-Mutex$Setup
                                                                                                                                              • API String ID: 66301061-1783793058
                                                                                                                                              • Opcode ID: 081dd89b357057b5f57db49a609224fea7f1b38868f26172df7c6823ffcd0efe
                                                                                                                                              • Instruction ID: 467bf6307dcb1aacc8187658bf909bd157037cd79c1e79cc72cc10a6a321114d
                                                                                                                                              • Opcode Fuzzy Hash: 081dd89b357057b5f57db49a609224fea7f1b38868f26172df7c6823ffcd0efe
                                                                                                                                              • Instruction Fuzzy Hash: B391F330A04215AFDB01EFA4C856BEEBBFAFB49704F514465F500A7791DBB8AE40CB54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00611310, Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 214COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetLastError.KERNEL32(00000000,006115D2,?,?,?,?,00000005,00000000,00000000,?,?,006129AD,00000000,00000000,?,00000000), ref: 00611486
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLast
                                                                                                                                              • String ID: .chm$.chw$.fts$.gid$.hlp$.lnk$Deleting file: %s$Failed to delete the file; it may be in use (%d).$Failed to strip read-only attribute.$Stripped read-only attribute.$The file appears to be in use (%d). Will delete on restart.
                                                                                                                                              • API String ID: 1452528299-3112430753
                                                                                                                                              • Opcode ID: 509f76d148039ffc589d050d4605c9ba23dacce4c99ee9def4dcf2a7bfedefb4
                                                                                                                                              • Instruction ID: 8faee5d4f884b8aba943ff73aa128e8f28bcd713832bfb610c1d1380322a042d
                                                                                                                                              • Opcode Fuzzy Hash: 509f76d148039ffc589d050d4605c9ba23dacce4c99ee9def4dcf2a7bfedefb4
                                                                                                                                              • Instruction Fuzzy Hash: 1771F270B002459BDB05EB68C846BEE7BB6AF8A700F184429F611EF385CA74DD86C765
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005ECE34, Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 253registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 005A45D0: RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,005A4CAA,?,00000000,?,005A4C4A,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005A4CAA), ref: 005A45EC
                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,?,00000000,005ED0D2,?,?,00000003,00000000,00000000,005ED116), ref: 005ECF51
                                                                                                                                                • Part of subcall function 005A5138: FormatMessageW.KERNEL32(00003200,00000000,00000000,00000000,?,00000400,00000000,00000000,005AA012,00000000,005AA063,?,005AA244), ref: 005A5157
                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,00000004,00000000,005ED010,?,?,00000000,00000000,?,00000000,?,00000000), ref: 005ECFD2
                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,00000004,00000000,005ED010,?,?,00000000,00000000,?,00000000,?,00000000), ref: 005ECFF9
                                                                                                                                              Strings
                                                                                                                                              • RegOpenKeyEx, xrefs: 005ECECD
                                                                                                                                              • , xrefs: 005ECEC4
                                                                                                                                              • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 005ECE71
                                                                                                                                              • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 005ECEAA
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: QueryValue$FormatMessageOpen
                                                                                                                                              • String ID: $RegOpenKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                                                                                                                              • API String ID: 2812809588-1577016196
                                                                                                                                              • Opcode ID: 19ab9deef80015909d1ad2575bc85ed9401fb5b70202c68c959afe4f8808b01f
                                                                                                                                              • Instruction ID: a1f33033d9793dba44c65b3592851c675cbefc66daf4e53517fda3ba1bb7d4ee
                                                                                                                                              • Opcode Fuzzy Hash: 19ab9deef80015909d1ad2575bc85ed9401fb5b70202c68c959afe4f8808b01f
                                                                                                                                              • Instruction Fuzzy Hash: 89916171A04249AFDB04DFE6C886BEEBBB9FB48304F54442AF540F7241E774A946CB64
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0060F510, Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 162registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,0060F719,?,0060F210,?,00000000,00000000,00000000,?,?,0060F984,00000000), ref: 0060F5BD
                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,0060F719,?,0060F210,?,00000000,00000000,00000000,?,?,0060F984,00000000), ref: 0060F627
                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,00000001,00000000,00000000,0060F719,?,0060F210,?,00000000,00000000,00000000,?), ref: 0060F68E
                                                                                                                                              Strings
                                                                                                                                              • SOFTWARE\Microsoft\.NETFramework\Policy\v2.0, xrefs: 0060F5DD
                                                                                                                                              • v4.0.30319, xrefs: 0060F5AF
                                                                                                                                              • .NET Framework not found, xrefs: 0060F6DA
                                                                                                                                              • SOFTWARE\Microsoft\.NETFramework\Policy\v4.0, xrefs: 0060F573
                                                                                                                                              • v2.0.50727, xrefs: 0060F619
                                                                                                                                              • v1.1.4322, xrefs: 0060F680
                                                                                                                                              • SOFTWARE\Microsoft\.NETFramework\Policy\v1.1, xrefs: 0060F644
                                                                                                                                              • .NET Framework version %s not found, xrefs: 0060F6C6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Close
                                                                                                                                              • String ID: .NET Framework not found$.NET Framework version %s not found$SOFTWARE\Microsoft\.NETFramework\Policy\v1.1$SOFTWARE\Microsoft\.NETFramework\Policy\v2.0$SOFTWARE\Microsoft\.NETFramework\Policy\v4.0$v1.1.4322$v2.0.50727$v4.0.30319
                                                                                                                                              • API String ID: 3535843008-446240816
                                                                                                                                              • Opcode ID: 6b762293b711dbf779a857e8de74ca8513c35244e984b237b4b0cf7bdec3ed09
                                                                                                                                              • Instruction ID: 28b434d22a29c6d8d64de786922a8188b8c3090d9bfb8c7be0c9fc8b56e30698
                                                                                                                                              • Opcode Fuzzy Hash: 6b762293b711dbf779a857e8de74ca8513c35244e984b237b4b0cf7bdec3ed09
                                                                                                                                              • Instruction Fuzzy Hash: 2E51F435A442495BCF28DBA4D861BFE7BBBEF85304F14007AE500977D1DB3AAA058B61
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0060E188, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 70sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0060E1BF
                                                                                                                                              • TerminateProcess.KERNEL32(?,00000001,?,00002710,?), ref: 0060E1DB
                                                                                                                                              • WaitForSingleObject.KERNEL32(?,00002710,?), ref: 0060E1E9
                                                                                                                                              • GetExitCodeProcess.KERNEL32 ref: 0060E1FA
                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 0060E241
                                                                                                                                              • Sleep.KERNEL32(000000FA,?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 0060E25D
                                                                                                                                              Strings
                                                                                                                                              • Helper process exited with failure code: 0x%x, xrefs: 0060E227
                                                                                                                                              • Helper process exited, but failed to get exit code., xrefs: 0060E233
                                                                                                                                              • Helper process exited., xrefs: 0060E209
                                                                                                                                              • Helper isn't responding; killing it., xrefs: 0060E1CB
                                                                                                                                              • Stopping 64-bit helper process. (PID: %u), xrefs: 0060E1B1
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseHandleProcess$CodeExitObjectSingleSleepTerminateWait
                                                                                                                                              • String ID: Helper isn't responding; killing it.$Helper process exited with failure code: 0x%x$Helper process exited, but failed to get exit code.$Helper process exited.$Stopping 64-bit helper process. (PID: %u)
                                                                                                                                              • API String ID: 3355656108-1243109208
                                                                                                                                              • Opcode ID: ff370f664702defb8037e029df3e3c721e667890612a0c72b4b06b38a3045b7d
                                                                                                                                              • Instruction ID: 857b4deb0de3ffd748ab72efe3bc0ce6f9b978e4ecceb38cb2f962007e8b666b
                                                                                                                                              • Opcode Fuzzy Hash: ff370f664702defb8037e029df3e3c721e667890612a0c72b4b06b38a3045b7d
                                                                                                                                              • Instruction Fuzzy Hash: A42192706893119AD728EB7DC44579BBBD9AF49304F008D2DF1D9C7291D77AE9808B22
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00641930, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 145fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 005EBD18: CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,$d,?,00000000,005EBE53), ref: 005EBE03
                                                                                                                                                • Part of subcall function 005EBD18: CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,$d,?,00000000,005EBE53), ref: 005EBE13
                                                                                                                                              • CopyFileW.KERNEL32(00000000,00000000,00000000,00000000,00641B1E), ref: 006419B3
                                                                                                                                              • SetFileAttributesW.KERNEL32(00000000,00000080,00000000,00000000,00000000,00000000,00641B1E), ref: 006419DA
                                                                                                                                              • SetWindowLongW.USER32 ref: 00641A14
                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00641AE7,?,?,000000FC,0064102C,00000000,?,00000000), ref: 00641A49
                                                                                                                                              • MsgWaitForMultipleObjects.USER32 ref: 00641ABD
                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00641AE7,?,?,000000FC,0064102C,00000000), ref: 00641ACB
                                                                                                                                                • Part of subcall function 005EC210: WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,00000000), ref: 005EC2F6
                                                                                                                                              • DestroyWindow.USER32(?,00641AEE,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00641AE7,?,?,000000FC,0064102C,00000000,?), ref: 00641AE1
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileWindow$CloseHandle$AttributesCopyCreateDestroyLongMultipleObjectsPrivateProfileStringWaitWrite
                                                                                                                                              • String ID: /SECONDPHASE="%s" /FIRSTPHASEWND=$%x $STATIC
                                                                                                                                              • API String ID: 1779715363-2312673372
                                                                                                                                              • Opcode ID: 3598029be66277e843e09a28516d9fa59fdc6e267aef605533c02d004b7e4b5d
                                                                                                                                              • Instruction ID: 895639ef458f567a05b66a01c45c162b912230926c3a3269d21beb042966928c
                                                                                                                                              • Opcode Fuzzy Hash: 3598029be66277e843e09a28516d9fa59fdc6e267aef605533c02d004b7e4b5d
                                                                                                                                              • Instruction Fuzzy Hash: 7A416F70A10308AFDB00EFB5CD52ADEBBF9EB49714F114466F500EB291EB749E408B64
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00596DA4, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 132windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00598324: GetActiveWindow.USER32 ref: 0059834B
                                                                                                                                                • Part of subcall function 00598324: GetLastActivePopup.USER32(?), ref: 00598360
                                                                                                                                              • MonitorFromWindow.USER32(00000000,00000002), ref: 00596DDD
                                                                                                                                              • MonitorFromWindow.USER32(?,00000002), ref: 00596DF1
                                                                                                                                              • GetMonitorInfoW.USER32 ref: 00596E10
                                                                                                                                              • GetWindowRect.USER32 ref: 00596E23
                                                                                                                                              • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,?,?,00000000,00000028,?,00000002,?,?,00000000), ref: 00596E5E
                                                                                                                                              • MessageBoxW.USER32(00000000,00000000,?,?), ref: 00596E9D
                                                                                                                                              • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,00596F16,?,00000002,?,?,00000000), ref: 00596EF0
                                                                                                                                                • Part of subcall function 00589E80: IsWindow.USER32(?), ref: 00589E8E
                                                                                                                                                • Part of subcall function 00589E80: EnableWindow.USER32(?,000000FF), ref: 00589E9D
                                                                                                                                              • SetActiveWindow.USER32(00000000,00596F16,?,00000002,?,?,00000000), ref: 00596F01
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$ActiveMonitor$From$EnableInfoLastMessagePopupRect
                                                                                                                                              • String ID: (
                                                                                                                                              • API String ID: 2800294577-3887548279
                                                                                                                                              • Opcode ID: 92ec877dac6b82183d2ef5ee36d7d0367d3310938a94fbf1252f474d22f3a988
                                                                                                                                              • Instruction ID: da4af973718cb3820a7ad799125adf5ce155cfa639817cddc6b5933b9e0e70d2
                                                                                                                                              • Opcode Fuzzy Hash: 92ec877dac6b82183d2ef5ee36d7d0367d3310938a94fbf1252f474d22f3a988
                                                                                                                                              • Instruction Fuzzy Hash: 64410875E00209AFDF04EBA8DD96FEEBBB9FB48300F544469F500AB395DA74AD408B54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0060E438, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 124pipeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateEventW.KERNEL32(00000000,000000FF,00000000,00000000,00000000,0060E61B,?,00000000,0060E676,?,?,00000000,00000000), ref: 0060E495
                                                                                                                                              • TransactNamedPipe.KERNEL32(?,-00000020,0000000C,-00004034,00000014,00000000,?,00000000,0060E5B0,?,00000000,000000FF,00000000,00000000,00000000,0060E61B), ref: 0060E4F2
                                                                                                                                              • GetLastError.KERNEL32(?,-00000020,0000000C,-00004034,00000014,00000000,?,00000000,0060E5B0,?,00000000,000000FF,00000000,00000000,00000000,0060E61B), ref: 0060E4FF
                                                                                                                                              • MsgWaitForMultipleObjects.USER32 ref: 0060E54B
                                                                                                                                              • GetOverlappedResult.KERNEL32(?,?,00000000,000000FF,0060E589,00000000,00000000), ref: 0060E575
                                                                                                                                              • GetLastError.KERNEL32(?,?,00000000,000000FF,0060E589,00000000,00000000), ref: 0060E57C
                                                                                                                                                • Part of subcall function 005EB7F4: GetLastError.KERNEL32(00000000,005EC50A,00000005,00000000,005EC532,?,?,0065B16C,?,00000000,00000000,00000000,?,00643607,00000000,00643622), ref: 005EB7F7
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLast$CreateEventMultipleNamedObjectsOverlappedPipeResultTransactWait
                                                                                                                                              • String ID: CreateEvent$TransactNamedPipe
                                                                                                                                              • API String ID: 2182916169-3012584893
                                                                                                                                              • Opcode ID: dc7b6e77a86e70c63f29f301c5ffda3007ef85e8afe54e13ba6aa78c8ae47a3d
                                                                                                                                              • Instruction ID: dc79bd4df2400b33a79c681381530d1d6e59f7677837c9fa3d6c408474f1684d
                                                                                                                                              • Opcode Fuzzy Hash: dc7b6e77a86e70c63f29f301c5ffda3007ef85e8afe54e13ba6aa78c8ae47a3d
                                                                                                                                              • Instruction Fuzzy Hash: 7B41BD70A40208AFDB1ACF99CD81EDEBBF9FB08314F1049A5F914E72D1D6769A40CB24
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005A4BB0, Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 82registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,005A4CAA,?,00000000), ref: 005A4BD7
                                                                                                                                                • Part of subcall function 00412174: GetProcAddress.KERNEL32(?,?), ref: 0041219E
                                                                                                                                              • RegCloseKey.ADVAPI32(00000001,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005A4CAA,?,00000000), ref: 005A4C2A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressCloseHandleModuleProc
                                                                                                                                              • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$^^$kernel32.dll
                                                                                                                                              • API String ID: 4190037839-1194474373
                                                                                                                                              • Opcode ID: 4325d15fdcd3786ff46247a7ee4f8ea2d04949ff79a06b2935790b10cd88f404
                                                                                                                                              • Instruction ID: 1a2353631b31a3b54d51283cb2431d75854bccc3dbb6308f1213f57afb482a02
                                                                                                                                              • Opcode Fuzzy Hash: 4325d15fdcd3786ff46247a7ee4f8ea2d04949ff79a06b2935790b10cd88f404
                                                                                                                                              • Instruction Fuzzy Hash: 3F215130A40205ABCB10EBE5CD56B9EBBE9BBCA714F504475A504E3281EBF49E408E14
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040C4EC, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • EnterCriticalSection.KERNEL32(00657C14,00000000,0040C5F0,?,?,?,00000000,?,0040CED0,00000000,0040CF2F,?,?,00000000,00000000,00000000), ref: 0040C50A
                                                                                                                                              • LeaveCriticalSection.KERNEL32(00657C14,00657C14,00000000,0040C5F0,?,?,?,00000000,?,0040CED0,00000000,0040CF2F,?,?,00000000,00000000), ref: 0040C52E
                                                                                                                                              • LeaveCriticalSection.KERNEL32(00657C14,00657C14,00000000,0040C5F0,?,?,?,00000000,?,0040CED0,00000000,0040CF2F,?,?,00000000,00000000), ref: 0040C53D
                                                                                                                                              • IsValidLocale.KERNEL32(00000000,00000002,00657C14,00657C14,00000000,0040C5F0,?,?,?,00000000,?,0040CED0,00000000,0040CF2F), ref: 0040C54F
                                                                                                                                              • EnterCriticalSection.KERNEL32(00657C14,00000000,00000002,00657C14,00657C14,00000000,0040C5F0,?,?,?,00000000,?,0040CED0,00000000,0040CF2F), ref: 0040C5AC
                                                                                                                                              • LeaveCriticalSection.KERNEL32(00657C14,00657C14,00000000,00000002,00657C14,00657C14,00000000,0040C5F0,?,?,?,00000000,?,0040CED0,00000000,0040CF2F), ref: 0040C5D5
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$Leave$Enter$LocaleValid
                                                                                                                                              • String ID: en-US,en,
                                                                                                                                              • API String ID: 975949045-3579323720
                                                                                                                                              • Opcode ID: 5de1265ca47540a5018582fafede9fdf0c28b1028595cd6eec0a472766af342b
                                                                                                                                              • Instruction ID: 7e1ad84128bfc5ca0d279aef15f9f7b6f43e937d636b3af6c2a96d6c25be7cc7
                                                                                                                                              • Opcode Fuzzy Hash: 5de1265ca47540a5018582fafede9fdf0c28b1028595cd6eec0a472766af342b
                                                                                                                                              • Instruction Fuzzy Hash: C021ABA4304310FED710BB7A5C4261E369A9B89B05F60497FB440B72C2DE7C9E4187AF
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0060CB78, Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 90COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleW.KERNEL32(OLEAUT32.DLL,UnRegisterTypeLib,00000000,0060CC92,?,?,?,00000000,00000000,00000000,00000000,00000000,?,00611C85,00000000,00611C99), ref: 0060CB9E
                                                                                                                                                • Part of subcall function 00412174: GetProcAddress.KERNEL32(?,?), ref: 0041219E
                                                                                                                                              • LoadTypeLib.OLEAUT32(00000000,00000000), ref: 0060CBE2
                                                                                                                                                • Part of subcall function 005EB7F4: GetLastError.KERNEL32(00000000,005EC50A,00000005,00000000,005EC532,?,?,0065B16C,?,00000000,00000000,00000000,?,00643607,00000000,00643622), ref: 005EB7F7
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressErrorHandleLastLoadModuleProcType
                                                                                                                                              • String ID: GetProcAddress$ITypeLib::GetLibAttr$LoadTypeLib$OLEAUT32.DLL$UnRegisterTypeLib$UnRegisterTypeLib
                                                                                                                                              • API String ID: 1914119943-2711329623
                                                                                                                                              • Opcode ID: d505d35ae84668d2060168666799f526fa0a5e1734cd5a19b6416c6307148d18
                                                                                                                                              • Instruction ID: d96cc5bba654a5e9acf46cf581b59ae81e93d53e742e5343fc5fd8db0f92027b
                                                                                                                                              • Opcode Fuzzy Hash: d505d35ae84668d2060168666799f526fa0a5e1734cd5a19b6416c6307148d18
                                                                                                                                              • Instruction Fuzzy Hash: A22180B16405456FEB18EFAACC46C6B7BAEEF89B5071186A5F404D3391EA74DD01C720
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0060D01C, Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 124COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 005A4018: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005A402B
                                                                                                                                              • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,0060D1CC,00000000, /s ",0065B16C,regsvr32.exe",?,0060D1CC), ref: 0060D13A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseDirectoryHandleSystem
                                                                                                                                              • String ID: /s "$ /u$0x%x$CreateProcess$D$Spawning 32-bit RegSvr32: $Spawning 64-bit RegSvr32: $regsvr32.exe"
                                                                                                                                              • API String ID: 2051275411-1862435767
                                                                                                                                              • Opcode ID: 1d1a25129c984572b02182a1cc535abf4ce3c7d139f99b01569758c9cae4a0df
                                                                                                                                              • Instruction ID: 9446294713cd272c77c5c1ae8239e921c57b1239446b5eacea6a36187a8ad8d0
                                                                                                                                              • Opcode Fuzzy Hash: 1d1a25129c984572b02182a1cc535abf4ce3c7d139f99b01569758c9cae4a0df
                                                                                                                                              • Instruction Fuzzy Hash: 85416170A402089BDB14EFE5C982BCEBBBABF49304F50417EA504B72D2DB749E05CB55
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005EC210, Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 216COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,00000000), ref: 005EC2F6
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: PrivateProfileStringWrite
                                                                                                                                              • String ID: $d$.tmp$MoveFileEx$NUL$WININIT.INI$[rename]
                                                                                                                                              • API String ID: 390214022-708969318
                                                                                                                                              • Opcode ID: c20f01d37db7cb0b7b588ca2eb60c0dca41fb599d012e785a2343c06fc73dcf6
                                                                                                                                              • Instruction ID: f23eeab240ef1cc8b093a168f849027bf65328c68a2cc80e5218c4c811220bf5
                                                                                                                                              • Opcode Fuzzy Hash: c20f01d37db7cb0b7b588ca2eb60c0dca41fb599d012e785a2343c06fc73dcf6
                                                                                                                                              • Instruction Fuzzy Hash: 51811870A002499BDF14EBA5C992AEEBFB5FB89304F208466F440B7291D774AE46CB54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005AC56C, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetDC.USER32(00000000), ref: 005AC57D
                                                                                                                                                • Part of subcall function 004D0C1C: EnterCriticalSection.KERNEL32(?,00000000,004D0E8B,?,?), ref: 004D0C64
                                                                                                                                              • SelectObject.GDI32(hZ`,00000000), ref: 005AC59F
                                                                                                                                              • GetTextExtentPointW.GDI32(hZ`,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz,00000034,?), ref: 005AC5B3
                                                                                                                                              • GetTextMetricsW.GDI32(hZ`,?,00000000,005AC5F8,?,00000000,?,?,00605A68), ref: 005AC5D5
                                                                                                                                              • ReleaseDC.USER32 ref: 005AC5F2
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Text$CriticalEnterExtentMetricsObjectPointReleaseSectionSelect
                                                                                                                                              • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz$hZ`
                                                                                                                                              • API String ID: 1334710084-3217084166
                                                                                                                                              • Opcode ID: 0ca9fea70eebc7523813c15cad310c33fcf10b3996095b68daa9e343e24f956f
                                                                                                                                              • Instruction ID: 72e155bcf1fbe34267d8f6faea61fde8ec0a7f9298a11a8d7b7c0f57fbe5d8a7
                                                                                                                                              • Opcode Fuzzy Hash: 0ca9fea70eebc7523813c15cad310c33fcf10b3996095b68daa9e343e24f956f
                                                                                                                                              • Instruction Fuzzy Hash: 660180B6A14208BFDB09DAE9CD41E9EBBECEB49704F500466F604E3281D6B4AE108764
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004083A4, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 40fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,0040845C,?,?,?,00408576,0040559F,004055E6,?,?,004055FF), ref: 004083DD
                                                                                                                                              • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,0040845C,?,?,?,00408576,0040559F,004055E6,?,?), ref: 004083E3
                                                                                                                                              • GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,0040845C,?,?,?), ref: 004083FE
                                                                                                                                              • WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,0040845C,?,?), ref: 00408404
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileHandleWrite
                                                                                                                                              • String ID: DSe$Error$Runtime error at 00000000
                                                                                                                                              • API String ID: 3320372497-208395504
                                                                                                                                              • Opcode ID: 35553e0c30987351bb76de16a941bd8fdeb7e525247ea20ca95ee57a13e36f58
                                                                                                                                              • Instruction ID: 32ebb5f5ffdd0d91cf0e4022ad24eff81a5bc2114b6c1250ee059926c5fca6c9
                                                                                                                                              • Opcode Fuzzy Hash: 35553e0c30987351bb76de16a941bd8fdeb7e525247ea20ca95ee57a13e36f58
                                                                                                                                              • Instruction Fuzzy Hash: D4F046A064030079E720BB604C0FF2A360D9340F67F10553FB190795C2EBFE0884436D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040430C, Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,00000000,0040D848,0040D8AE,?,00000000,?,?,0040DBD1,00000000,?,00000000,0040E0D2,00000000), ref: 004043A2
                                                                                                                                              • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,0040D848,0040D8AE,?,00000000,?,?,0040DBD1,00000000,?,00000000,0040E0D2), ref: 004043BC
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Sleep
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3472027048-0
                                                                                                                                              • Opcode ID: b6720bf22a952b9a40aa8482df80102ae984c12a85108f99ae1d32814b8db707
                                                                                                                                              • Instruction ID: deeb8a33000f14c50e52b9c80bcfb14809933cb69126286ee7168143dd035137
                                                                                                                                              • Opcode Fuzzy Hash: b6720bf22a952b9a40aa8482df80102ae984c12a85108f99ae1d32814b8db707
                                                                                                                                              • Instruction Fuzzy Hash: 2A7113716047008FE715DF29C884B16BBD8AF85316F1482BFE944AB3D2D7789D41CB89
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 006108FC, Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 121COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetLastError.KERNEL32(00000000,00610A82,?,00000000,?), ref: 006109C4
                                                                                                                                                • Part of subcall function 005EC90C: FindClose.KERNEL32(000000FF,005ECA01), ref: 005EC9F0
                                                                                                                                              Strings
                                                                                                                                              • Failed to strip read-only attribute., xrefs: 00610992
                                                                                                                                              • Not stripping read-only attribute because the directory does not appear to be empty., xrefs: 0061099E
                                                                                                                                              • Deleting directory: %s, xrefs: 0061094B
                                                                                                                                              • Failed to delete directory (%d). Will delete on restart (if empty)., xrefs: 00610A3B
                                                                                                                                              • Failed to delete directory (%d)., xrefs: 00610A5C
                                                                                                                                              • Stripped read-only attribute., xrefs: 00610986
                                                                                                                                              • Failed to delete directory (%d). Will retry later., xrefs: 006109DD
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseErrorFindLast
                                                                                                                                              • String ID: Deleting directory: %s$Failed to delete directory (%d).$Failed to delete directory (%d). Will delete on restart (if empty).$Failed to delete directory (%d). Will retry later.$Failed to strip read-only attribute.$Not stripping read-only attribute because the directory does not appear to be empty.$Stripped read-only attribute.
                                                                                                                                              • API String ID: 754982922-1448842058
                                                                                                                                              • Opcode ID: 6e17db1a7c320d1e32b4ed3a0369b985ec1e37b5caef6b03cbb89fef2f466180
                                                                                                                                              • Instruction ID: 557a5e49b6694e9e64950b57d9d92a4c1a2eec186967784e6424b014e8ca3bc4
                                                                                                                                              • Opcode Fuzzy Hash: 6e17db1a7c320d1e32b4ed3a0369b985ec1e37b5caef6b03cbb89fef2f466180
                                                                                                                                              • Instruction Fuzzy Hash: 1F41C830F042598AEF04EB6D88056FF7AE6AF85304F69452AB451D7393CBF48EC58762
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00596568, Relevance: 12.1, APIs: 8, Instructions: 99windowthreadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCapture.USER32 ref: 0059658E
                                                                                                                                              • IsWindowUnicode.USER32(00000000), ref: 005965D1
                                                                                                                                              • SendMessageW.USER32(00000000,-0000BBEE,00000000,00000000), ref: 005965EC
                                                                                                                                              • SendMessageA.USER32(00000000,-0000BBEE,00000000,00000000), ref: 0059660B
                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000), ref: 0059661A
                                                                                                                                              • GetWindowThreadProcessId.USER32(?,?), ref: 0059662B
                                                                                                                                              • SendMessageW.USER32(00000000,-0000BBEE,00000000,00000000), ref: 0059664B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MessageSendWindow$ProcessThread$CaptureUnicode
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1994056952-0
                                                                                                                                              • Opcode ID: e5ba62f8d6fe238141065b2639259aa4af7996d9deca63c3f43a5d53c40445d9
                                                                                                                                              • Instruction ID: d4a76b22e61fcb8a9b26df133d7fcaa7216dff8b69782b18ba7a9bc884aef8fc
                                                                                                                                              • Opcode Fuzzy Hash: e5ba62f8d6fe238141065b2639259aa4af7996d9deca63c3f43a5d53c40445d9
                                                                                                                                              • Instruction Fuzzy Hash: A7219F712042086FDA60EA6ACB41FA77BDCEF14354B114429F96DC3252EA54FC54C768
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00404504, Relevance: 10.9, APIs: 7, Instructions: 406COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 697887c1366346a78c3b152f17a6f07143039b601a5fc2aecaa22c283c4d17a3
                                                                                                                                              • Instruction ID: 60ef077e6784600fed5e79a9f76e2effe94bb904bb5c482981fd56eb3f172e6b
                                                                                                                                              • Opcode Fuzzy Hash: 697887c1366346a78c3b152f17a6f07143039b601a5fc2aecaa22c283c4d17a3
                                                                                                                                              • Instruction Fuzzy Hash: 04C115A2B106010BD714AE7DDC8476EB69A9BC5326F18827FF214EB3D6DA7CDD058348
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040735C, Relevance: 10.6, APIs: 7, Instructions: 130threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0040781C: GetCurrentThreadId.KERNEL32 ref: 0040781F
                                                                                                                                              • GetTickCount.KERNEL32 ref: 00407393
                                                                                                                                              • GetTickCount.KERNEL32 ref: 004073AB
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 004073DA
                                                                                                                                              • GetTickCount.KERNEL32 ref: 00407405
                                                                                                                                              • GetTickCount.KERNEL32 ref: 0040743C
                                                                                                                                              • GetTickCount.KERNEL32 ref: 00407466
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 004074D6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CountTick$CurrentThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3968769311-0
                                                                                                                                              • Opcode ID: ff93b3ccd74f9b29eca9c831920c31a9bd6ac82b634decaaa3b21802752e009c
                                                                                                                                              • Instruction ID: ea78ba0e2ac2ba221a443e266ef25961b1e6d97e477d57c99d4c544f0d3dc230
                                                                                                                                              • Opcode Fuzzy Hash: ff93b3ccd74f9b29eca9c831920c31a9bd6ac82b634decaaa3b21802752e009c
                                                                                                                                              • Instruction Fuzzy Hash: 07416E71A0C3419ED321AE38C98431FBED5AF80354F14893EE8D8973C1EA7CA8859757
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00630720, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 72fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,GetFinalPathNameByHandleW), ref: 0063074C
                                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 00630765
                                                                                                                                              • CreateFileW.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 0063078F
                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 006307AD
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileHandle$AttributesCloseCreateModule
                                                                                                                                              • String ID: GetFinalPathNameByHandleW$kernel32.dll
                                                                                                                                              • API String ID: 791737717-340263132
                                                                                                                                              • Opcode ID: d013ede1d66e44786c7ff0a1ce2a886929da85541059158a96cfa050a0bbfbb2
                                                                                                                                              • Instruction ID: 87102ef8e4d20a3574287a83294d8098c9f46275f92d99bc3571f6c2fdb94f69
                                                                                                                                              • Opcode Fuzzy Hash: d013ede1d66e44786c7ff0a1ce2a886929da85541059158a96cfa050a0bbfbb2
                                                                                                                                              • Instruction Fuzzy Hash: B2110C607403043BF560717E4C9BFBB215ECB41B58F14053AB614DB3D3D9A9BC4A45E9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004070F8, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 0040710D
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00407113
                                                                                                                                              • GetLastError.KERNEL32(00000000,?,GetLogicalProcessorInformation), ref: 0040712F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                              • String ID: @$GetLogicalProcessorInformation$kernel32.dll
                                                                                                                                              • API String ID: 4275029093-79381301
                                                                                                                                              • Opcode ID: 853332416af2778c5bcc47278f3b3b8c9cbb13ce77f830fa8c852dff70c1a778
                                                                                                                                              • Instruction ID: b32848a7681182275f687d561da14b36461a078c67b786b57a386ce806aebad7
                                                                                                                                              • Opcode Fuzzy Hash: 853332416af2778c5bcc47278f3b3b8c9cbb13ce77f830fa8c852dff70c1a778
                                                                                                                                              • Instruction Fuzzy Hash: B1116371D08204BEEB10EFA5D845B5EBBF8DB40705F1481BBE814B77C1D67CAA40CA5A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00638CE4, Relevance: 9.1, APIs: 6, Instructions: 66COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 00638D00
                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC,?,00641DE1,00000000,006426FF), ref: 00638D2F
                                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 00638D44
                                                                                                                                              • SetWindowLongW.USER32 ref: 00638D6B
                                                                                                                                              • ShowWindow.USER32(?,00000005,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC), ref: 00638D84
                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000057,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000), ref: 00638DA5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$Long$Show
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3609083571-0
                                                                                                                                              • Opcode ID: d2dbb0be289e54bacf976c7f4dfaec024f8e6c98763cb61bdd855e4b1f5a2cb1
                                                                                                                                              • Instruction ID: 4f6d61b873651764cbf63e3fa7df5b0db851a037555fece8d58b62e65ee2b6a9
                                                                                                                                              • Opcode Fuzzy Hash: d2dbb0be289e54bacf976c7f4dfaec024f8e6c98763cb61bdd855e4b1f5a2cb1
                                                                                                                                              • Instruction Fuzzy Hash: 20111635208740AFDB40DB68DC81FD233EAEB1E315F565295F615CB3E6CB28A9809B40
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00404850, Relevance: 9.1, APIs: 6, Instructions: 51fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00404872
                                                                                                                                              • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000), ref: 00404878
                                                                                                                                              • GetStdHandle.KERNEL32(000000F4,004039C0,00000000,?,00000000,00000000,000000F4,?,00000000,?,00000000), ref: 00404897
                                                                                                                                              • WriteFile.KERNEL32(00000000,000000F4,004039C0,00000000,?,00000000,00000000,000000F4,?,00000000,?,00000000), ref: 0040489D
                                                                                                                                              • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000000,000000F4,004039C0,00000000,?,00000000,00000000,000000F4,?,00000000,?), ref: 004048B4
                                                                                                                                              • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000000,000000F4,004039C0,00000000,?,00000000,00000000,000000F4,?,00000000), ref: 004048BA
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileHandleWrite
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3320372497-0
                                                                                                                                              • Opcode ID: 96bd239209c6a63c06af0de23b62dd9ff30bc3cc63f42a45982ad99c8b45f61d
                                                                                                                                              • Instruction ID: c2dd4965a0f43c2e90c7e85b488812c0a92c439cc6caa8cc8eed11ef1f08fbc9
                                                                                                                                              • Opcode Fuzzy Hash: 96bd239209c6a63c06af0de23b62dd9ff30bc3cc63f42a45982ad99c8b45f61d
                                                                                                                                              • Instruction Fuzzy Hash: AF01A9922452103EF210F76A9D8AF5B2ACCCB4576AF10867B7218F31D2C9385D449779
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00403F88, Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNEL32(00000000,000000FF,00404828,00000000,0040D8EF,00000000,0040DDFD,00000000,0040E0BF,00000000,0040E0F5), ref: 0040403F
                                                                                                                                              • Sleep.KERNEL32(0000000A,00000000,000000FF,00404828,00000000,0040D8EF,00000000,0040DDFD,00000000,0040E0BF,00000000,0040E0F5), ref: 00404055
                                                                                                                                              • Sleep.KERNEL32(00000000,00000000,?,000000FF,00404828,00000000,0040D8EF,00000000,0040DDFD,00000000,0040E0BF,00000000,0040E0F5), ref: 00404083
                                                                                                                                              • Sleep.KERNEL32(0000000A,00000000,00000000,?,000000FF,00404828,00000000,0040D8EF,00000000,0040DDFD,00000000,0040E0BF,00000000,0040E0F5), ref: 00404099
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Sleep
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3472027048-0
                                                                                                                                              • Opcode ID: e8e0e7a759d40c26b189e03f879abd0ff22593c81b56e0af2c35237eb92c6d05
                                                                                                                                              • Instruction ID: 761f82f42e7ee3a11ab389e61e9d5bd4fb19e892973a78a75e85dfe7d66e3743
                                                                                                                                              • Opcode Fuzzy Hash: e8e0e7a759d40c26b189e03f879abd0ff22593c81b56e0af2c35237eb92c6d05
                                                                                                                                              • Instruction Fuzzy Hash: 5DC146B26007118FD715CF69E8A8316BBE6BBC5312F0882BFE516AB3D1C3789941C794
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005F3E98, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 239windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 005F3F15
                                                                                                                                              • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 005F3F3C
                                                                                                                                              • SetForegroundWindow.USER32(?,00000000,005F4214,?,00000000,005F4252), ref: 005F3F4D
                                                                                                                                              • DefWindowProcW.USER32(00000000,?,?,?,00000000,005F4214,?,00000000,005F4252), ref: 005F41FF
                                                                                                                                              Strings
                                                                                                                                              • Cannot evaluate variable because [Code] isn't running yet, xrefs: 005F4087
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MessagePostWindow$ForegroundProc
                                                                                                                                              • String ID: Cannot evaluate variable because [Code] isn't running yet
                                                                                                                                              • API String ID: 602442252-3182603685
                                                                                                                                              • Opcode ID: 396aaf116f254f7effe95f5ed93830dbf4bf757d1d3c914288a9a6f353578a4f
                                                                                                                                              • Instruction ID: 0bf18be0f6d700584a8fd7bd9f5f2b4fddff586dbd5b58486b4264e1a0a6eb58
                                                                                                                                              • Opcode Fuzzy Hash: 396aaf116f254f7effe95f5ed93830dbf4bf757d1d3c914288a9a6f353578a4f
                                                                                                                                              • Instruction Fuzzy Hash: 3B91BF346042089FE715DF68D965F6ABBF6FB89700F1184A9FA049B7A1CB78AD40CF14
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00642E90, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 102COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00596428: SetWindowTextW.USER32(?,00000000), ref: 00596459
                                                                                                                                              • ShowWindow.USER32(?,00000005,00000000,00643144,?,?,00000000), ref: 00642ED6
                                                                                                                                                • Part of subcall function 005A4018: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005A402B
                                                                                                                                                • Part of subcall function 004216E4: SetCurrentDirectoryW.KERNEL32(00000000,?,00642EFE,00000000,0064310B,?,?,00000005,00000000,00643144,?,?,00000000), ref: 004216EF
                                                                                                                                                • Part of subcall function 005A3B6C: GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,005A3C01,?,?,?,00000001,?,005EE95A,00000000,005EE9C5), ref: 005A3BA1
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DirectoryWindow$CurrentFileModuleNameShowSystemText
                                                                                                                                              • String ID: .dat$.msg$IMsg$Uninstall
                                                                                                                                              • API String ID: 3312786188-1660910688
                                                                                                                                              • Opcode ID: dc4bad10d1740db17d168f559c2ac3dbaee8d057c0bd31d87a59e27b3a61736c
                                                                                                                                              • Instruction ID: aaf2b6a5a2e52d64610dffd712784688f67b973c620bcdbd3448a7b676c1cdee
                                                                                                                                              • Opcode Fuzzy Hash: dc4bad10d1740db17d168f559c2ac3dbaee8d057c0bd31d87a59e27b3a61736c
                                                                                                                                              • Instruction Fuzzy Hash: 43419034A006059FCB10EFA8DD5699EBBB6FB8A314F518465F400A7762CB34AE04CFA0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005F3980, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 59windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SendMessageW.USER32(?,00000B06,00000000,00000000), ref: 005F399A
                                                                                                                                              • SendMessageW.USER32(00000000,00000B00,00000000,00000000), ref: 005F3A37
                                                                                                                                              Strings
                                                                                                                                              • <9_, xrefs: 005F39E9
                                                                                                                                              • Failed to create DebugClientWnd, xrefs: 005F3A00
                                                                                                                                              • Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x), xrefs: 005F39C6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MessageSend
                                                                                                                                              • String ID: <9_$Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)$Failed to create DebugClientWnd
                                                                                                                                              • API String ID: 3850602802-1926086703
                                                                                                                                              • Opcode ID: 3982c4321f1eb59b3ec73fbbe85e6df61183a7c6913be66acf5c57fa30126bc4
                                                                                                                                              • Instruction ID: 3250160471eed9ada5ea830bd38fe803840a5dce5d4da15b2f77b074d9efc01f
                                                                                                                                              • Opcode Fuzzy Hash: 3982c4321f1eb59b3ec73fbbe85e6df61183a7c6913be66acf5c57fa30126bc4
                                                                                                                                              • Instruction Fuzzy Hash: 5B11C1B16043419FF300EB29CC81B6A7FD8AB88304F140069F7C58B391DBB95944CBA6
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0060CF18, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • MsgWaitForMultipleObjects.USER32 ref: 0060CF4A
                                                                                                                                              • GetExitCodeProcess.KERNEL32 ref: 0060CF6D
                                                                                                                                              • CloseHandle.KERNEL32(?,0060CFA0,00000001,00000000,000000FF,000004FF,00000000,0060CF99), ref: 0060CF93
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseCodeExitHandleMultipleObjectsProcessWait
                                                                                                                                              • String ID: GetExitCodeProcess$MsgWaitForMultipleObjects
                                                                                                                                              • API String ID: 2573145106-3235461205
                                                                                                                                              • Opcode ID: a4ef553bef9745de59718cf4f8301b32cd81ed13359e7eea631fe578b41d31a3
                                                                                                                                              • Instruction ID: e2cfc44939e3016eb53af9faac779c730ea5e72d7bf3c087b316fe49c30acad1
                                                                                                                                              • Opcode Fuzzy Hash: a4ef553bef9745de59718cf4f8301b32cd81ed13359e7eea631fe578b41d31a3
                                                                                                                                              • Instruction Fuzzy Hash: E501F230684202AFDB18EBA9CD42E9B7BEAEF89730F110361F510D73E1CB709D408656
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00405634, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 36COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000105,?), ref: 0040566B
                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,00000105,?), ref: 00405671
                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000105,?), ref: 00405680
                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,00000105,?), ref: 00405691
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentDirectory
                                                                                                                                              • String ID: :
                                                                                                                                              • API String ID: 1611563598-336475711
                                                                                                                                              • Opcode ID: 07451cd3840e142b4bbe21be877f75ec33b3997126205fcf31e678c3acf2bcb7
                                                                                                                                              • Instruction ID: 235d6df361bd0d32668981a988864fb0fb722a42ac84d823f2286f0eede1056f
                                                                                                                                              • Opcode Fuzzy Hash: 07451cd3840e142b4bbe21be877f75ec33b3997126205fcf31e678c3acf2bcb7
                                                                                                                                              • Instruction Fuzzy Hash: 0FF0F061140B447AD320EB65C852AEB72DCDF44305F40883F7AC8D73D2E67E8948976A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0045F190, Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 107COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetLastError.KERNEL32(00000000,0045F2E0,?,?,0043ED1C,00000001), ref: 0045F21E
                                                                                                                                                • Part of subcall function 00420E40: CreateFileW.KERNEL32(00000000,000000F0,000000F0,00000000,00000003,00000080,00000000,?,?,0043ED1C,0045F260,00000000,0045F2E0,?,?,0043ED1C), ref: 00420E8F
                                                                                                                                                • Part of subcall function 00421294: GetFullPathNameW.KERNEL32(00000000,00000104,?,?,?,?,?,0043ED1C,0045F27B,00000000,0045F2E0,?,?,0043ED1C,00000001), ref: 004212B7
                                                                                                                                              • GetLastError.KERNEL32(00000000,0045F2E0,?,?,0043ED1C,00000001), ref: 0045F285
                                                                                                                                                • Part of subcall function 00425328: FormatMessageW.KERNEL32(00003300,00000000,00000000,00000000,00000001,00000000,00000000,?,0043ED1C,00000000,?,0045F294,00000000,0045F2E0), ref: 0042534C
                                                                                                                                                • Part of subcall function 00425328: LocalFree.KERNEL32(00000001,004253A5,00003300,00000000,00000000,00000000,00000001,00000000,00000000,?,0043ED1C,00000000,?,0045F294,00000000,0045F2E0), ref: 00425398
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLast$CreateFileFormatFreeFullLocalMessageNamePath
                                                                                                                                              • String ID: 86A$@6A$HwC
                                                                                                                                              • API String ID: 503893064-98527512
                                                                                                                                              • Opcode ID: 6998d0a86b9df2075f3724f8d88336c0cec2aeceab645c91b615cb9719bf8cff
                                                                                                                                              • Instruction ID: 745cc1808213c2ad4bebd5608277032dd2d33e3607dce3ea1d981da7b6fd0253
                                                                                                                                              • Opcode Fuzzy Hash: 6998d0a86b9df2075f3724f8d88336c0cec2aeceab645c91b615cb9719bf8cff
                                                                                                                                              • Instruction Fuzzy Hash: 1E41D974E006198FCB00DFB5D8815EEB7E1AF58314F91807AF904E7382DB795D458BAA
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00579FD8, Relevance: 7.6, APIs: 5, Instructions: 77COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3b5694601fa14f70a87438df203c7dfe3e7dc7487d3213545f61ee561c0bae99
                                                                                                                                              • Instruction ID: cc56745ff277b245ad09d8de72ba4211971e93206b3813a529398f1f0b1a1d52
                                                                                                                                              • Opcode Fuzzy Hash: 3b5694601fa14f70a87438df203c7dfe3e7dc7487d3213545f61ee561c0bae99
                                                                                                                                              • Instruction Fuzzy Hash: 6C11D53060124586EB306A3AAC0DB9E3F88BFC0744F14C819BC4CDB187DB65DC56A796
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005944F4, Relevance: 7.5, APIs: 5, Instructions: 39threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • UnhookWindowsHookEx.USER32(00000000), ref: 00594506
                                                                                                                                              • SetEvent.KERNEL32(00000000), ref: 00594532
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00594537
                                                                                                                                              • MsgWaitForMultipleObjects.USER32 ref: 00594560
                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000), ref: 0059456D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseCurrentEventHandleHookMultipleObjectsThreadUnhookWaitWindows
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2132507429-0
                                                                                                                                              • Opcode ID: 3b235338b7f2f140f3ebaf933f4b5cdb7e77db1889ee1a35fe8ba6e7c49d8c23
                                                                                                                                              • Instruction ID: 88c52549a5e715926acfc9d21bc8d4d6613a252fa8e5177acbfad556114344a3
                                                                                                                                              • Opcode Fuzzy Hash: 3b235338b7f2f140f3ebaf933f4b5cdb7e77db1889ee1a35fe8ba6e7c49d8c23
                                                                                                                                              • Instruction Fuzzy Hash: D4016D70204701AFDB60EBB4DD86B6A37E4BB04315F116A2AF268C71E1EB749881CB55
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005EBD18, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 105fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,$d,?,00000000,005EBE53), ref: 005EBE03
                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,$d,?,00000000,005EBE53), ref: 005EBE13
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseCreateFileHandle
                                                                                                                                              • String ID: $d$.tmp
                                                                                                                                              • API String ID: 3498533004-983619410
                                                                                                                                              • Opcode ID: 69e0e02d6deba738da4e838a624fd8f55e20f9ddbe613d3c60eb9bf561616057
                                                                                                                                              • Instruction ID: 99548d4cf77d807635be771ba07d7cfa9e65ae118f0c05496ef975606467e4b5
                                                                                                                                              • Opcode Fuzzy Hash: 69e0e02d6deba738da4e838a624fd8f55e20f9ddbe613d3c60eb9bf561616057
                                                                                                                                              • Instruction Fuzzy Hash: C831B431E00249AFEF15EBA6CD42BDEBBB8BF45714F1041A9F580B7292D7746E018B94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005974A0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 103timethreadwindowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00597414: GetCursorPos.USER32 ref: 0059741B
                                                                                                                                              • SetTimer.USER32(00000000,00000000,5FCC754F,00000000), ref: 0059758B
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 005975C5
                                                                                                                                              • WaitMessage.USER32(00000000,00597609,?,?,?,00000000), ref: 005975E9
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentCursorMessageThreadTimerWait
                                                                                                                                              • String ID: DPe
                                                                                                                                              • API String ID: 3909455694-263271565
                                                                                                                                              • Opcode ID: 91238c81ee9075485338ed2d662be918b154e00c598651244f9b2df877b0ee35
                                                                                                                                              • Instruction ID: 1469555dc03eeb15efe1e9ed34c0f8165c743d190f97ee429bce772a4f14b63a
                                                                                                                                              • Opcode Fuzzy Hash: 91238c81ee9075485338ed2d662be918b154e00c598651244f9b2df877b0ee35
                                                                                                                                              • Instruction Fuzzy Hash: 9341BF30A28648EFDF51DBA8D946FAD7BF6FB49300F5144B6E40897291D7745E40CB11
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0064345C, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,000000EC,00000000,0064355A,?,?,0065B16C,?,0064398A,00000000,00643994,?,00000000,006439C4,?,?), ref: 006434CC
                                                                                                                                              • SetFileAttributesW.KERNEL32(00000000,00000000,00000000,000000EC,00000000,0064355A,?,?,0065B16C,?,0064398A,00000000,00643994,?,00000000,006439C4), ref: 006434F5
                                                                                                                                              • MoveFileExW.KERNEL32(00000000,00000000,00000001,00000000,000000EC,00000000,0064355A,?,?,0065B16C,?,0064398A,00000000,00643994,?,00000000), ref: 0064350E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: File$Attributes$Move
                                                                                                                                              • String ID: isRS-%.3u.tmp
                                                                                                                                              • API String ID: 3839737484-3657609586
                                                                                                                                              • Opcode ID: aa529472f525bfa2d5c103ef9b4d96667ba35661589bf59d70dee8af0946017c
                                                                                                                                              • Instruction ID: 6bc5d1144645a631ce76ea8b1b6a79b687eba1afea31a768a3e428e29e6e2859
                                                                                                                                              • Opcode Fuzzy Hash: aa529472f525bfa2d5c103ef9b4d96667ba35661589bf59d70dee8af0946017c
                                                                                                                                              • Instruction Fuzzy Hash: 43318F71E10219ABCB05EFA9D982AEEB7B9AF44314F10417AB814F33D1DB385F41CA94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0060CA80, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 005A2F64: GetFullPathNameW.KERNEL32(00000000,00001000,?,?,00000002,?,?,0065B16C,00000000,005EC257,00000000,005EC532,?,?,0065B16C), ref: 005A2F95
                                                                                                                                              • LoadTypeLib.OLEAUT32(00000000,00000000), ref: 0060CAC3
                                                                                                                                              • RegisterTypeLib.OLEAUT32(?,00000000,00000000), ref: 0060CADF
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Type$FullLoadNamePathRegister
                                                                                                                                              • String ID: LoadTypeLib$RegisterTypeLib
                                                                                                                                              • API String ID: 4170313675-2435364021
                                                                                                                                              • Opcode ID: 4321bdcdec96d9497ff5b861dd134d3dedbc05957b45bbddf6ad0ef568d14515
                                                                                                                                              • Instruction ID: 82c03a504a7a4b02056d57f850a3b1d6b96637ea7984395d4a19da490358fea6
                                                                                                                                              • Opcode Fuzzy Hash: 4321bdcdec96d9497ff5b861dd134d3dedbc05957b45bbddf6ad0ef568d14515
                                                                                                                                              • Instruction Fuzzy Hash: 3C0125707442496BDB14FBA5CC43B5E77ADEB44754F504575B800E72C2DB74AE058618
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005EC449, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetFileAttributesW.KERNEL32(00000000,00000020), ref: 005EC454
                                                                                                                                                • Part of subcall function 004210E4: DeleteFileW.KERNEL32(00000000,?,?,0065B16C,?,0064396F,00000000,006439C4,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex), ref: 004210F4
                                                                                                                                                • Part of subcall function 004210E4: GetLastError.KERNEL32(00000000,?,?,0065B16C,?,0064396F,00000000,006439C4,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex), ref: 00421103
                                                                                                                                                • Part of subcall function 004210E4: GetFileAttributesW.KERNEL32(00000000,00000000,?,?,0065B16C,?,0064396F,00000000,006439C4,?,?,00000005,?,00000000,00000000,00000000), ref: 0042110B
                                                                                                                                                • Part of subcall function 004210E4: RemoveDirectoryW.KERNEL32(00000000,00000000,00000000,?,?,0065B16C,?,0064396F,00000000,006439C4,?,?,00000005,?,00000000,00000000), ref: 00421126
                                                                                                                                              • MoveFileW.KERNEL32(00000000,00000000), ref: 005EC481
                                                                                                                                                • Part of subcall function 005EB7F4: GetLastError.KERNEL32(00000000,005EC50A,00000005,00000000,005EC532,?,?,0065B16C,?,00000000,00000000,00000000,?,00643607,00000000,00643622), ref: 005EB7F7
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: File$AttributesErrorLast$DeleteDirectoryMoveRemove
                                                                                                                                              • String ID: DeleteFile$MoveFile
                                                                                                                                              • API String ID: 3947864702-139070271
                                                                                                                                              • Opcode ID: 29b4c802511320ad94ea1639b000838560242d58ebc7f0ead67470142edb796a
                                                                                                                                              • Instruction ID: 47960dd9e84fe0bd358fb1439b8c2dc1706b6fb26a419a194ceb2687fbd74f67
                                                                                                                                              • Opcode Fuzzy Hash: 29b4c802511320ad94ea1639b000838560242d58ebc7f0ead67470142edb796a
                                                                                                                                              • Instruction Fuzzy Hash: 05F044716141958AEF08FBB7E94266E7BE4FB84704F60443BF490E35D2DA3CEC128628
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0060F3BC, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 005A45D0: RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,005A4CAA,?,00000000,?,005A4C4A,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005A4CAA), ref: 005A45EC
                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,?,00000001,00000000,00000003,0060F210,00000003,00000000,0060F55F,00000000,0060F719,?,0060F210,?,00000000,00000000), ref: 0060F409
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseOpen
                                                                                                                                              • String ID: .NET Framework not found$InstallRoot$SOFTWARE\Microsoft\.NETFramework
                                                                                                                                              • API String ID: 47109696-2631785700
                                                                                                                                              • Opcode ID: 27957701934e9cef5ec764e59deb9740ea500da307114f3a2f7a0fe87d030b4a
                                                                                                                                              • Instruction ID: 7636cb666f3b88822779cf726ab055b26d8c2e79216c567a98099aefa52304df
                                                                                                                                              • Opcode Fuzzy Hash: 27957701934e9cef5ec764e59deb9740ea500da307114f3a2f7a0fe87d030b4a
                                                                                                                                              • Instruction Fuzzy Hash: E2F0C2717402185BDB28EB599885B5B6BEADFC9311F942039BA84C76A2DB74CC02C722
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005A4B48, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetDC.USER32(00000000), ref: 005A4B57
                                                                                                                                              • EnumFontsW.GDI32(?,00000000,005A4B34,00000000,00000000,^^,?,00000000), ref: 005A4B82
                                                                                                                                              • ReleaseDC.USER32 ref: 005A4B9A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: EnumFontsRelease
                                                                                                                                              • String ID: ^^
                                                                                                                                              • API String ID: 2694381407-3701981938
                                                                                                                                              • Opcode ID: 0e9cfa1b36d70d288d8f71e9b7935d666929e28700638bdaaa5bb3d431f047ae
                                                                                                                                              • Instruction ID: 2a56c57e823c202ce950ad2579ba30904921a121a555cdb1858795d3a6424d54
                                                                                                                                              • Opcode Fuzzy Hash: 0e9cfa1b36d70d288d8f71e9b7935d666929e28700638bdaaa5bb3d431f047ae
                                                                                                                                              • Instruction Fuzzy Hash: E1F0E271718348BFEB01DAE99C52F9DBAACEB89700F400079F504E26C1E5B8A910CA38
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005A45F8, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegDeleteKeyW.ADVAPI32(?,00000000), ref: 005A4604
                                                                                                                                              • GetModuleHandleW.KERNEL32(advapi32.dll,RegDeleteKeyExW,?,00000000,005A47EB,00000000,005A4803,?,?,?), ref: 005A461F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DeleteHandleModule
                                                                                                                                              • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                              • API String ID: 3550747403-4033151799
                                                                                                                                              • Opcode ID: 91090843d4d4af3ad2b49db8bd6dce93cb2395ed1a45d9824fd546275a2651d1
                                                                                                                                              • Instruction ID: 1e3c3d9d390f19047cba102949dd9dd542b985c70850d63ae9facc9fc98d4f2b
                                                                                                                                              • Opcode Fuzzy Hash: 91090843d4d4af3ad2b49db8bd6dce93cb2395ed1a45d9824fd546275a2651d1
                                                                                                                                              • Instruction Fuzzy Hash: 49E065706803147EE774A7F55C5DB9B2B19B787356F102516B201971A187F81888CD98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005A529C, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleW.KERNEL32(user32.dll,ChangeWindowMessageFilterEx,?,00000004,006539D4,005F3A1E,005F3E98,005F393C,?,00000B06,00000000,00000000), ref: 005A52B6
                                                                                                                                                • Part of subcall function 00412174: GetProcAddress.KERNEL32(?,?), ref: 0041219E
                                                                                                                                                • Part of subcall function 005A5200: GetModuleHandleW.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,?,005A52F6,?,00000004,006539D4,005F3A1E,005F3E98,005F393C,?,00000B06,00000000,00000000), ref: 005A5217
                                                                                                                                              • ChangeWindowMessageFilterEx.USER32(00000000,?,00000001,00000000,?,00000004,006539D4,005F3A1E,005F3E98,005F393C,?,00000B06,00000000,00000000), ref: 005A52E7
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: HandleModule$AddressChangeFilterMessageProcWindow
                                                                                                                                              • String ID: ChangeWindowMessageFilterEx$user32.dll
                                                                                                                                              • API String ID: 989041661-2676053874
                                                                                                                                              • Opcode ID: ea50f21075c36454d110caea99a89f923431fe9dceeab775e258fd1b526790e5
                                                                                                                                              • Instruction ID: 1927e4c0aa086deb3cfad6613dbc4c3ce0e6cbe5f7e38d9e47276ca6a3ae24a8
                                                                                                                                              • Opcode Fuzzy Hash: ea50f21075c36454d110caea99a89f923431fe9dceeab775e258fd1b526790e5
                                                                                                                                              • Instruction Fuzzy Hash: CCF0A774244B10AFE761EB28DC49F5E3A95FF86356F102529F10196291E7B40884CB94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004D0C1C, Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 156COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • EnterCriticalSection.KERNEL32(?,00000000,004D0E8B,?,?), ref: 004D0C64
                                                                                                                                              • LeaveCriticalSection.KERNEL32(005AC5F0,004D0E62,?,00000000,004D0E8B,?,?), ref: 004D0E55
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                              • String ID: Default$hZ`
                                                                                                                                              • API String ID: 3168844106-2695253099
                                                                                                                                              • Opcode ID: 2eff6a330b22e00c03f564ed27113b94e543d50228a51baccbb8f9702546894c
                                                                                                                                              • Instruction ID: 80abd94407fe66e1b199aeef357c901cb8233371e70944f37c47c7d84f4c5d93
                                                                                                                                              • Opcode Fuzzy Hash: 2eff6a330b22e00c03f564ed27113b94e543d50228a51baccbb8f9702546894c
                                                                                                                                              • Instruction Fuzzy Hash: 18515B74A04348CFDB01DFA5C951AAEBBF5EF89704F61496BE804A7392D738A944CB18
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040C3D0, Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetThreadUILanguage.KERNEL32(?,00000000), ref: 0040C3E1
                                                                                                                                              • SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 0040C43F
                                                                                                                                              • SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 0040C49C
                                                                                                                                              • SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 0040C4CF
                                                                                                                                                • Part of subcall function 0040C38C: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,0040C44D), ref: 0040C3A3
                                                                                                                                                • Part of subcall function 0040C38C: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,0040C44D), ref: 0040C3C0
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Thread$LanguagesPreferred$Language
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2255706666-0
                                                                                                                                              • Opcode ID: 244ff3edf63504cf3fb737269b573beb4119c8cd9af73bc35cb737e4674f2cb5
                                                                                                                                              • Instruction ID: 79a3ce994cf903e157db4e336bef9a6861886d8df5c2bab53a1da75926d4ddd6
                                                                                                                                              • Opcode Fuzzy Hash: 244ff3edf63504cf3fb737269b573beb4119c8cd9af73bc35cb737e4674f2cb5
                                                                                                                                              • Instruction Fuzzy Hash: 91315C70A0021ADBCB10DFA9D8C4AAEB3B5FF04315F10827AE811F7291DB789A048B94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005AC674, Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • MulDiv.KERNEL32(?,?,?), ref: 005AC68D
                                                                                                                                              • MulDiv.KERNEL32(?,005AC7BF,?), ref: 005AC6A0
                                                                                                                                              • MulDiv.KERNEL32(?,?,?), ref: 005AC6B7
                                                                                                                                              • MulDiv.KERNEL32(?,005AC7BF,?), ref: 005AC6D5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: cff2e6929fe1badb53fdc45be0e08074f03839a2555ff6dbac0b54f24be57282
                                                                                                                                              • Instruction ID: 3d92b90700236828e186705ea3112f664e83dac73a9dcb1a75dfd2e31a1fc8c5
                                                                                                                                              • Opcode Fuzzy Hash: cff2e6929fe1badb53fdc45be0e08074f03839a2555ff6dbac0b54f24be57282
                                                                                                                                              • Instruction Fuzzy Hash: EB112E72A04218AFCB48DEADC8C4E9E7BEDEF09324B144095FE18CB242C674ED45C764
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00597768, Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • IsWindowVisible.USER32 ref: 0059777B
                                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 005977BD
                                                                                                                                              • SetWindowLongW.USER32 ref: 005977D7
                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,C31852FF,?,00000000,?,00597891,?,?,?,00000000), ref: 005977FF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$Long$Visible
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2967648141-0
                                                                                                                                              • Opcode ID: 5f3e42fd737ea3e0dcf482adf883e2335da6c63e74519f2408325f9ecdf183ce
                                                                                                                                              • Instruction ID: 0d39400aaa21b6adff2c0195af94ec1895499233bcfb5f2973faf6cdbc833eea
                                                                                                                                              • Opcode Fuzzy Hash: 5f3e42fd737ea3e0dcf482adf883e2335da6c63e74519f2408325f9ecdf183ce
                                                                                                                                              • Instruction Fuzzy Hash: 37115AB0604254BFCB01DB68C889EA97FE9EB08751F448192F854CB362C634EAC0C754
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0045FAAC, Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindResourceW.KERNEL32(?,?,?,0043FA20,?,00000001,00000000,?,0045F9EE,00000000,00000000,?,0065B16C,?,?,00636ECC), ref: 0045FAC3
                                                                                                                                              • LoadResource.KERNEL32(?,0045FB48,?,?,?,0043FA20,?,00000001,00000000,?,0045F9EE,00000000,00000000,?,0065B16C,?), ref: 0045FADD
                                                                                                                                              • SizeofResource.KERNEL32(?,0045FB48,?,0045FB48,?,?,?,0043FA20,?,00000001,00000000,?,0045F9EE,00000000,00000000), ref: 0045FAF7
                                                                                                                                              • LockResource.KERNEL32(0045F394,00000000,?,0045FB48,?,0045FB48,?,?,?,0043FA20,?,00000001,00000000,?,0045F9EE,00000000), ref: 0045FB01
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Resource$FindLoadLockSizeof
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3473537107-0
                                                                                                                                              • Opcode ID: a960d645b681e51992cb520e73101bba7121b8d02c3d771758de0a8d69f3ae1e
                                                                                                                                              • Instruction ID: 8ae038fe12813242892956fa23f67b0bfdae892bbfcac214b22b500fb464bf84
                                                                                                                                              • Opcode Fuzzy Hash: a960d645b681e51992cb520e73101bba7121b8d02c3d771758de0a8d69f3ae1e
                                                                                                                                              • Instruction Fuzzy Hash: 49F06DB26002046F5744EE6EA981D5B77ECEE88364310006FFD1CC7203DA78DD15837A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005EE62C, Relevance: 6.0, APIs: 4, Instructions: 41registrywindowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 005A45D0: RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,005A4CAA,?,00000000,?,005A4C4A,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005A4CAA), ref: 005A45EC
                                                                                                                                              • RegDeleteValueW.ADVAPI32(?,00000000,?,00000002,00000000,?,?,?,006126CB), ref: 005EE668
                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,?,00000000,?,00000002,00000000,?,?,?,006126CB), ref: 005EE671
                                                                                                                                              • RemoveFontResourceW.GDI32(00000000), ref: 005EE67E
                                                                                                                                              • SendNotifyMessageW.USER32(0000FFFF,0000001D,00000000,00000000), ref: 005EE692
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseDeleteFontMessageNotifyOpenRemoveResourceSendValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4283692357-0
                                                                                                                                              • Opcode ID: 91c6243e915a3404665ef1d0729168e480ac65a806372a1ab6a84d5cf4e33b57
                                                                                                                                              • Instruction ID: a30f366eede687ae21e828cb399b3e5c73358afb4d395a5c14b56e92d6638c49
                                                                                                                                              • Opcode Fuzzy Hash: 91c6243e915a3404665ef1d0729168e480ac65a806372a1ab6a84d5cf4e33b57
                                                                                                                                              • Instruction Fuzzy Hash: 6EF054B275030166EA10F6B6AD47F9B268C5F84B44F14482AB644EB1D2DAA8DC41866D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004ECC00, Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000), ref: 004ECC0D
                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00000000,00000000,00598572,?,?,00000000,00000001,0059686F,?,00000000,00000000,00000000,00000001,?,00000000), ref: 004ECC16
                                                                                                                                              • GlobalFindAtomW.KERNEL32(00000000), ref: 004ECC2B
                                                                                                                                              • GetPropW.USER32 ref: 004ECC42
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Process$AtomCurrentFindGlobalPropThreadWindow
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2582817389-0
                                                                                                                                              • Opcode ID: a305be3a5aaa0efe35dc760f942e5e80f1c776838ed18a68f3009d37d3a00938
                                                                                                                                              • Instruction ID: 36180291bc81029fd2c6c8b7d935bd8aeeeec9b5166e67ada58dac2d23776617
                                                                                                                                              • Opcode Fuzzy Hash: a305be3a5aaa0efe35dc760f942e5e80f1c776838ed18a68f3009d37d3a00938
                                                                                                                                              • Instruction Fuzzy Hash: 53F0ECA26002915ADA30F7775DC1877228C8B0439A714156BFD09C7242C66CCC47D3FD
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 006305A4, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentProcess.KERNEL32(00000008), ref: 006305AD
                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,00000008), ref: 006305B3
                                                                                                                                              • GetTokenInformation.ADVAPI32(00000008,00000012(TokenIntegrityLevel),00000000,00000004,00000008,00000000,00000008), ref: 006305D5
                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000008,TokenIntegrityLevel,00000000,00000004,00000008,00000000,00000008), ref: 006305E6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 215268677-0
                                                                                                                                              • Opcode ID: beaf13ca6dcdc4214629942012b1a0eac9a9662edadfd46b00e955bc16c9213b
                                                                                                                                              • Instruction ID: e7dc13fcac834a13ff8d9b01251f86dd7ce7e76202a8378fff9b600f36561095
                                                                                                                                              • Opcode Fuzzy Hash: beaf13ca6dcdc4214629942012b1a0eac9a9662edadfd46b00e955bc16c9213b
                                                                                                                                              • Instruction Fuzzy Hash: 66F030B46443007BE600EAA58D82FDB72DCAB44724F004929BF94C7291D778D859D766
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004D7F10, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetDC.USER32(00000000), ref: 004D7F19
                                                                                                                                              • SelectObject.GDI32(00000000,058A00B4), ref: 004D7F2B
                                                                                                                                              • GetTextMetricsW.GDI32(00000000,?,00000000,058A00B4,00000000), ref: 004D7F36
                                                                                                                                              • ReleaseDC.USER32 ref: 004D7F47
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MetricsObjectReleaseSelectText
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2013942131-0
                                                                                                                                              • Opcode ID: cb2ccd48719909d171b431e2836b4b58f56dd6c62d32136654e9759aee33fe23
                                                                                                                                              • Instruction ID: 68571fdfedaeb46b945dfb918bc852c20f8739b671d35cec57a4c246c5375620
                                                                                                                                              • Opcode Fuzzy Hash: cb2ccd48719909d171b431e2836b4b58f56dd6c62d32136654e9759aee33fe23
                                                                                                                                              • Instruction Fuzzy Hash: ABE0486164666133D921E2660D52BEB26488F412A9F08115BFD44D93D1E64DC95082FA
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005A4690, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegEnumKeyExW.ADVAPI32(006426FF,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,005A47D5,?,006426FF,00000008,00000000,00000000,005A4803), ref: 005A4749
                                                                                                                                              • RegCloseKey.ADVAPI32(006426FF,005A47DC,?,00000000,00000000,00000000,00000000,00000000,005A47D5,?,006426FF,00000008,00000000,00000000,005A4803), ref: 005A47CF
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseEnum
                                                                                                                                              • String ID: @&d
                                                                                                                                              • API String ID: 2818636725-114979511
                                                                                                                                              • Opcode ID: 7d895a5338614542f554597b1e32854d75357c752bbe5b71099f4e3e4a821345
                                                                                                                                              • Instruction ID: 8cffb6f52b91e46fc4b840fd11455cd1c93b91b23572a7cf3212c6bcb06dbe23
                                                                                                                                              • Opcode Fuzzy Hash: 7d895a5338614542f554597b1e32854d75357c752bbe5b71099f4e3e4a821345
                                                                                                                                              • Instruction Fuzzy Hash: 0C418E35A002489FDB11DBE5C981BAEBBF9FB8A300F614479E501A3281D7B4AE01CF64
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005ED924, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ShellExecuteExW.SHELL32(0000003C), ref: 005ED9C0
                                                                                                                                              • GetLastError.KERNEL32(00000000,005EDA08,?,?,?,00000001), ref: 005ED9CF
                                                                                                                                                • Part of subcall function 005A4018: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005A402B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DirectoryErrorExecuteLastShellSystem
                                                                                                                                              • String ID: <
                                                                                                                                              • API String ID: 893404051-4251816714
                                                                                                                                              • Opcode ID: d7908b4fe6dc5f3209647646d91c846216d3d730573c171ee948be2033c91d0c
                                                                                                                                              • Instruction ID: 0b1b6a285f36b22d6070b2703f1eb0bf734759d106ad89d5d675630a24275148
                                                                                                                                              • Opcode Fuzzy Hash: d7908b4fe6dc5f3209647646d91c846216d3d730573c171ee948be2033c91d0c
                                                                                                                                              • Instruction Fuzzy Hash: F4212E70904249DFDB14EF6AC8826AE7BF8BF49344F50043AF894E7282E7749D55CBA4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 006417E6, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097), ref: 00641826
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window
                                                                                                                                              • String ID: /INITPROCWND=$%x $@
                                                                                                                                              • API String ID: 2353593579-4169826103
                                                                                                                                              • Opcode ID: 97f61e84262e5551ddc4616fd3b627937f2c5337ad7c0296228096da18055fc8
                                                                                                                                              • Instruction ID: 31fb514c3101193b87b98efbebf0c0eeff3807f452a70bc18bde0981d2eb68d2
                                                                                                                                              • Opcode Fuzzy Hash: 97f61e84262e5551ddc4616fd3b627937f2c5337ad7c0296228096da18055fc8
                                                                                                                                              • Instruction Fuzzy Hash: AF219330A083089FDB01DBA4D851BEE7BE6EB4A314F5144B9F500D7291DB789945CB54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00640F14, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59processCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateProcessW.KERNEL32 ref: 00640F81
                                                                                                                                              • CloseHandle.KERNEL32(0064102C,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,00640FE8,?,00640FD8,00000000), ref: 00640F9E
                                                                                                                                                • Part of subcall function 00640E6C: GetLastError.KERNEL32(00000000,00640F07,?,?,?), ref: 00640E8F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseCreateErrorHandleLastProcess
                                                                                                                                              • String ID: D
                                                                                                                                              • API String ID: 3798668922-2746444292
                                                                                                                                              • Opcode ID: 67d8633a9a6111151e5d44b6b126c0978077ddce7e3e536ea79e82055fbe6aae
                                                                                                                                              • Instruction ID: 5a9d09ca9f37b41ed3e789cec12e097ed04ad1ae0a58754bed25af5c6ec0fbf8
                                                                                                                                              • Opcode Fuzzy Hash: 67d8633a9a6111151e5d44b6b126c0978077ddce7e3e536ea79e82055fbe6aae
                                                                                                                                              • Instruction Fuzzy Hash: E1115271644208AFEB50DBD5DC92E9E77BDEF08704F51407AFA04E7281E6745D058A58
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00642647, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 005EDCC4: GetCurrentProcess.KERNEL32(00000028), ref: 005EDCD4
                                                                                                                                                • Part of subcall function 005EDCC4: OpenProcessToken.ADVAPI32(00000000,00000028), ref: 005EDCDA
                                                                                                                                              • SetForegroundWindow.USER32(?), ref: 00642680
                                                                                                                                              Strings
                                                                                                                                              • Not restarting Windows because Uninstall is being run from the debugger., xrefs: 006426B7
                                                                                                                                              • Restarting Windows., xrefs: 00642657
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Process$CurrentForegroundOpenTokenWindow
                                                                                                                                              • String ID: Not restarting Windows because Uninstall is being run from the debugger.$Restarting Windows.
                                                                                                                                              • API String ID: 3179053593-4147564754
                                                                                                                                              • Opcode ID: 26b7918bb4ab7250339f9d428b95f993aca94995ab0247a6767b672573b89585
                                                                                                                                              • Instruction ID: 2fb7db109282ba6c5d8af437b46e852482154dacbe2ecb3cd7b4ece2fedb31a7
                                                                                                                                              • Opcode Fuzzy Hash: 26b7918bb4ab7250339f9d428b95f993aca94995ab0247a6767b672573b89585
                                                                                                                                              • Instruction Fuzzy Hash: 5E1186346142458FDB05FB65D851B9837E6EF49304F6140BAF904A73E2CB78AC81CB64
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 006431A4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0063752C: FreeLibrary.KERNEL32(?,006431D0,00000000,006431DF,?,?,?,?,?,00643CC3), ref: 00637542
                                                                                                                                                • Part of subcall function 00637148: GetTickCount.KERNEL32 ref: 00637190
                                                                                                                                                • Part of subcall function 005F3B34: SendMessageW.USER32(00000000,00000B01,00000000,00000000), ref: 005F3B53
                                                                                                                                              • GetCurrentProcess.KERNEL32(00000001,?,?,?,?,00643CC3), ref: 006431F9
                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000001,?,?,?,?,00643CC3), ref: 006431FF
                                                                                                                                              Strings
                                                                                                                                              • Detected restart. Removing temporary directory., xrefs: 006431B3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Process$CountCurrentFreeLibraryMessageSendTerminateTick
                                                                                                                                              • String ID: Detected restart. Removing temporary directory.
                                                                                                                                              • API String ID: 1717587489-3199836293
                                                                                                                                              • Opcode ID: e146eef4a53a0620258eeca0d59ccee7c0380083630dfb14a072bc94fa11e10e
                                                                                                                                              • Instruction ID: 0e9b2bca17a97e7462f5751be95bf77e899cf909b327f5f21059e7c2f0a66b70
                                                                                                                                              • Opcode Fuzzy Hash: e146eef4a53a0620258eeca0d59ccee7c0380083630dfb14a072bc94fa11e10e
                                                                                                                                              • Instruction Fuzzy Hash: 16E0ABB22087543EE72173BAAC168377F4EF786328B110035F200C3602C95A0A50C574
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005A534C, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 005A53DC: GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonDestroy,?,?,005A535A,?,?,?,006422F1,0000000A,00000002,00000001,00000031,00000000,0064251F), ref: 005A53EA
                                                                                                                                              • GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonCreate,?,?,?,006422F1,0000000A,00000002,00000001,00000031,00000000,0064251F,?,00000000,006425EC), ref: 005A5364
                                                                                                                                                • Part of subcall function 00412174: GetProcAddress.KERNEL32(?,?), ref: 0041219E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: HandleModule$AddressProc
                                                                                                                                              • String ID: ShutdownBlockReasonCreate$user32.dll
                                                                                                                                              • API String ID: 1883125708-2866557904
                                                                                                                                              • Opcode ID: 3216e729d0a78b4d1962007062984d5a7ffd4626fdc2f9c45a99c0a74814d1e8
                                                                                                                                              • Instruction ID: d7d17a5d399f275c3b09a2b8701af97b6c9654cfa51b7de62b337e57d17847cd
                                                                                                                                              • Opcode Fuzzy Hash: 3216e729d0a78b4d1962007062984d5a7ffd4626fdc2f9c45a99c0a74814d1e8
                                                                                                                                              • Instruction Fuzzy Hash: E0E0ECA2750A527E5A05B9BA1C81D6E498C99C76E93140C37B205E6152E9D8CD0641A9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005A4044, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,GetSystemWow64DirectoryW,?,005EBFD8,00000000,005EC0AA,?,?,0065B16C,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005A405E
                                                                                                                                                • Part of subcall function 00412174: GetProcAddress.KERNEL32(?,?), ref: 0041219E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                              • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                                              • API String ID: 1646373207-1816364905
                                                                                                                                              • Opcode ID: fad747d5e4819e0f0e614430a164f3226816bacc861dd8cd1eb6d385b30e0157
                                                                                                                                              • Instruction ID: a1fda7e4d192c9e704792244abf2fafeeea971f47a753acaee72bbd8c56a8ec2
                                                                                                                                              • Opcode Fuzzy Hash: fad747d5e4819e0f0e614430a164f3226816bacc861dd8cd1eb6d385b30e0157
                                                                                                                                              • Instruction Fuzzy Hash: 0AE0266074070122D71071FA4D8BA5F1689BBC2704F108D3D7B48DE2C3EDECC85429A1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005A5200, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleW.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,?,005A52F6,?,00000004,006539D4,005F3A1E,005F3E98,005F393C,?,00000B06,00000000,00000000), ref: 005A5217
                                                                                                                                                • Part of subcall function 00412174: GetProcAddress.KERNEL32(?,?), ref: 0041219E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                              • String ID: ChangeWindowMessageFilter$user32.dll
                                                                                                                                              • API String ID: 1646373207-2498399450
                                                                                                                                              • Opcode ID: b62467616f63258a312a08c8a8a409e1b453f71dd6167f5c57737f0a763e89f1
                                                                                                                                              • Instruction ID: 726b0114cabd36baeae771cb15df2cf163634593511f32ff084c3263a9a165a4
                                                                                                                                              • Opcode Fuzzy Hash: b62467616f63258a312a08c8a8a409e1b453f71dd6167f5c57737f0a763e89f1
                                                                                                                                              • Instruction Fuzzy Hash: 60E048B4240B00AFFB51EF649D55F593BA5FF46316F102419B24096190D7B824C8CED0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005A53DC, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonDestroy,?,?,005A535A,?,?,?,006422F1,0000000A,00000002,00000001,00000031,00000000,0064251F), ref: 005A53EA
                                                                                                                                                • Part of subcall function 00412174: GetProcAddress.KERNEL32(?,?), ref: 0041219E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                              • String ID: ShutdownBlockReasonDestroy$user32.dll
                                                                                                                                              • API String ID: 1646373207-260599015
                                                                                                                                              • Opcode ID: ca07dcaec19f494e2c9996d0ac0f74c4b8a2d70f9398634215657c7247be9d31
                                                                                                                                              • Instruction ID: 771d4dad54d0fccad98d8b86be165bb69176f33293bb73d96dee2fae684d4553
                                                                                                                                              • Opcode Fuzzy Hash: ca07dcaec19f494e2c9996d0ac0f74c4b8a2d70f9398634215657c7247be9d31
                                                                                                                                              • Instruction Fuzzy Hash: A4D0C9A2395B63262E15B5F91CC2CEF4A8CA95B2AB3244076FB00D6142FA99CC9211A5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00643CF8, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 9COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleW.KERNEL32(user32.dll,DisableProcessWindowsGhosting,0064E4FE,00000001,00000000,0064E524,?,?,000000EC,00000000), ref: 00643D02
                                                                                                                                                • Part of subcall function 00412174: GetProcAddress.KERNEL32(?,?), ref: 0041219E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.655739480.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000008.00000002.655732378.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655979581.000000000064F000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655990986.000000000065A000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.655999307.000000000065D000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656006417.000000000065F000.00000008.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656013510.0000000000661000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656019825.0000000000662000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 00000008.00000002.656026252.0000000000664000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_400000_VoicemodSetup_2.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                              • String ID: DisableProcessWindowsGhosting$user32.dll
                                                                                                                                              • API String ID: 1646373207-834958232
                                                                                                                                              • Opcode ID: 5bab2f4d02a5c1ef6fc183c00f907bf16da93b2ed269001b918c4644a1deab67
                                                                                                                                              • Instruction ID: f99cfd8ccd77d0cb15f20206fd3b3e0a4cadd90644d09abc461b3d418eca9678
                                                                                                                                              • Opcode Fuzzy Hash: 5bab2f4d02a5c1ef6fc183c00f907bf16da93b2ed269001b918c4644a1deab67
                                                                                                                                              • Instruction Fuzzy Hash: BDB012B0FC0323316F147AF20F0388D042A8C8070C72100653600D0383CDD8C3515075
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Analysis Process: SaveDefaultDevices.exe PID: 5604 Parent PID: 3096 SaveDefaultDevices.exeCOMMON

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:2.6%
                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                              Signature Coverage:8.7%
                                                                                                                                              Total number of Nodes:400
                                                                                                                                              Total number of Limit Nodes:26

                                                                                                                                              Graph

                                                                                                                                              execution_graph 12294 7ff7f884a5b0 12295 7ff7f884a5c9 __scrt_initialize_crt 12294->12295 12296 7ff7f884a707 12295->12296 12297 7ff7f884a5d1 __scrt_acquire_startup_lock 12295->12297 12363 7ff7f884adf8 IsProcessorFeaturePresent 12296->12363 12299 7ff7f884a711 12297->12299 12304 7ff7f884a5ef __scrt_is_nonwritable_in_current_image __scrt_release_startup_lock 12297->12304 12300 7ff7f884adf8 __scrt_fastfail 9 API calls 12299->12300 12301 7ff7f884a71c 12300->12301 12303 7ff7f884a724 _exit 12301->12303 12302 7ff7f884a614 12304->12302 12305 7ff7f884a69a __p___argv __p___argc _get_initial_narrow_environment 12304->12305 12308 7ff7f884a692 _register_thread_local_exe_atexit_callback 12304->12308 12314 7ff7f8831140 12305->12314 12308->12305 12311 7ff7f884a6c7 12312 7ff7f884a6cc _cexit 12311->12312 12313 7ff7f884a6d1 __scrt_uninitialize_crt 12311->12313 12312->12313 12313->12302 12315 7ff7f88315ae 12314->12315 12316 7ff7f8831190 12314->12316 12463 7ff7f884a440 12315->12463 12369 7ff7f8833060 QueryPerformanceFrequency 12316->12369 12321 7ff7f883159e 12321->12315 12459 7ff7f8832ff0 12321->12459 12322 7ff7f8831222 memset ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA 12378 7ff7f8832740 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 12322->12378 12326 7ff7f88313b2 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N 12332 7ff7f88313ce 12326->12332 12327 7ff7f88312c5 ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH 12327->12326 12328 7ff7f88312e1 12327->12328 12329 7ff7f8832740 10 API calls 12328->12329 12330 7ff7f88312f3 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2 12329->12330 12383 7ff7f8832a40 ??0_Lockit@std@@QEAA@H ??Bid@locale@std@ 12330->12383 12332->12332 12396 7ff7f88323d0 12332->12396 12335 7ff7f8831363 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 12338 7ff7f883131b ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N 12335->12338 12337 7ff7f883140a 12337->12337 12339 7ff7f88323d0 8 API calls 12337->12339 12338->12332 12340 7ff7f8831446 12339->12340 12414 7ff7f8832e10 12340->12414 12345 7ff7f8832e10 7 API calls 12346 7ff7f883148e 12345->12346 12440 7ff7f8832800 12346->12440 12348 7ff7f8831497 12349 7ff7f88314b8 12348->12349 12350 7ff7f883149c ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N 12348->12350 12446 7ff7f8833260 12349->12446 12350->12349 12352 7ff7f88314bd 12353 7ff7f88314f8 12352->12353 12356 7ff7f883153f _invalid_parameter_noinfo_noreturn 12352->12356 12451 7ff7f884a4a0 12352->12451 12354 7ff7f883154b 12353->12354 12353->12356 12358 7ff7f8831546 12353->12358 12454 7ff7f8832270 12354->12454 12356->12358 12360 7ff7f884a4a0 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t free 12358->12360 12360->12354 12361 7ff7f884af44 GetModuleHandleW 12362 7ff7f884a6c3 12361->12362 12362->12301 12362->12311 12364 7ff7f884ae1d __scrt_fastfail 12363->12364 12365 7ff7f884ae2b memset RtlCaptureContext RtlLookupFunctionEntry 12364->12365 12366 7ff7f884ae65 RtlVirtualUnwind 12365->12366 12367 7ff7f884aea1 memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 12365->12367 12366->12367 12368 7ff7f884af25 __scrt_fastfail 12367->12368 12368->12299 12370 7ff7f883307c GlobalAlloc 12369->12370 12372 7ff7f88330fe 12370->12372 12375 7ff7f883316c 12370->12375 12373 7ff7f8831195 12372->12373 12374 7ff7f883314f GlobalFree 12372->12374 12373->12315 12373->12321 12373->12322 12374->12373 12375->12372 12375->12373 12472 7ff7f8841a20 GlobalAlloc 12375->12472 12505 7ff7f88345e0 LoadLibraryA 12375->12505 12379 7ff7f88327cd 12378->12379 12380 7ff7f883277f _get_stream_buffer_pointers 12378->12380 12381 7ff7f884a440 8 API calls 12379->12381 12380->12379 12382 7ff7f88312b9 12381->12382 12382->12326 12382->12327 12384 7ff7f8832a9d 12383->12384 12385 7ff7f8832b12 ??1_Lockit@std@@QEAA 12384->12385 12387 7ff7f8832ac0 12384->12387 12388 7ff7f8832ab4 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12 12384->12388 12386 7ff7f884a440 8 API calls 12385->12386 12389 7ff7f883130b ?always_noconv@codecvt_base@std@ 12386->12389 12387->12385 12390 7ff7f8832ad7 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@ 12387->12390 12388->12387 12389->12335 12389->12338 12391 7ff7f8832aeb 12390->12391 12392 7ff7f8832b40 std::bad_alloc::bad_alloc 12390->12392 12688 7ff7f884a3e0 12391->12688 12395 7ff7f8832b4a _CxxThrowException 12392->12395 12397 7ff7f88323ee memmove 12396->12397 12401 7ff7f8832419 12396->12401 12397->12337 12399 7ff7f883251c 12707 7ff7f8832dc0 ?_Xlength_error@std@@YAXPEBD 12399->12707 12401->12399 12402 7ff7f883249d 12401->12402 12403 7ff7f8832476 12401->12403 12406 7ff7f884a464 std::_Facet_Register 3 API calls 12402->12406 12408 7ff7f8832486 12402->12408 12405 7ff7f884a464 std::_Facet_Register 3 API calls 12403->12405 12405->12408 12406->12408 12407 7ff7f88324b1 memmove 12409 7ff7f88324fe 12407->12409 12412 7ff7f88324d1 12407->12412 12408->12407 12410 7ff7f8832515 _invalid_parameter_noinfo_noreturn 12408->12410 12409->12337 12410->12399 12411 7ff7f88324f6 12413 7ff7f884a4a0 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t free 12411->12413 12412->12410 12412->12411 12413->12409 12415 7ff7f8832e52 12414->12415 12416 7ff7f8832ea3 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 12415->12416 12423 7ff7f8832eb2 12415->12423 12416->12423 12418 7ff7f8832f55 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J 12419 7ff7f8832ec5 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N ?uncaught_exception@std@ 12418->12419 12420 7ff7f8832f01 12418->12420 12421 7ff7f8832fac ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 12419->12421 12422 7ff7f8831466 12419->12422 12420->12419 12426 7ff7f8832f15 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD 12420->12426 12421->12422 12427 7ff7f8832880 12422->12427 12423->12418 12423->12419 12424 7ff7f8832f52 12423->12424 12425 7ff7f8832ee5 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD 12423->12425 12424->12418 12425->12420 12425->12423 12426->12419 12426->12420 12428 7ff7f88328bb 12427->12428 12431 7ff7f8832907 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 12428->12431 12438 7ff7f8832916 12428->12438 12430 7ff7f883296a ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J 12436 7ff7f883298c 12430->12436 12437 7ff7f8832929 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N ?uncaught_exception@std@ 12430->12437 12431->12438 12432 7ff7f8832967 12432->12430 12433 7ff7f8832946 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD 12433->12437 12433->12438 12434 7ff7f883146f 12434->12345 12435 7ff7f88329ff ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 12435->12434 12436->12437 12439 7ff7f8832995 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD 12436->12439 12437->12434 12437->12435 12438->12430 12438->12432 12438->12433 12438->12437 12439->12436 12439->12437 12441 7ff7f883281c 12440->12441 12442 7ff7f8832822 12440->12442 12443 7ff7f8832845 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 12441->12443 12709 7ff7f8832560 12442->12709 12443->12348 12447 7ff7f883328d 12446->12447 12448 7ff7f883326e 12446->12448 12447->12352 12449 7ff7f8833278 12448->12449 12450 7ff7f8832ff0 GlobalFree 12448->12450 12449->12352 12450->12449 12452 7ff7f884acd0 free 12451->12452 12455 7ff7f8832296 12454->12455 12456 7ff7f88322d4 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA 12455->12456 12457 7ff7f8832800 33 API calls 12455->12457 12458 7ff7f88322d3 12457->12458 12458->12456 12460 7ff7f8833000 12459->12460 12461 7ff7f883304c 12460->12461 12462 7ff7f8833046 GlobalFree 12460->12462 12461->12315 12462->12461 12464 7ff7f884a44a 12463->12464 12465 7ff7f88315d5 12464->12465 12466 7ff7f884a774 IsProcessorFeaturePresent 12464->12466 12465->12361 12467 7ff7f884a78b 12466->12467 12755 7ff7f884a848 RtlCaptureContext 12467->12755 12473 7ff7f8841a84 12472->12473 12494 7ff7f8841a78 12472->12494 12534 7ff7f8847ee0 12473->12534 12475 7ff7f8841a89 12477 7ff7f8841a99 waveInMessage waveOutMessage waveInGetNumDevs 12475->12477 12478 7ff7f8841fc5 12475->12478 12476 7ff7f884a440 8 API calls 12479 7ff7f8841f9a 12476->12479 12480 7ff7f8841b2e 12477->12480 12481 7ff7f8841b31 waveOutGetNumDevs 12477->12481 12483 7ff7f8842013 GlobalFree 12478->12483 12587 7ff7f8848050 12478->12587 12479->12375 12480->12481 12482 7ff7f8841b42 12481->12482 12485 7ff7f8841dba GetEnvironmentVariableA 12482->12485 12541 7ff7f8847fb0 12482->12541 12483->12494 12486 7ff7f8841e07 GetEnvironmentVariableA 12485->12486 12487 7ff7f8841ddc atoi 12485->12487 12492 7ff7f8841e29 atoi 12486->12492 12486->12494 12487->12486 12490 7ff7f8841dee 12487->12490 12488 7ff7f8841fdb 12491 7ff7f884200a GlobalFree 12488->12491 12495 7ff7f8841ffc GlobalFree 12488->12495 12490->12486 12491->12483 12492->12494 12493 7ff7f8841b61 12493->12478 12496 7ff7f8847fb0 2 API calls 12493->12496 12494->12476 12495->12488 12497 7ff7f8841b88 12496->12497 12497->12478 12498 7ff7f8847fb0 2 API calls 12497->12498 12499 7ff7f8841bac 12498->12499 12499->12478 12500 7ff7f8841bbc GetVersionExA 12499->12500 12504 7ff7f8841bd8 12500->12504 12503 7ff7f8841ce9 12503->12478 12503->12485 12568 7ff7f8841790 waveOutGetDevCapsA 12503->12568 12504->12478 12504->12503 12549 7ff7f8841510 waveInGetDevCapsA 12504->12549 12506 7ff7f8834a3d 12505->12506 12507 7ff7f883460b GetProcAddress 12505->12507 12506->12375 12507->12506 12508 7ff7f883462b GetProcAddress 12507->12508 12508->12506 12509 7ff7f883464f GetProcAddress 12508->12509 12509->12506 12510 7ff7f8834673 GetProcAddress 12509->12510 12510->12506 12511 7ff7f8834697 GetProcAddress 12510->12511 12511->12506 12512 7ff7f88346bb GetProcAddress 12511->12512 12512->12506 12513 7ff7f88346df 12512->12513 12513->12506 12514 7ff7f8834725 GlobalAlloc 12513->12514 12515 7ff7f883474c 12514->12515 12516 7ff7f8834756 memset CoInitialize 12514->12516 12641 7ff7f8834a50 12515->12641 12517 7ff7f8834802 12516->12517 12518 7ff7f8834782 12516->12518 12521 7ff7f8834820 12517->12521 12522 7ff7f883480a GetCurrentThreadId 12517->12522 12520 7ff7f883478d 12518->12520 12518->12521 12520->12515 12524 7ff7f8834794 FormatMessageA strncpy LocalFree 12520->12524 12525 7ff7f8847ee0 3 API calls 12521->12525 12522->12521 12523 7ff7f88348b9 12523->12375 12524->12515 12526 7ff7f8834825 12525->12526 12526->12515 12611 7ff7f8833e50 12526->12611 12528 7ff7f88348ab 12528->12515 12529 7ff7f88348d3 GetModuleHandleA GetProcAddress 12528->12529 12530 7ff7f8834900 GetCurrentProcess 12529->12530 12531 7ff7f8834920 12529->12531 12532 7ff7f8834910 12530->12532 12531->12523 12532->12531 12655 7ff7f8833840 12532->12655 12591 7ff7f8847d30 GlobalAlloc 12534->12591 12537 7ff7f8847efb GlobalAlloc 12539 7ff7f8847f3e GlobalFree 12537->12539 12540 7ff7f8847f16 12537->12540 12538 7ff7f8847f55 12538->12475 12539->12475 12540->12475 12542 7ff7f8847fc7 12541->12542 12543 7ff7f8847fef 12541->12543 12544 7ff7f8847d30 GlobalAlloc 12542->12544 12545 7ff7f8847ff6 GlobalAlloc 12543->12545 12546 7ff7f8848034 12543->12546 12548 7ff7f8847fd5 12544->12548 12545->12546 12547 7ff7f884800c 12545->12547 12546->12493 12547->12493 12548->12543 12550 7ff7f8841556 12549->12550 12551 7ff7f8841560 12549->12551 12552 7ff7f884a440 8 API calls 12550->12552 12551->12550 12553 7ff7f8841598 12551->12553 12554 7ff7f8841602 12551->12554 12555 7ff7f8841774 12552->12555 12556 7ff7f8847fb0 2 API calls 12553->12556 12557 7ff7f8847fb0 2 API calls 12554->12557 12555->12504 12559 7ff7f88415a0 12556->12559 12557->12559 12558 7ff7f8841680 waveInMessage 12560 7ff7f88416a2 GlobalAlloc 12558->12560 12565 7ff7f88416f2 12558->12565 12559->12550 12559->12558 12561 7ff7f88416b8 waveInMessage 12560->12561 12560->12565 12563 7ff7f88416e9 GlobalFree 12561->12563 12564 7ff7f88416d2 12561->12564 12563->12565 12593 7ff7f8849e80 12564->12593 12565->12550 12607 7ff7f8841360 12565->12607 12567 7ff7f88416dd 12567->12563 12569 7ff7f88417d6 12568->12569 12570 7ff7f88417e0 12568->12570 12571 7ff7f884a440 8 API calls 12569->12571 12570->12569 12572 7ff7f8841818 12570->12572 12573 7ff7f8841882 12570->12573 12574 7ff7f8841a06 12571->12574 12575 7ff7f8847fb0 2 API calls 12572->12575 12576 7ff7f8847fb0 2 API calls 12573->12576 12574->12503 12578 7ff7f8841820 12575->12578 12576->12578 12577 7ff7f8841903 waveOutMessage 12579 7ff7f8841925 GlobalAlloc 12577->12579 12584 7ff7f8841978 12577->12584 12578->12569 12578->12577 12580 7ff7f884193b waveOutMessage 12579->12580 12579->12584 12582 7ff7f884196b GlobalFree 12580->12582 12583 7ff7f8841955 12580->12583 12581 7ff7f8841360 8 API calls 12581->12584 12582->12584 12585 7ff7f8849e80 14 API calls 12583->12585 12584->12569 12584->12581 12586 7ff7f884195f 12585->12586 12586->12582 12588 7ff7f8848066 12587->12588 12590 7ff7f884808e 12587->12590 12589 7ff7f8848079 GlobalFree 12588->12589 12588->12590 12589->12588 12590->12488 12592 7ff7f8847d70 12591->12592 12592->12537 12592->12538 12594 7ff7f8849eb8 CreateFileW 12593->12594 12595 7ff7f884a363 12593->12595 12594->12595 12596 7ff7f8849eeb DeviceIoControl 12594->12596 12595->12567 12606 7ff7f8849f52 12596->12606 12597 7ff7f884a338 FindCloseChangeNotification 12597->12567 12598 7ff7f8849f80 DeviceIoControl 12598->12606 12599 7ff7f8849fe7 DeviceIoControl 12599->12606 12600 7ff7f884a32d 12600->12597 12601 7ff7f884a0dd GlobalFree 12601->12606 12602 7ff7f8849d50 DeviceIoControl GetLastError GlobalAlloc DeviceIoControl GlobalFree 12602->12606 12603 7ff7f884a16d GlobalFree 12603->12606 12604 7ff7f884a1fd GlobalFree 12604->12606 12605 7ff7f884a316 GlobalFree 12605->12606 12606->12597 12606->12598 12606->12599 12606->12600 12606->12601 12606->12602 12606->12603 12606->12604 12606->12605 12608 7ff7f88413a0 12607->12608 12609 7ff7f884a440 8 API calls 12608->12609 12610 7ff7f88414f5 12609->12610 12610->12565 12612 7ff7f88345c5 12611->12612 12613 7ff7f8833e86 12611->12613 12612->12528 12613->12612 12614 7ff7f8833e90 CoCreateInstance 12613->12614 12615 7ff7f8833ece 12614->12615 12616 7ff7f8833f06 12614->12616 12615->12616 12617 7ff7f8833f7a wcsncpy CoTaskMemFree 12615->12617 12618 7ff7f8833ef0 12615->12618 12616->12528 12617->12618 12618->12616 12619 7ff7f8833ff0 wcsncpy CoTaskMemFree 12618->12619 12620 7ff7f8833fc3 12618->12620 12619->12620 12620->12616 12621 7ff7f883404f GlobalAlloc 12620->12621 12621->12616 12622 7ff7f883407e memset 12621->12622 12622->12616 12623 7ff7f8834098 12622->12623 12624 7ff7f8847fb0 2 API calls 12623->12624 12625 7ff7f88340ab 12624->12625 12625->12616 12626 7ff7f8847fb0 2 API calls 12625->12626 12627 7ff7f88340d2 12626->12627 12627->12616 12628 7ff7f88340ea memset 12627->12628 12628->12616 12630 7ff7f8834108 12628->12630 12629 7ff7f8834175 wcsncpy CoTaskMemFree lstrcmpW 12629->12630 12631 7ff7f88341c2 lstrcmpW 12629->12631 12630->12616 12630->12629 12630->12631 12632 7ff7f8847fb0 2 API calls 12630->12632 12634 7ff7f883428e WideCharToMultiByte 12630->12634 12636 7ff7f8834312 memmove PropVariantClear 12630->12636 12637 7ff7f8834361 PropVariantClear 12630->12637 12639 7ff7f8834584 12630->12639 12670 7ff7f8833430 12630->12670 12673 7ff7f88339e0 12630->12673 12631->12630 12632->12630 12635 7ff7f88342cb PropVariantClear 12634->12635 12635->12630 12636->12630 12637->12630 12679 7ff7f8833490 12639->12679 12642 7ff7f8834b62 12641->12642 12645 7ff7f8834a59 12641->12645 12642->12523 12643 7ff7f8834ac0 GlobalFree 12644 7ff7f8834ac6 12643->12644 12646 7ff7f8834b13 12644->12646 12649 7ff7f8848050 GlobalFree 12644->12649 12645->12643 12645->12644 12647 7ff7f8834b29 GetCurrentThreadId 12646->12647 12648 7ff7f8834b47 GlobalFree 12646->12648 12647->12648 12651 7ff7f8834b37 CoUninitialize 12647->12651 12648->12642 12652 7ff7f8834b5c FreeLibrary 12648->12652 12650 7ff7f8834add 12649->12650 12653 7ff7f8834b0a GlobalFree 12650->12653 12654 7ff7f8834afc GlobalFree 12650->12654 12651->12648 12652->12642 12653->12646 12654->12650 12656 7ff7f88339c6 12655->12656 12657 7ff7f8833854 GetModuleHandleA GetProcAddress 12655->12657 12656->12531 12658 7ff7f8833955 12657->12658 12664 7ff7f883387f 12657->12664 12684 7ff7f8833710 memset GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 12658->12684 12661 7ff7f8833963 12661->12531 12662 7ff7f8833710 13 API calls 12663 7ff7f883398c 12662->12663 12663->12664 12665 7ff7f8833710 13 API calls 12663->12665 12664->12531 12666 7ff7f883399e 12665->12666 12666->12664 12667 7ff7f8833710 13 API calls 12666->12667 12668 7ff7f88339b4 12667->12668 12668->12664 12669 7ff7f8833710 13 API calls 12668->12669 12669->12656 12683 7ff7f8833420 12670->12683 12672 7ff7f8833455 __stdio_common_vsprintf 12672->12635 12674 7ff7f88339f0 12673->12674 12678 7ff7f88339fa 12673->12678 12675 7ff7f8833840 15 API calls 12674->12675 12676 7ff7f88339f5 12675->12676 12677 7ff7f8833840 15 API calls 12676->12677 12676->12678 12677->12678 12678->12630 12680 7ff7f88334a0 12679->12680 12681 7ff7f8833664 strncpy 12680->12681 12682 7ff7f883350b 12680->12682 12681->12616 12682->12616 12683->12672 12685 7ff7f88337c2 12684->12685 12686 7ff7f884a440 8 API calls 12685->12686 12687 7ff7f8833826 12686->12687 12687->12661 12687->12662 12691 7ff7f884a464 12688->12691 12692 7ff7f884a47e malloc 12691->12692 12693 7ff7f8832afd 12692->12693 12694 7ff7f884a46f 12692->12694 12693->12385 12694->12692 12695 7ff7f884a48e 12694->12695 12698 7ff7f884a499 12695->12698 12700 7ff7f884ac90 12695->12700 12703 7ff7f884acb0 12698->12703 12706 7ff7f884abb8 12700->12706 12702 7ff7f884ac9e _CxxThrowException 12704 7ff7f884acbe std::bad_alloc::bad_alloc 12703->12704 12705 7ff7f884b24a free 12704->12705 12706->12702 12708 7ff7f8832521 12707->12708 12710 7ff7f88325b5 12709->12710 12713 7ff7f883259b 12709->12713 12711 7ff7f884a440 8 API calls 12710->12711 12712 7ff7f883271e fclose 12711->12712 12712->12443 12713->12710 12723 7ff7f88316d0 12713->12723 12715 7ff7f88325d0 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD 12718 7ff7f88325c5 12715->12718 12716 7ff7f8832644 fwrite 12717 7ff7f883260b 12716->12717 12716->12718 12717->12710 12719 7ff7f8832706 12717->12719 12720 7ff7f88326ff _invalid_parameter_noinfo_noreturn 12717->12720 12718->12715 12718->12716 12718->12717 12738 7ff7f8832b60 12718->12738 12721 7ff7f884a4a0 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t free 12719->12721 12720->12719 12721->12710 12724 7ff7f8831723 12723->12724 12730 7ff7f8831702 12723->12730 12725 7ff7f8831768 12724->12725 12726 7ff7f883178f 12724->12726 12727 7ff7f884a464 std::_Facet_Register 3 API calls 12725->12727 12728 7ff7f8831778 12726->12728 12729 7ff7f884a464 std::_Facet_Register 3 API calls 12726->12729 12727->12728 12728->12730 12731 7ff7f8831801 _invalid_parameter_noinfo_noreturn 12728->12731 12732 7ff7f88317de 12728->12732 12729->12728 12730->12718 12734 7ff7f8832a40 17 API calls 12731->12734 12733 7ff7f884a4a0 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t free 12732->12733 12733->12730 12735 7ff7f8831825 ?always_noconv@codecvt_base@std@ 12734->12735 12736 7ff7f8831848 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 12735->12736 12737 7ff7f8831835 12735->12737 12737->12718 12739 7ff7f8832cf1 12738->12739 12740 7ff7f8832b92 12738->12740 12741 7ff7f8832dc0 ?_Xlength_error@std@@YAXPEBD 12739->12741 12742 7ff7f8832bf6 12740->12742 12745 7ff7f8832c1d 12740->12745 12743 7ff7f8832cf6 __std_exception_copy 12741->12743 12744 7ff7f884a464 std::_Facet_Register 3 API calls 12742->12744 12743->12718 12746 7ff7f8832c06 12744->12746 12745->12746 12747 7ff7f884a464 std::_Facet_Register 3 API calls 12745->12747 12748 7ff7f8832ca5 _invalid_parameter_noinfo_noreturn 12746->12748 12749 7ff7f8832cac memmove memset 12746->12749 12750 7ff7f8832c55 memmove memset 12746->12750 12747->12746 12748->12749 12751 7ff7f8832ca3 12749->12751 12752 7ff7f8832c98 12750->12752 12753 7ff7f8832c83 12750->12753 12751->12718 12754 7ff7f884a4a0 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t free 12752->12754 12753->12748 12753->12752 12754->12751 12756 7ff7f884a862 RtlLookupFunctionEntry 12755->12756 12757 7ff7f884a878 RtlVirtualUnwind 12756->12757 12758 7ff7f884a79e 12756->12758 12757->12756 12757->12758 12759 7ff7f884a740 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 12758->12759 12289 7ff7f884a594 12293 7ff7f884af98 SetUnhandledExceptionFilter 12289->12293

                                                                                                                                              Executed Functions

                                                                                                                                              Function 00007FF7F88345E0, Relevance: 47.5, APIs: 17, Strings: 10, Instructions: 218libraryloadermemoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 0 7ff7f88345e0-7ff7f8834605 LoadLibraryA 1 7ff7f8834a3d-7ff7f8834a47 0->1 2 7ff7f883460b-7ff7f8834625 GetProcAddress 0->2 2->1 3 7ff7f883462b-7ff7f8834649 GetProcAddress 2->3 3->1 4 7ff7f883464f-7ff7f883466d GetProcAddress 3->4 4->1 5 7ff7f8834673-7ff7f8834691 GetProcAddress 4->5 5->1 6 7ff7f8834697-7ff7f88346b5 GetProcAddress 5->6 6->1 7 7ff7f88346bb-7ff7f88346d9 GetProcAddress 6->7 7->1 8 7ff7f88346df-7ff7f88346e7 7->8 8->1 9 7ff7f88346ed-7ff7f88346f5 8->9 9->1 10 7ff7f88346fb-7ff7f8834703 9->10 10->1 11 7ff7f8834709-7ff7f8834711 10->11 11->1 12 7ff7f8834717-7ff7f883471f 11->12 12->1 13 7ff7f8834725-7ff7f883474a GlobalAlloc 12->13 14 7ff7f883474c-7ff7f8834751 13->14 15 7ff7f8834756-7ff7f883477c memset CoInitialize 13->15 16 7ff7f88348b1-7ff7f88348b4 call 7ff7f8834a50 14->16 17 7ff7f8834802-7ff7f8834808 15->17 18 7ff7f8834782-7ff7f8834787 15->18 23 7ff7f88348b9 16->23 21 7ff7f8834820-7ff7f883482f call 7ff7f8847ee0 17->21 22 7ff7f883480a-7ff7f883481a GetCurrentThreadId 17->22 20 7ff7f883478d-7ff7f8834792 18->20 18->21 20->14 24 7ff7f8834794-7ff7f88347fd FormatMessageA strncpy LocalFree 20->24 21->14 28 7ff7f8834835-7ff7f88348a6 call 7ff7f8833e50 21->28 22->21 26 7ff7f88348bb-7ff7f88348d2 23->26 24->16 30 7ff7f88348ab-7ff7f88348af 28->30 30->16 31 7ff7f88348d3-7ff7f88348fe GetModuleHandleA GetProcAddress 30->31 32 7ff7f8834900-7ff7f8834912 GetCurrentProcess 31->32 33 7ff7f8834924 31->33 32->33 36 7ff7f8834914-7ff7f8834919 32->36 34 7ff7f8834926-7ff7f8834a38 33->34 34->26 36->33 37 7ff7f883491b-7ff7f8834922 call 7ff7f8833840 36->37 37->33 37->34
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressProc$AllocCurrentFormatFreeGlobalHandleInitializeLibraryLoadLocalMessageModuleProcessmemsetstrncpy
                                                                                                                                              • String ID: AvRevertMmThreadCharacteristics$AvRtCreateThreadOrderingGroup$AvRtDeleteThreadOrderingGroup$AvRtWaitOnThreadOrderingGroup$AvSetMmThreadCharacteristicsA$AvSetMmThreadPriority$IsWow64Process$Windows WASAPI$avrt.dll$kernel32
                                                                                                                                              • API String ID: 251791136-3651346807
                                                                                                                                              • Opcode ID: 8de09b369b9711617f9a87ddd2fbfe6e50d977d44d45b79f92953de5cdef1483
                                                                                                                                              • Instruction ID: 4fc319bcf574ca2857685a7b5f2ff56640ffa0e549b05c2bcb10507ef2a48af7
                                                                                                                                              • Opcode Fuzzy Hash: 8de09b369b9711617f9a87ddd2fbfe6e50d977d44d45b79f92953de5cdef1483
                                                                                                                                              • Instruction Fuzzy Hash: 70C11832A39B4685EB11EB14E840369F3A4FB44B54F884136C96D477E4EF3CE464E7A8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8833E50, Relevance: 32.0, APIs: 17, Strings: 1, Instructions: 463stringcommemoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 40 7ff7f8833e50-7ff7f8833e80 41 7ff7f88345c5-7ff7f88345d8 40->41 42 7ff7f8833e86-7ff7f8833e8a 40->42 42->41 43 7ff7f8833e90-7ff7f8833ecc CoCreateInstance 42->43 44 7ff7f8833ece-7ff7f8833eee 43->44 45 7ff7f8833f06 43->45 49 7ff7f8833ef0-7ff7f8833ef5 44->49 50 7ff7f8833f64-7ff7f8833f78 44->50 46 7ff7f8833f08 45->46 48 7ff7f8833f0b-7ff7f8833f12 46->48 51 7ff7f8833f1e-7ff7f8833f25 48->51 52 7ff7f8833f14 48->52 53 7ff7f8833efb-7ff7f8833f00 49->53 54 7ff7f8833fa5-7ff7f8833fc1 49->54 50->45 60 7ff7f8833f7a-7ff7f8833f9f wcsncpy CoTaskMemFree 50->60 55 7ff7f8833f27 51->55 56 7ff7f8833f2d-7ff7f8833f33 51->56 58 7ff7f8833f1a 52->58 53->45 53->54 62 7ff7f8833fd6-7ff7f8833fea 54->62 63 7ff7f8833fc3-7ff7f8833fc8 54->63 55->56 59 7ff7f8833f35-7ff7f8833f63 56->59 58->51 60->54 62->45 69 7ff7f8833ff0-7ff7f8834015 wcsncpy CoTaskMemFree 62->69 64 7ff7f8833fca-7ff7f8833fcf 63->64 65 7ff7f883401b-7ff7f8834034 63->65 64->65 66 7ff7f8833fd1 64->66 65->45 70 7ff7f883403a-7ff7f8834049 65->70 66->45 69->65 70->45 72 7ff7f883404f-7ff7f8834070 GlobalAlloc 70->72 73 7ff7f883407e-7ff7f8834092 memset 72->73 74 7ff7f8834072-7ff7f8834079 72->74 75 7ff7f883459a 73->75 76 7ff7f8834098-7ff7f88340b2 call 7ff7f8847fb0 73->76 74->48 78 7ff7f883459c-7ff7f88345a3 75->78 84 7ff7f88340c0-7ff7f88340dc call 7ff7f8847fb0 76->84 85 7ff7f88340b4-7ff7f88340bb 76->85 80 7ff7f88345af-7ff7f88345b6 78->80 81 7ff7f88345a5-7ff7f88345ab 78->81 82 7ff7f88345b8 80->82 83 7ff7f88345be-7ff7f88345c0 80->83 81->80 82->83 83->59 89 7ff7f88340ea-7ff7f8834102 memset 84->89 90 7ff7f88340de-7ff7f88340e5 84->90 85->48 89->75 91 7ff7f8834108-7ff7f8834110 89->91 90->48 92 7ff7f8834112-7ff7f883414e 91->92 92->46 94 7ff7f8834154-7ff7f883416f 92->94 94->46 96 7ff7f8834175-7ff7f88341ba wcsncpy CoTaskMemFree lstrcmpW 94->96 97 7ff7f88341bc-7ff7f88341bf 96->97 98 7ff7f88341c2-7ff7f88341df lstrcmpW 96->98 97->98 99 7ff7f88341e7-7ff7f8834204 98->99 100 7ff7f88341e1-7ff7f88341e4 98->100 99->46 102 7ff7f883420a-7ff7f8834223 99->102 100->99 102->46 104 7ff7f8834229-7ff7f8834246 102->104 105 7ff7f883424c-7ff7f883424e 104->105 105->46 106 7ff7f8834254-7ff7f883426d call 7ff7f8847fb0 105->106 109 7ff7f8834590-7ff7f8834595 106->109 110 7ff7f8834273-7ff7f883427a 106->110 109->48 111 7ff7f883427c 110->111 112 7ff7f88342b4-7ff7f88342c6 call 7ff7f8833430 110->112 113 7ff7f8834283-7ff7f883428c 111->113 116 7ff7f88342cb-7ff7f88342fa PropVariantClear 112->116 113->113 115 7ff7f883428e-7ff7f88342b2 WideCharToMultiByte 113->115 115->116 116->46 118 7ff7f8834300-7ff7f883430d 116->118 119 7ff7f8834312-7ff7f883435b memmove PropVariantClear 118->119 120 7ff7f883430f 118->120 119->46 122 7ff7f8834361-7ff7f8834384 PropVariantClear 119->122 120->119 123 7ff7f8834390-7ff7f88343b1 122->123 124 7ff7f8834386-7ff7f883438c 122->124 127 7ff7f88343de-7ff7f883440d call 7ff7f88339e0 123->127 128 7ff7f88343b3-7ff7f88343d6 123->128 124->123 127->45 134 7ff7f8834413-7ff7f883443e 127->134 128->127 132 7ff7f88343d8 128->132 132->127 136 7ff7f8834468-7ff7f883446f 134->136 137 7ff7f8834440-7ff7f883445c 134->137 138 7ff7f883447b-7ff7f883447d 136->138 139 7ff7f8834471-7ff7f8834477 136->139 137->136 140 7ff7f8834483-7ff7f88344bb 138->140 141 7ff7f8834584-7ff7f883458b call 7ff7f8833490 138->141 139->138 142 7ff7f88344bd-7ff7f88344c0 140->142 143 7ff7f8834514-7ff7f8834559 140->143 141->46 146 7ff7f8834560-7ff7f883457c 142->146 147 7ff7f88344c6-7ff7f8834512 142->147 143->146 146->92 149 7ff7f8834582 146->149 147->146 149->78
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ClearFreePropTaskVariantwcsncpy$lstrcmpmemset$AllocByteCharCreateGlobalInstanceMultiWide__stdio_common_vsprintfmemmove
                                                                                                                                              • String ID: baddev%d
                                                                                                                                              • API String ID: 1052069348-3679634762
                                                                                                                                              • Opcode ID: 0f4bc0f9ac6df488828f53dae41e068faf1ee12eb771f6d54e9a53822a1b7d5b
                                                                                                                                              • Instruction ID: 43be8fc5d83085d48bd478ab970b5a1f47c244061b871550f203ee5c0a3c590b
                                                                                                                                              • Opcode Fuzzy Hash: 0f4bc0f9ac6df488828f53dae41e068faf1ee12eb771f6d54e9a53822a1b7d5b
                                                                                                                                              • Instruction Fuzzy Hash: 0A227D72B25B4586EB10DF69D4802ADB3B5FB98B88F804136CB1E97794DF38D424E394
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8831140, Relevance: 21.3, APIs: 14, Instructions: 295COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 275 7ff7f8831140-7ff7f883118a 276 7ff7f88315bf 275->276 277 7ff7f8831190 call 7ff7f8833060 275->277 279 7ff7f88315c6-7ff7f88315f1 call 7ff7f884a440 276->279 280 7ff7f8831195-7ff7f8831197 277->280 280->279 282 7ff7f883119d-7ff7f88311b5 280->282 284 7ff7f88311da 282->284 285 7ff7f88311b7-7ff7f88311bd 282->285 287 7ff7f88311df-7ff7f88311e4 284->287 285->284 286 7ff7f88311bf 285->286 288 7ff7f88311c2-7ff7f88311c9 286->288 289 7ff7f8831209 287->289 290 7ff7f88311e6-7ff7f88311ec 287->290 292 7ff7f8831321-7ff7f8831323 288->292 293 7ff7f88311cf-7ff7f88311d8 288->293 291 7ff7f883120e-7ff7f8831213 289->291 290->289 294 7ff7f88311ee 290->294 295 7ff7f8831219-7ff7f883121c 291->295 296 7ff7f883159e-7ff7f88315a1 291->296 292->284 297 7ff7f8831329-7ff7f883132c 292->297 293->284 293->288 298 7ff7f88311f1-7ff7f88311f8 294->298 295->296 299 7ff7f8831222-7ff7f88312bf memset ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ call 7ff7f8832740 295->299 296->276 300 7ff7f88315a3-7ff7f88315a7 296->300 297->284 301 7ff7f8831332-7ff7f883133d 297->301 302 7ff7f88311fe-7ff7f8831207 298->302 303 7ff7f8831342-7ff7f8831344 298->303 311 7ff7f88313b2-7ff7f88313c8 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z 299->311 312 7ff7f88312c5-7ff7f88312db ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z 299->312 306 7ff7f88315a9-7ff7f88315ae call 7ff7f8832ff0 300->306 307 7ff7f88315b5-7ff7f88315b8 300->307 301->287 302->289 302->298 303->289 304 7ff7f883134a-7ff7f883134d 303->304 304->289 308 7ff7f8831353-7ff7f883135e 304->308 306->307 307->276 308->291 315 7ff7f88313ce-7ff7f88313f3 call 7ff7f8833340 311->315 312->311 314 7ff7f88312e1-7ff7f8831319 call 7ff7f8832740 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ call 7ff7f8832a40 ?always_noconv@codecvt_base@std@@QEBA_NXZ 312->314 325 7ff7f883131b-7ff7f883131f 314->325 326 7ff7f8831363-7ff7f8831371 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ 314->326 321 7ff7f88313f6-7ff7f88313fe 315->321 321->321 322 7ff7f8831400-7ff7f8831429 call 7ff7f88323d0 call 7ff7f8833340 321->322 333 7ff7f8831430-7ff7f8831437 322->333 328 7ff7f8831372-7ff7f883137a 325->328 326->328 330 7ff7f883137c-7ff7f8831385 328->330 331 7ff7f8831396-7ff7f88313b0 ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z 328->331 330->331 336 7ff7f8831387-7ff7f8831395 330->336 331->315 333->333 335 7ff7f8831439-7ff7f883149a call 7ff7f88323d0 call 7ff7f8832e10 call 7ff7f8832880 call 7ff7f8832e10 call 7ff7f8832800 333->335 348 7ff7f88314b8-7ff7f88314c8 call 7ff7f8833260 335->348 349 7ff7f883149c-7ff7f88314b2 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z 335->349 336->331 352 7ff7f88314ca-7ff7f88314dc 348->352 353 7ff7f88314f8-7ff7f8831514 348->353 349->348 354 7ff7f88314de-7ff7f88314f1 352->354 355 7ff7f88314f3 call 7ff7f884a4a0 352->355 356 7ff7f883154b-7ff7f883159c call 7ff7f8832270 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ 353->356 357 7ff7f8831516-7ff7f8831528 353->357 354->355 359 7ff7f883153f-7ff7f8831545 _invalid_parameter_noinfo_noreturn 354->359 355->353 356->279 361 7ff7f883152a-7ff7f883153d 357->361 362 7ff7f8831546 call 7ff7f884a4a0 357->362 359->362 361->359 361->362 362->356
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00007FF7F8833060: QueryPerformanceFrequency.KERNEL32 ref: 00007FF7F883306F
                                                                                                                                                • Part of subcall function 00007FF7F8833060: GlobalAlloc.KERNEL32 ref: 00007FF7F88330E9
                                                                                                                                                • Part of subcall function 00007FF7F8833060: GlobalFree.KERNEL32 ref: 00007FF7F8833152
                                                                                                                                              • memset.VCRUNTIME140 ref: 00007FF7F883122E
                                                                                                                                              • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF7F8831242
                                                                                                                                              • ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF7F883125F
                                                                                                                                              • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF7F8831299
                                                                                                                                              • ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z.MSVCP140 ref: 00007FF7F88312D2
                                                                                                                                              • ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FF7F88312FC
                                                                                                                                              • ?always_noconv@codecvt_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7F8831311
                                                                                                                                              • ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF7F883136B
                                                                                                                                              • ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7F88313AA
                                                                                                                                              • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7F88313C8
                                                                                                                                              • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7F88314B2
                                                                                                                                              • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F883153F
                                                                                                                                              • ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF7F883158A
                                                                                                                                              • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF7F8831594
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@$D@std@@@std@@$?setstate@?$basic_ios@Global$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_ostream@?always_noconv@codecvt_base@std@@?clear@?$basic_ios@?getloc@?$basic_streambuf@AllocD@std@@@1@_Fiopen@std@@FreeFrequencyInit@?$basic_streambuf@PerformanceQueryU_iobuf@@V?$basic_streambuf@Vlocale@2@_invalid_parameter_noinfo_noreturnmemset
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2638449363-0
                                                                                                                                              • Opcode ID: be9bcc11d90b6c6e14875ce9a6f877eecfa1635803bb076fd17da4a2236d6b9b
                                                                                                                                              • Instruction ID: 8b66d66dd33d731061b5f4e04cb288aaa096292f8cb73dba0aea63caa47857bd
                                                                                                                                              • Opcode Fuzzy Hash: be9bcc11d90b6c6e14875ce9a6f877eecfa1635803bb076fd17da4a2236d6b9b
                                                                                                                                              • Instruction Fuzzy Hash: E7D1D232B3864286EB10EB69D4403ADFB61FB81B68F804236DA2D53AE5DF3CD454E754
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8849D50, Relevance: 7.6, APIs: 5, Instructions: 73memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ControlDeviceGlobal$AllocErrorFreeLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2782379829-0
                                                                                                                                              • Opcode ID: 084826451b009bb59a4cd8a966d12fb7080ecb86d2d33791906bf8c32920cb40
                                                                                                                                              • Instruction ID: f2810a5db9e931c1d9dae5664840602924dcfcbd8a37c756e43553e9b19bb694
                                                                                                                                              • Opcode Fuzzy Hash: 084826451b009bb59a4cd8a966d12fb7080ecb86d2d33791906bf8c32920cb40
                                                                                                                                              • Instruction Fuzzy Hash: EF315032A2CB8086E7609B18F44426DF7A4F788B84F584136EB9C43B65DF38D5A18B84
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F884A594, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                              • Opcode ID: 5dae6930ea940dce64e0d7cb95291e9734d249b158075a54cc3703977a33d3bc
                                                                                                                                              • Instruction ID: 0432c31c74107c37c9423637963d5aed8ff9a2f98635409e71157087f5c9d3a6
                                                                                                                                              • Opcode Fuzzy Hash: 5dae6930ea940dce64e0d7cb95291e9734d249b158075a54cc3703977a33d3bc
                                                                                                                                              • Instruction Fuzzy Hash: 64C04802EBD4428AE71837A548430BCD2A59F85350FE80036D23A192C2CC2C28B22AFA
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8841A20, Relevance: 28.4, APIs: 13, Strings: 3, Instructions: 355windowmemoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 150 7ff7f8841a20-7ff7f8841a76 GlobalAlloc 151 7ff7f8841a78-7ff7f8841a7f 150->151 152 7ff7f8841a84-7ff7f8841a93 call 7ff7f8847ee0 150->152 153 7ff7f8841f8a-7ff7f8841fc4 call 7ff7f884a440 151->153 157 7ff7f8841a99-7ff7f8841b2c waveInMessage waveOutMessage waveInGetNumDevs 152->157 158 7ff7f8841fc5 152->158 160 7ff7f8841b2e 157->160 161 7ff7f8841b31-7ff7f8841b40 waveOutGetNumDevs 157->161 162 7ff7f8841fca-7ff7f8841fd4 158->162 160->161 163 7ff7f8841b42-7ff7f8841b44 161->163 164 7ff7f8841b46-7ff7f8841b48 161->164 165 7ff7f8841fd6-7ff7f8841fe9 call 7ff7f8848050 162->165 166 7ff7f8842013-7ff7f884201e GlobalFree 162->166 163->164 168 7ff7f8841dba-7ff7f8841dda GetEnvironmentVariableA 164->168 169 7ff7f8841b4e-7ff7f8841b70 call 7ff7f8847fb0 164->169 175 7ff7f884200a-7ff7f884200d GlobalFree 165->175 176 7ff7f8841feb 165->176 166->153 170 7ff7f8841e07-7ff7f8841e27 GetEnvironmentVariableA 168->170 171 7ff7f8841ddc-7ff7f8841dec atoi 168->171 169->158 183 7ff7f8841b76-7ff7f8841b93 call 7ff7f8847fb0 169->183 177 7ff7f8841e29-7ff7f8841e39 atoi 170->177 178 7ff7f8841e54-7ff7f8841f83 170->178 171->170 174 7ff7f8841dee-7ff7f8841df1 171->174 174->170 180 7ff7f8841df3-7ff7f8841e02 174->180 175->166 181 7ff7f8841ff0-7ff7f8841ffa 176->181 177->178 182 7ff7f8841e3b-7ff7f8841e3e 177->182 178->153 180->170 184 7ff7f8841e04 180->184 185 7ff7f8841ffc GlobalFree 181->185 186 7ff7f8842002-7ff7f8842008 181->186 182->178 187 7ff7f8841e40-7ff7f8841e4f 182->187 183->158 191 7ff7f8841b99-7ff7f8841bb6 call 7ff7f8847fb0 183->191 184->170 185->186 186->175 186->181 187->178 189 7ff7f8841e51 187->189 189->178 191->158 194 7ff7f8841bbc-7ff7f8841bd6 GetVersionExA 191->194 195 7ff7f8841be9-7ff7f8841bec 194->195 196 7ff7f8841bd8-7ff7f8841bdd 194->196 197 7ff7f8841bf8 195->197 199 7ff7f8841bee-7ff7f8841bf6 195->199 196->197 198 7ff7f8841bdf-7ff7f8841be7 196->198 200 7ff7f8841c00-7ff7f8841c12 197->200 198->200 199->200 201 7ff7f8841c18-7ff7f8841c1e 200->201 202 7ff7f8841cee-7ff7f8841cf1 200->202 201->202 204 7ff7f8841c24-7ff7f8841c28 201->204 202->168 203 7ff7f8841cf7-7ff7f8841cfa 202->203 203->168 205 7ff7f8841d00-7ff7f8841d51 call 7ff7f8841790 203->205 206 7ff7f8841c30-7ff7f8841c80 call 7ff7f8841510 204->206 209 7ff7f8841d56-7ff7f8841d5a 205->209 210 7ff7f8841c85-7ff7f8841c89 206->210 209->162 211 7ff7f8841d60-7ff7f8841d64 209->211 210->162 212 7ff7f8841c8f-7ff7f8841c93 210->212 213 7ff7f8841da9-7ff7f8841db4 211->213 214 7ff7f8841d66-7ff7f8841d6d 211->214 215 7ff7f8841cd8-7ff7f8841ce3 212->215 216 7ff7f8841c95-7ff7f8841c9c 212->216 213->168 213->205 218 7ff7f8841d6f-7ff7f8841d74 214->218 219 7ff7f8841d76-7ff7f8841d79 214->219 215->206 217 7ff7f8841ce9 215->217 220 7ff7f8841c9e-7ff7f8841ca3 216->220 221 7ff7f8841ca5-7ff7f8841ca8 216->221 217->202 218->219 223 7ff7f8841d7c-7ff7f8841da6 218->223 219->223 220->221 222 7ff7f8841cab-7ff7f8841cd5 220->222 221->222 222->215 223->213
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: wave$DevsMessage$AllocGlobalVersion
                                                                                                                                              • String ID: MME$PA_RECOMMENDED_INPUT_DEVICE$PA_RECOMMENDED_OUTPUT_DEVICE
                                                                                                                                              • API String ID: 707006737-2983925109
                                                                                                                                              • Opcode ID: 3757f141842acbd4bf84ba316149ead4299564cc667d05e5796da79c36caaac1
                                                                                                                                              • Instruction ID: 8517629a2eca228cc0ddaf945a584a4382d510d32fa431ea5c1b2670ece7f379
                                                                                                                                              • Opcode Fuzzy Hash: 3757f141842acbd4bf84ba316149ead4299564cc667d05e5796da79c36caaac1
                                                                                                                                              • Instruction Fuzzy Hash: 8F02B477628B4689EB10DF15E4402A9F7A4FB48B84F884232CA9D433A4DF38D465D7A4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F884A5B0, Relevance: 22.6, APIs: 15, Instructions: 94COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: __scrt_fastfail__scrt_is_nonwritable_in_current_image$__p___argc__p___argv__scrt_acquire_startup_lock__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock__scrt_uninitialize_crt_cexit_exit_get_initial_narrow_environment_register_thread_local_exe_atexit_callback
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1818695170-0
                                                                                                                                              • Opcode ID: d0c7ca000cd6fb99720ed05918f7b2f6d94a28b09ea400a4698a91d8ce726f1e
                                                                                                                                              • Instruction ID: 8ccb93a2422cc9983c7ae4b4c2ad50dcf253cbc87873aac83b1d8f113aa27d12
                                                                                                                                              • Opcode Fuzzy Hash: d0c7ca000cd6fb99720ed05918f7b2f6d94a28b09ea400a4698a91d8ce726f1e
                                                                                                                                              • Instruction Fuzzy Hash: 63316D23A3C20249FB10BB60D5123BDD291AF45784FE84035E52E0B2D3CE2DF865A3B8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8849E80, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 314fileCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 365 7ff7f8849e80-7ff7f8849eb2 366 7ff7f8849eb8-7ff7f8849ee5 CreateFileW 365->366 367 7ff7f884a363-7ff7f884a374 365->367 366->367 368 7ff7f8849eeb-7ff7f8849f50 DeviceIoControl 366->368 369 7ff7f8849f5c 368->369 370 7ff7f8849f52-7ff7f8849f5a 368->370 371 7ff7f8849f5f-7ff7f8849f6d 369->371 370->369 370->371 372 7ff7f884a338-7ff7f884a362 FindCloseChangeNotification 371->372 373 7ff7f8849f73-7ff7f8849f7b 371->373 374 7ff7f8849f80-7ff7f8849fd9 DeviceIoControl 373->374 375 7ff7f8849fdb-7ff7f8849fe2 374->375 376 7ff7f8849fe4 374->376 375->376 377 7ff7f8849fe7-7ff7f884a040 DeviceIoControl 375->377 376->377 378 7ff7f884a04b 377->378 379 7ff7f884a042-7ff7f884a049 377->379 380 7ff7f884a04e-7ff7f884a051 378->380 379->378 379->380 381 7ff7f884a057-7ff7f884a05f 380->381 382 7ff7f884a31f-7ff7f884a327 380->382 381->382 384 7ff7f884a065-7ff7f884a082 call 7ff7f8849d50 381->384 382->374 383 7ff7f884a32d-7ff7f884a330 382->383 383->372 387 7ff7f884a0ee-7ff7f884a104 call 7ff7f8849d50 384->387 388 7ff7f884a084-7ff7f884a092 384->388 394 7ff7f884a109-7ff7f884a10b 387->394 389 7ff7f884a0dd-7ff7f884a0e8 GlobalFree 388->389 390 7ff7f884a094-7ff7f884a0a6 388->390 389->387 393 7ff7f884a17e-7ff7f884a19b call 7ff7f8849d50 389->393 392 7ff7f884a0b0-7ff7f884a0bc 390->392 395 7ff7f884a0cb-7ff7f884a0d4 392->395 396 7ff7f884a0be-7ff7f884a0c3 392->396 393->382 406 7ff7f884a1a1-7ff7f884a1af 393->406 394->382 398 7ff7f884a111-7ff7f884a11f 394->398 395->392 400 7ff7f884a0d6 395->400 396->395 399 7ff7f884a0c5-7ff7f884a0c9 396->399 402 7ff7f884a16d-7ff7f884a178 GlobalFree 398->402 403 7ff7f884a121-7ff7f884a137 398->403 399->395 405 7ff7f884a0d8 399->405 400->389 402->382 402->393 404 7ff7f884a140-7ff7f884a14c 403->404 407 7ff7f884a15b-7ff7f884a164 404->407 408 7ff7f884a14e-7ff7f884a153 404->408 405->389 409 7ff7f884a1fd-7ff7f884a208 GlobalFree 406->409 410 7ff7f884a1b1-7ff7f884a1c7 406->410 407->404 413 7ff7f884a166 407->413 408->407 411 7ff7f884a155-7ff7f884a159 408->411 409->382 412 7ff7f884a20e-7ff7f884a221 call 7ff7f8849d50 409->412 414 7ff7f884a1d0-7ff7f884a1dc 410->414 411->407 415 7ff7f884a168 411->415 420 7ff7f884a226-7ff7f884a228 412->420 413->402 417 7ff7f884a1eb-7ff7f884a1f4 414->417 418 7ff7f884a1de-7ff7f884a1e3 414->418 415->402 417->414 419 7ff7f884a1f6 417->419 418->417 421 7ff7f884a1e5-7ff7f884a1e9 418->421 419->409 420->382 422 7ff7f884a22e-7ff7f884a23c 420->422 421->417 423 7ff7f884a1f8 421->423 424 7ff7f884a316-7ff7f884a319 GlobalFree 422->424 425 7ff7f884a242-7ff7f884a28b 422->425 423->409 424->382 426 7ff7f884a292-7ff7f884a296 425->426 427 7ff7f884a298-7ff7f884a29c 426->427 428 7ff7f884a2a4-7ff7f884a2a8 426->428 427->428 429 7ff7f884a29e-7ff7f884a2a2 427->429 430 7ff7f884a2aa-7ff7f884a2ae 428->430 431 7ff7f884a2b0-7ff7f884a2b4 428->431 429->428 432 7ff7f884a2d4-7ff7f884a2dd 429->432 430->431 430->432 433 7ff7f884a2bc-7ff7f884a2c0 431->433 434 7ff7f884a2b6-7ff7f884a2ba 431->434 435 7ff7f884a2f5-7ff7f884a2fe 432->435 437 7ff7f884a2df-7ff7f884a2ee 432->437 433->435 436 7ff7f884a2c2-7ff7f884a2c6 433->436 434->432 434->433 435->426 439 7ff7f884a300-7ff7f884a312 435->439 436->435 438 7ff7f884a2c8-7ff7f884a2cc 436->438 437->435 438->435 440 7ff7f884a2ce-7ff7f884a2d2 438->440 439->424 440->432 440->435
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeGlobal$ControlDevice$ChangeCloseCreateFileFindNotification
                                                                                                                                              • String ID: auds
                                                                                                                                              • API String ID: 1090069634-947481572
                                                                                                                                              • Opcode ID: e7ce93d2fd3c8e8fd0b443a9fa767569ea60d2437b562304c92092a1e5a54fa1
                                                                                                                                              • Instruction ID: f7fdc425bbd9614c3f4c27de6e9da4445bdaae498d97e6196dc297df674d40e2
                                                                                                                                              • Opcode Fuzzy Hash: e7ce93d2fd3c8e8fd0b443a9fa767569ea60d2437b562304c92092a1e5a54fa1
                                                                                                                                              • Instruction Fuzzy Hash: 01E18F33A38A428EE720AF20D4007A9F7A4FB44B5CF984136DE1E47795DF38E564A794
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8841790, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 172COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 441 7ff7f8841790-7ff7f88417d4 waveOutGetDevCapsA 442 7ff7f88417e0-7ff7f88417e2 441->442 443 7ff7f88417d6-7ff7f88417db 441->443 445 7ff7f88417eb-7ff7f88417f7 442->445 446 7ff7f88417e4-7ff7f88417e6 442->446 444 7ff7f88419f7 443->444 447 7ff7f88419f9-7ff7f8841a14 call 7ff7f884a440 444->447 448 7ff7f8841800-7ff7f8841809 445->448 446->447 448->448 449 7ff7f884180b-7ff7f8841816 448->449 451 7ff7f8841818-7ff7f8841826 call 7ff7f8847fb0 449->451 452 7ff7f8841882-7ff7f8841890 call 7ff7f8847fb0 449->452 451->443 458 7ff7f8841828-7ff7f8841838 451->458 452->443 459 7ff7f8841896-7ff7f88418a6 452->459 460 7ff7f8841840-7ff7f884184c 458->460 461 7ff7f88418b0-7ff7f88418bb 459->461 460->460 463 7ff7f884184e 460->463 461->461 462 7ff7f88418bd-7ff7f88418e6 461->462 464 7ff7f88418e8-7ff7f88418f3 462->464 465 7ff7f88418fc-7ff7f88418fe 462->465 466 7ff7f8841852-7ff7f8841858 463->466 464->465 467 7ff7f88418f5-7ff7f88418fa 464->467 468 7ff7f8841903-7ff7f8841923 waveOutMessage 465->468 466->466 469 7ff7f884185a-7ff7f8841867 466->469 467->468 470 7ff7f8841982-7ff7f884199e 468->470 471 7ff7f8841925-7ff7f8841939 GlobalAlloc 468->471 472 7ff7f8841870-7ff7f884187e 469->472 475 7ff7f88419a0-7ff7f88419c5 call 7ff7f8841360 470->475 471->470 473 7ff7f884193b-7ff7f8841953 waveOutMessage 471->473 472->472 474 7ff7f8841880 472->474 477 7ff7f884196b-7ff7f8841976 GlobalFree 473->477 478 7ff7f8841955-7ff7f884195a call 7ff7f8849e80 473->478 474->462 482 7ff7f88419c7-7ff7f88419ce 475->482 483 7ff7f88419d2 475->483 477->470 481 7ff7f8841978-7ff7f884197c 477->481 484 7ff7f884195f-7ff7f8841961 478->484 481->470 485 7ff7f884197e 481->485 482->475 486 7ff7f88419d0 482->486 487 7ff7f88419d7-7ff7f88419ef 483->487 484->477 488 7ff7f8841963-7ff7f8841966 484->488 485->470 486->487 487->444 488->477
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Capswave
                                                                                                                                              • String ID: - Input$ - Output
                                                                                                                                              • API String ID: 2715924605-2976866139
                                                                                                                                              • Opcode ID: 9edd2e719748c1abdef22fbbd1cf0e2e3b6053261694e62729824f83b2023e7b
                                                                                                                                              • Instruction ID: 4956082c50f6faaa14562b6328390b11dae3531071a7bc78aa11b8e3aca9452e
                                                                                                                                              • Opcode Fuzzy Hash: 9edd2e719748c1abdef22fbbd1cf0e2e3b6053261694e62729824f83b2023e7b
                                                                                                                                              • Instruction Fuzzy Hash: AA71A227A3C7818AE720AB1594003B9FBA0FB55B84F884131DAA9477C1EF2DE525D7A4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8841510, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 166COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 489 7ff7f8841510-7ff7f8841554 waveInGetDevCapsA 490 7ff7f8841560-7ff7f8841562 489->490 491 7ff7f8841556-7ff7f884155b 489->491 492 7ff7f884156b-7ff7f8841577 490->492 493 7ff7f8841564-7ff7f8841566 490->493 494 7ff7f8841765 491->494 496 7ff7f8841580-7ff7f8841589 492->496 495 7ff7f8841767-7ff7f8841782 call 7ff7f884a440 493->495 494->495 496->496 497 7ff7f884158b-7ff7f8841596 496->497 499 7ff7f8841598-7ff7f88415a6 call 7ff7f8847fb0 497->499 500 7ff7f8841602-7ff7f8841610 call 7ff7f8847fb0 497->500 499->491 507 7ff7f88415a8-7ff7f88415b8 499->507 500->491 506 7ff7f8841616-7ff7f8841626 500->506 508 7ff7f8841630-7ff7f884163b 506->508 509 7ff7f88415c0-7ff7f88415cc 507->509 508->508 510 7ff7f884163d-7ff7f8841663 508->510 509->509 511 7ff7f88415ce 509->511 512 7ff7f8841679-7ff7f884167b 510->512 513 7ff7f8841665-7ff7f8841670 510->513 514 7ff7f88415d2-7ff7f88415d8 511->514 516 7ff7f8841680-7ff7f88416a0 waveInMessage 512->516 513->512 515 7ff7f8841672-7ff7f8841677 513->515 514->514 517 7ff7f88415da-7ff7f88415e7 514->517 515->516 518 7ff7f88416f2-7ff7f884170d 516->518 519 7ff7f88416a2-7ff7f88416b6 GlobalAlloc 516->519 520 7ff7f88415f0-7ff7f88415fe 517->520 521 7ff7f8841711-7ff7f8841736 call 7ff7f8841360 518->521 519->518 522 7ff7f88416b8-7ff7f88416d0 waveInMessage 519->522 520->520 523 7ff7f8841600 520->523 529 7ff7f8841738-7ff7f884173f 521->529 530 7ff7f8841743 521->530 525 7ff7f88416e9-7ff7f88416ec GlobalFree 522->525 526 7ff7f88416d2-7ff7f88416d8 call 7ff7f8849e80 522->526 523->510 525->518 531 7ff7f88416dd-7ff7f88416df 526->531 529->521 532 7ff7f8841741 529->532 533 7ff7f8841748-7ff7f884175d 530->533 531->525 534 7ff7f88416e1-7ff7f88416e4 531->534 532->533 533->494 534->525
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Capswave
                                                                                                                                              • String ID: - Input
                                                                                                                                              • API String ID: 2715924605-3931703963
                                                                                                                                              • Opcode ID: c7b5469055e3d197614c927156775589f430bd192f72be9677a1a68b7841b10e
                                                                                                                                              • Instruction ID: b0f2afe9bd45f7305f8f60f2594a805c6670bed146c7f9fe8faaf13c9ca97071
                                                                                                                                              • Opcode Fuzzy Hash: c7b5469055e3d197614c927156775589f430bd192f72be9677a1a68b7841b10e
                                                                                                                                              • Instruction Fuzzy Hash: E661C32763C7818AE761AF15D4002BAEBA0FB85B80F884131DAAE477D5EF3CE415D764
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8834A50, Relevance: 10.6, APIs: 7, Instructions: 70threadCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Free$Global$CurrentLibraryThreadUninitialize
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3615054851-0
                                                                                                                                              • Opcode ID: 46da26486862997407006d2bc2579eb119c105d187d7bf5df8466874be094e15
                                                                                                                                              • Instruction ID: ebe0dc0ec1d48b9969fa90505bab5be3986c0f815caad664edcb3e43844db058
                                                                                                                                              • Opcode Fuzzy Hash: 46da26486862997407006d2bc2579eb119c105d187d7bf5df8466874be094e15
                                                                                                                                              • Instruction Fuzzy Hash: 99313A36A3AB4586EB54AF51E440278F364EF94F84F880135CA6E47795CF3CE464A3B8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8833060, Relevance: 4.6, APIs: 3, Instructions: 125memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 569 7ff7f8833060-7ff7f883307a QueryPerformanceFrequency 570 7ff7f883307c-7ff7f883309e 569->570 571 7ff7f88330a0 569->571 572 7ff7f88330a3-7ff7f88330b6 570->572 571->572 573 7ff7f88330c0-7ff7f88330c9 572->573 573->573 574 7ff7f88330cb-7ff7f88330fc GlobalAlloc 573->574 575 7ff7f88330fe 574->575 576 7ff7f883316c-7ff7f8833191 574->576 579 7ff7f8833103-7ff7f883310b 575->579 577 7ff7f8833197 576->577 578 7ff7f883322e 576->578 580 7ff7f88331a0-7ff7f88331a7 577->580 581 7ff7f8833235 578->581 582 7ff7f883310d 579->582 583 7ff7f8833135-7ff7f883314d 579->583 604 7ff7f88331aa call 7ff7f8841a20 580->604 605 7ff7f88331aa call 7ff7f88345e0 580->605 584 7ff7f8833238 581->584 585 7ff7f8833110-7ff7f8833133 582->585 586 7ff7f8833158-7ff7f8833161 583->586 587 7ff7f883314f-7ff7f8833152 GlobalFree 583->587 589 7ff7f883323e-7ff7f8833258 584->589 585->583 586->584 590 7ff7f8833167 586->590 587->586 588 7ff7f88331ae-7ff7f88331b9 588->579 591 7ff7f88331bf-7ff7f88331cd 588->591 590->589 593 7ff7f8833219-7ff7f883321f 591->593 594 7ff7f88331cf-7ff7f88331d6 591->594 593->580 595 7ff7f8833225-7ff7f883322c 593->595 596 7ff7f88331ea-7ff7f88331f2 594->596 597 7ff7f88331d8-7ff7f88331dc 594->597 595->578 595->581 600 7ff7f88331f9-7ff7f88331ff 596->600 601 7ff7f88331f4-7ff7f88331f6 596->601 598 7ff7f88331de-7ff7f88331e2 597->598 599 7ff7f88331e4 597->599 598->596 598->599 599->596 602 7ff7f8833201-7ff7f8833203 600->602 603 7ff7f8833206-7ff7f8833213 600->603 601->600 602->603 603->593 604->588 605->588
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Global$AllocFreeFrequencyPerformanceQuery
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1446827598-0
                                                                                                                                              • Opcode ID: d662df32395cdae8f02ce9d6119ab904a985f5f2d585b20572f93cfbbb3d28ff
                                                                                                                                              • Instruction ID: fb089e13695db5f9649125300b5033cdb2782a6de50d8dd72f01c6b8b129b8f5
                                                                                                                                              • Opcode Fuzzy Hash: d662df32395cdae8f02ce9d6119ab904a985f5f2d585b20572f93cfbbb3d28ff
                                                                                                                                              • Instruction Fuzzy Hash: F351407593864286E711AF19E840138F3B4FF49B61F940335D92DA72E0DF3DE462A7A8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 00007FF7F883BF20, Relevance: 52.9, APIs: 26, Strings: 4, Instructions: 353memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 958 7ff7f883bf20-7ff7f883bf8e SetupDiGetClassDevsA 959 7ff7f883bf9d-7ff7f883bff1 SetupDiEnumDeviceInterfaces 958->959 960 7ff7f883bf90-7ff7f883bf98 958->960 962 7ff7f883bff7-7ff7f883bffd 959->962 963 7ff7f883c0a2-7ff7f883c0c6 GlobalAlloc 959->963 961 7ff7f883c48f-7ff7f883c4ad call 7ff7f884a440 960->961 965 7ff7f883c000-7ff7f883c01d SetupDiGetDeviceInterfaceAlias 962->965 966 7ff7f883c0c8-7ff7f883c0cb 963->966 967 7ff7f883c0e3-7ff7f883c127 SetupDiEnumDeviceInterfaces 963->967 973 7ff7f883c02c-7ff7f883c046 SetupDiGetDeviceInterfaceAlias 965->973 974 7ff7f883c01f-7ff7f883c022 965->974 968 7ff7f883c0cd-7ff7f883c0d0 SetupDiDestroyDeviceInfoList 966->968 969 7ff7f883c0d6-7ff7f883c0de 966->969 971 7ff7f883c12d 967->971 972 7ff7f883c456-7ff7f883c459 967->972 968->969 975 7ff7f883c477-7ff7f883c487 969->975 976 7ff7f883c130-7ff7f883c14c SetupDiGetDeviceInterfaceAlias 971->976 980 7ff7f883c45b-7ff7f883c45e SetupDiDestroyDeviceInfoList 972->980 981 7ff7f883c464-7ff7f883c474 972->981 978 7ff7f883c048-7ff7f883c04d 973->978 979 7ff7f883c056-7ff7f883c099 SetupDiEnumDeviceInterfaces 973->979 974->973 977 7ff7f883c024-7ff7f883c028 974->977 975->961 982 7ff7f883c14e-7ff7f883c152 976->982 983 7ff7f883c160-7ff7f883c17a SetupDiGetDeviceInterfaceAlias 976->983 977->973 978->979 984 7ff7f883c04f-7ff7f883c051 978->984 979->965 985 7ff7f883c09f 979->985 980->981 981->975 982->983 986 7ff7f883c154-7ff7f883c15d 982->986 987 7ff7f883c18a-7ff7f883c18c 983->987 988 7ff7f883c17c-7ff7f883c181 983->988 984->979 989 7ff7f883c053 984->989 985->963 986->983 991 7ff7f883c192-7ff7f883c1e6 SetupDiGetDeviceInterfaceAlias SetupDiGetDeviceInterfaceDetailW 987->991 992 7ff7f883c401-7ff7f883c446 SetupDiEnumDeviceInterfaces 987->992 988->987 990 7ff7f883c183-7ff7f883c185 988->990 989->979 990->987 993 7ff7f883c187 990->993 991->992 995 7ff7f883c1ec-7ff7f883c21c memset GetVersionExA 991->995 992->976 994 7ff7f883c44c-7ff7f883c451 992->994 993->987 994->972 996 7ff7f883c277-7ff7f883c27c 995->996 997 7ff7f883c21e-7ff7f883c222 995->997 998 7ff7f883c299-7ff7f883c2b3 SetupDiOpenDeviceInterfaceRegKey 996->998 999 7ff7f883c27e-7ff7f883c297 _wcsnicmp 996->999 997->996 1000 7ff7f883c224-7ff7f883c23e _wcsnicmp 997->1000 1002 7ff7f883c2f3-7ff7f883c30c iswctype 998->1002 1003 7ff7f883c2b5-7ff7f883c2e2 RegQueryValueExW 998->1003 999->998 999->1002 1000->996 1001 7ff7f883c240-7ff7f883c26f SetupDiGetDeviceRegistryPropertyW 1000->1001 1001->996 1004 7ff7f883c271-7ff7f883c275 1001->1004 1007 7ff7f883c327-7ff7f883c32e 1002->1007 1008 7ff7f883c30e 1002->1008 1005 7ff7f883c2ef 1003->1005 1006 7ff7f883c2e4-7ff7f883c2ed RegCloseKey 1003->1006 1004->998 1005->1002 1006->1002 1010 7ff7f883c330-7ff7f883c338 1007->1010 1009 7ff7f883c310-7ff7f883c325 iswctype 1008->1009 1009->1007 1009->1009 1010->1010 1011 7ff7f883c33a-7ff7f883c34c 1010->1011 1012 7ff7f883c34e 1011->1012 1013 7ff7f883c36b-7ff7f883c3b5 memmove call 7ff7f883b780 1011->1013 1015 7ff7f883c350-7ff7f883c360 iswctype 1012->1015 1018 7ff7f883c3b7-7ff7f883c3c4 1013->1018 1019 7ff7f883c3fe 1013->1019 1015->1013 1016 7ff7f883c362-7ff7f883c369 1015->1016 1016->1013 1016->1015 1020 7ff7f883c3ef-7ff7f883c3fc 1018->1020 1021 7ff7f883c3c6-7ff7f883c3cd 1018->1021 1019->992 1020->992 1022 7ff7f883c3d1-7ff7f883c3d7 1021->1022 1023 7ff7f883c3d9-7ff7f883c3e3 1022->1023 1024 7ff7f883c3e6-7ff7f883c3ed 1022->1024 1023->1024 1024->1020 1024->1022
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Setup$Device$AliasEnumInterfaceInterfaces$AllocClassDestroyDevsGlobalInfoList
                                                                                                                                              • String ID: $FriendlyName$USB Audio$\\?\USB
                                                                                                                                              • API String ID: 899408764-570124819
                                                                                                                                              • Opcode ID: bd663e74e5722e88748aab12a47cddb739aaa13e1ad32448a1dc724ab0b70a15
                                                                                                                                              • Instruction ID: 451c5a51f5cb81ab988da36b223c014380328b9efd6657878421441e3da84501
                                                                                                                                              • Opcode Fuzzy Hash: bd663e74e5722e88748aab12a47cddb739aaa13e1ad32448a1dc724ab0b70a15
                                                                                                                                              • Instruction Fuzzy Hash: 2AF1C232B28B428AEB10AF61E8402AEF7A5FB44798F844135CE6D53AD4DF7CD414E754
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8844E60, Relevance: 40.9, APIs: 27, Instructions: 405stringwindowthreadCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1025 7ff7f8844e60-7ff7f8844ea8 1026 7ff7f8844eaa-7ff7f8844ecf memset 1025->1026 1027 7ff7f8844ed5-7ff7f8844ed7 1025->1027 1026->1027 1028 7ff7f8844ed9-7ff7f8844ef9 memset 1027->1028 1029 7ff7f8844efe-7ff7f8844f28 1027->1029 1028->1029 1030 7ff7f8844f2e-7ff7f8844f38 1029->1030 1031 7ff7f8844fc6-7ff7f8844fcd 1029->1031 1032 7ff7f8844f3a 1030->1032 1033 7ff7f8844fb8-7ff7f8844fbf 1030->1033 1034 7ff7f884530a-7ff7f8845336 1031->1034 1035 7ff7f8844fd3-7ff7f8844fde 1031->1035 1038 7ff7f8844f40-7ff7f8844f4a 1032->1038 1033->1031 1036 7ff7f8845338-7ff7f8845340 ResetEvent 1034->1036 1037 7ff7f8845354-7ff7f8845356 1034->1037 1039 7ff7f8845009-7ff7f8845013 1035->1039 1040 7ff7f8844fe0-7ff7f8844ff7 waveOutPause 1035->1040 1036->1037 1041 7ff7f8845342-7ff7f884534f GetLastError call 7ff7f8841100 1036->1041 1042 7ff7f884535c-7ff7f8845369 1037->1042 1043 7ff7f88451e3 1037->1043 1044 7ff7f8844fac-7ff7f8844fb6 1038->1044 1045 7ff7f8844f4c-7ff7f8844f57 1038->1045 1048 7ff7f8845019 1039->1048 1049 7ff7f88452fc-7ff7f8845303 1039->1049 1046 7ff7f8844ffd-7ff7f8845007 1040->1046 1047 7ff7f8845220-7ff7f8845259 waveOutGetErrorTextA 1040->1047 1041->1037 1052 7ff7f8845387-7ff7f8845389 1042->1052 1053 7ff7f884536b-7ff7f8845373 ResetEvent 1042->1053 1051 7ff7f88451e5-7ff7f884521f call 7ff7f884a440 1043->1051 1044->1033 1044->1038 1054 7ff7f8844f60-7ff7f8844f9c waveInAddBuffer 1045->1054 1046->1039 1046->1040 1055 7ff7f88451d6-7ff7f88451dd strncpy 1047->1055 1056 7ff7f8845020-7ff7f8845027 1048->1056 1049->1034 1052->1043 1063 7ff7f884538f-7ff7f8845393 1052->1063 1053->1052 1060 7ff7f8845375-7ff7f8845382 GetLastError call 7ff7f8841100 1053->1060 1061 7ff7f8844fa2-7ff7f8844faa 1054->1061 1062 7ff7f88451a3-7ff7f88451d0 waveInGetErrorTextA 1054->1062 1055->1043 1057 7ff7f884525e-7ff7f8845265 1056->1057 1058 7ff7f884502d 1056->1058 1066 7ff7f8845299-7ff7f88452a0 1057->1066 1067 7ff7f8845267-7ff7f884526d 1057->1067 1064 7ff7f8845034-7ff7f88450b7 1058->1064 1060->1052 1061->1044 1061->1054 1062->1055 1069 7ff7f8845399-7ff7f88453a6 1063->1069 1070 7ff7f88454ee-7ff7f88454f5 1063->1070 1071 7ff7f88450b9-7ff7f88450c0 1064->1071 1072 7ff7f88450c3-7ff7f88450d9 1064->1072 1076 7ff7f88452ee-7ff7f88452f6 1066->1076 1077 7ff7f88452a2-7ff7f88452ac 1066->1077 1073 7ff7f8845270-7ff7f8845297 memset 1067->1073 1078 7ff7f88453a8-7ff7f88453b0 ResetEvent 1069->1078 1079 7ff7f88453c4-7ff7f88453c6 1069->1079 1074 7ff7f88454f7-7ff7f8845501 1070->1074 1075 7ff7f8845526-7ff7f884552d 1070->1075 1071->1072 1080 7ff7f884516d-7ff7f8845192 call 7ff7f88477a0 1072->1080 1081 7ff7f88450df-7ff7f88450e8 1072->1081 1073->1066 1073->1073 1074->1075 1082 7ff7f8845503-7ff7f884551a waveInStart 1074->1082 1085 7ff7f884552f-7ff7f8845536 1075->1085 1086 7ff7f8845566-7ff7f8845568 1075->1086 1076->1049 1076->1056 1083 7ff7f88452b0-7ff7f88452dc waveOutWrite 1077->1083 1078->1079 1084 7ff7f88453b2-7ff7f88453bf GetLastError call 7ff7f8841100 1078->1084 1079->1043 1087 7ff7f88453cc-7ff7f88453fb _beginthreadex 1079->1087 1080->1064 1109 7ff7f8845198-7ff7f884519e 1080->1109 1090 7ff7f88450f0-7ff7f884511e 1081->1090 1091 7ff7f884556d-7ff7f88455a0 waveInGetErrorTextA 1082->1091 1092 7ff7f884551c-7ff7f8845524 1082->1092 1094 7ff7f88452e2-7ff7f88452ec 1083->1094 1095 7ff7f8845470-7ff7f88454a3 waveOutGetErrorTextA 1083->1095 1084->1079 1085->1086 1097 7ff7f8845538 1085->1097 1086->1051 1088 7ff7f88454ae-7ff7f88454c9 SetThreadPriority 1087->1088 1089 7ff7f8845401-7ff7f884546b GetLastError FormatMessageA strncpy LocalFree 1087->1089 1098 7ff7f88454cb-7ff7f88454dd GetLastError call 7ff7f8841100 1088->1098 1099 7ff7f88454e2-7ff7f88454e8 1088->1099 1089->1043 1100 7ff7f8845127-7ff7f884512d 1090->1100 1101 7ff7f8845120 1090->1101 1105 7ff7f88455ab-7ff7f88455de waveOutGetErrorTextA 1091->1105 1092->1075 1092->1082 1094->1076 1094->1083 1095->1088 1103 7ff7f8845540-7ff7f8845558 waveOutRestart 1097->1103 1098->1043 1099->1070 1107 7ff7f884515e-7ff7f884516b 1100->1107 1108 7ff7f884512f 1100->1108 1101->1100 1104 7ff7f884555a-7ff7f8845564 1103->1104 1103->1105 1104->1086 1104->1103 1107->1080 1107->1090 1111 7ff7f8845130-7ff7f884515c 1108->1111 1109->1066 1111->1107 1111->1111
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Errorwave$LastText$EventResetmemset$strncpy$BufferFormatFreeLocalMessagePausePriorityRestartStartThreadWrite_beginthreadex
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2292113504-0
                                                                                                                                              • Opcode ID: e18b91977c67db222f5bcbdf622380559c0fca2f038265afeb246c945fe3a669
                                                                                                                                              • Instruction ID: 56c924ae37be160d16cf6bcdddac1c0680cf2253df33fdaf102dec8886aea373
                                                                                                                                              • Opcode Fuzzy Hash: e18b91977c67db222f5bcbdf622380559c0fca2f038265afeb246c945fe3a669
                                                                                                                                              • Instruction Fuzzy Hash: FF128173A38A828AE7509F25D8403ADF3A5FB84B44F484135DE1E4B798DF38D451DBA4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F883FEF0, Relevance: 35.5, APIs: 19, Strings: 1, Instructions: 468timethreadmemoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1260 7ff7f883fef0-7ff7f883ffc1 memset 1261 7ff7f883ffc6-7ff7f8840014 GlobalAlloc 1260->1261 1262 7ff7f883ffc3 1260->1262 1263 7ff7f884007f-7ff7f8840089 1261->1263 1264 7ff7f8840016-7ff7f884003e 1261->1264 1262->1261 1265 7ff7f88400f8-7ff7f884011b call 7ff7f883f680 1263->1265 1266 7ff7f884008b-7ff7f88400b7 1263->1266 1267 7ff7f884007c 1264->1267 1268 7ff7f8840040-7ff7f884004a 1264->1268 1277 7ff7f88402c7 1265->1277 1278 7ff7f8840121-7ff7f884013f GetCurrentThread 1265->1278 1269 7ff7f88400b9-7ff7f88400c4 1266->1269 1270 7ff7f88400f5 1266->1270 1267->1263 1268->1267 1272 7ff7f884004c 1268->1272 1269->1270 1273 7ff7f88400c6 1269->1273 1270->1265 1275 7ff7f8840050-7ff7f8840075 1272->1275 1276 7ff7f88400d0-7ff7f88400f3 1273->1276 1275->1275 1279 7ff7f8840077 1275->1279 1276->1270 1276->1276 1282 7ff7f88402cc-7ff7f88402df SetEvent 1277->1282 1280 7ff7f884016d-7ff7f884018b timeBeginPeriod SetThreadPriority 1278->1280 1281 7ff7f8840141-7ff7f884015e 1278->1281 1279->1267 1283 7ff7f8840190-7ff7f884019d 1280->1283 1281->1280 1295 7ff7f8840160-7ff7f884016b 1281->1295 1284 7ff7f88402e5-7ff7f8840315 1282->1284 1285 7ff7f88401ed 1283->1285 1286 7ff7f884019f-7ff7f88401ab 1283->1286 1288 7ff7f8840329-7ff7f884032e 1284->1288 1289 7ff7f8840317-7ff7f8840323 CancelWaitableTimer CloseHandle 1284->1289 1294 7ff7f88401f3-7ff7f8840203 1285->1294 1292 7ff7f88401ad-7ff7f88401ba call 7ff7f883a900 1286->1292 1293 7ff7f88401bc-7ff7f88401c6 1286->1293 1290 7ff7f8840380-7ff7f8840390 GetCurrentThread 1288->1290 1291 7ff7f8840330-7ff7f884033f 1288->1291 1289->1288 1301 7ff7f8840396-7ff7f88403a8 1290->1301 1302 7ff7f8840623-7ff7f8840631 SetThreadPriority timeEndPeriod 1290->1302 1296 7ff7f884035d-7ff7f8840367 1291->1296 1297 7ff7f8840341-7ff7f8840358 call 7ff7f883a900 * 2 1291->1297 1292->1293 1299 7ff7f88401d9-7ff7f88401db 1293->1299 1300 7ff7f88401c8-7ff7f88401d7 call 7ff7f883a900 1293->1300 1303 7ff7f8840205-7ff7f884020c 1294->1303 1304 7ff7f8840234 1294->1304 1295->1280 1295->1283 1296->1290 1309 7ff7f8840369-7ff7f884037b call 7ff7f883a900 * 2 1296->1309 1297->1296 1299->1282 1311 7ff7f88401e1-7ff7f88401eb 1299->1311 1300->1299 1307 7ff7f8840637-7ff7f884063a 1301->1307 1302->1307 1303->1304 1312 7ff7f884020e-7ff7f8840232 1303->1312 1305 7ff7f8840239-7ff7f8840243 1304->1305 1314 7ff7f8840245-7ff7f884024c 1305->1314 1315 7ff7f8840274 1305->1315 1317 7ff7f884063c-7ff7f884063f GlobalFree 1307->1317 1318 7ff7f8840645-7ff7f8840665 1307->1318 1309->1290 1311->1294 1312->1305 1314->1315 1322 7ff7f884024e-7ff7f8840272 1314->1322 1323 7ff7f8840279-7ff7f884027c 1315->1323 1317->1318 1325 7ff7f8840667-7ff7f884066d 1318->1325 1326 7ff7f8840683-7ff7f88406ab call 7ff7f884a440 1318->1326 1322->1323 1329 7ff7f8840287-7ff7f8840291 1323->1329 1330 7ff7f884027e-7ff7f8840281 1323->1330 1325->1326 1332 7ff7f884066f-7ff7f8840676 1325->1332 1336 7ff7f88402a1 1329->1336 1337 7ff7f8840293-7ff7f884029f 1329->1337 1330->1329 1335 7ff7f88403ea-7ff7f8840432 SetEvent timeGetTime 1330->1335 1332->1326 1338 7ff7f8840678-7ff7f884067e 1332->1338 1340 7ff7f8840618-7ff7f884061e 1335->1340 1341 7ff7f8840438 1335->1341 1342 7ff7f88402a4-7ff7f88402bc CreateWaitableTimerA 1336->1342 1337->1342 1338->1326 1340->1284 1343 7ff7f8840440-7ff7f8840457 WaitForMultipleObjects 1341->1343 1345 7ff7f88403ad-7ff7f88403de SetWaitableTimer 1342->1345 1346 7ff7f88402c2 1342->1346 1348 7ff7f884045d-7ff7f8840462 1343->1348 1349 7ff7f8840613 1343->1349 1345->1335 1347 7ff7f88403e0-7ff7f88403e5 1345->1347 1346->1277 1347->1282 1350 7ff7f8840482-7ff7f8840485 1348->1350 1351 7ff7f8840464-7ff7f8840480 WaitForMultipleObjectsEx 1348->1351 1349->1340 1353 7ff7f8840487-7ff7f88404ac 1350->1353 1354 7ff7f88404b4-7ff7f88404b7 1350->1354 1352 7ff7f88404cf-7ff7f88404eb timeGetTime 1351->1352 1355 7ff7f88404ed-7ff7f88404f6 1352->1355 1356 7ff7f88404fc-7ff7f8840506 1352->1356 1353->1352 1357 7ff7f88404ae-7ff7f88404b2 1353->1357 1354->1352 1358 7ff7f88404b9-7ff7f88404be 1354->1358 1355->1356 1359 7ff7f8840603-7ff7f884060e 1355->1359 1360 7ff7f8840508-7ff7f884050f 1356->1360 1361 7ff7f8840515-7ff7f884051b 1356->1361 1357->1352 1358->1352 1362 7ff7f88404c0-7ff7f88404c9 1358->1362 1359->1284 1360->1359 1360->1361 1363 7ff7f8840521-7ff7f8840527 1361->1363 1364 7ff7f88405ef-7ff7f88405f6 1361->1364 1362->1352 1365 7ff7f88404cb 1362->1365 1363->1364 1366 7ff7f884052d-7ff7f8840530 1363->1366 1364->1340 1367 7ff7f88405f8-7ff7f88405fe 1364->1367 1365->1352 1368 7ff7f8840589-7ff7f884058c 1366->1368 1369 7ff7f8840532-7ff7f8840542 1366->1369 1367->1343 1368->1364 1370 7ff7f884058e-7ff7f8840598 1368->1370 1372 7ff7f88405a4-7ff7f88405b2 call 7ff7f883f890 1369->1372 1373 7ff7f8840544-7ff7f8840555 1369->1373 1370->1372 1372->1349 1380 7ff7f88405b4 1372->1380 1375 7ff7f8840557-7ff7f8840570 1373->1375 1376 7ff7f884057b-7ff7f8840585 1373->1376 1375->1349 1384 7ff7f8840576 1375->1384 1376->1372 1378 7ff7f8840587 1376->1378 1379 7ff7f88405b9-7ff7f88405bf 1378->1379 1382 7ff7f88405c1-7ff7f88405d0 1379->1382 1383 7ff7f88405d3-7ff7f88405d8 1379->1383 1380->1379 1382->1383 1383->1349 1385 7ff7f88405da-7ff7f88405e7 1383->1385 1384->1376 1385->1364 1386 7ff7f88405e9-7ff7f88405ed 1385->1386 1386->1340 1386->1364
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Threadtime$TimerWaitable$CurrentEventGlobalMultipleObjectsPeriodPriorityTimeWait$AllocBeginCancelCloseControlCreateDeviceErrorFreeHandleLastmemset
                                                                                                                                              • String ID: Pro Audio
                                                                                                                                              • API String ID: 3702278133-534910083
                                                                                                                                              • Opcode ID: 9d4be4c0e70e63c06aeb8f37f4186efaefbf5107b4698225e87517db3773cc38
                                                                                                                                              • Instruction ID: 7e083de3d6e0501b557fc2f19759874eb4d21becfdc975cabbe2647207cbe387
                                                                                                                                              • Opcode Fuzzy Hash: 9d4be4c0e70e63c06aeb8f37f4186efaefbf5107b4698225e87517db3773cc38
                                                                                                                                              • Instruction Fuzzy Hash: 94229133A3DB418AEB90EB15E4443AEF3A1FB84B84F584136DA5E47794CF38E4509B94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8846260, Relevance: 17.8, APIs: 14, Instructions: 335memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Global$AllocFree$memset
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1840684195-0
                                                                                                                                              • Opcode ID: b7e89f333e03baeccfa8ec3635c2ba50585afbad42f878ce3ebf915e8941d643
                                                                                                                                              • Instruction ID: 40ff2d17552cfb3aa5b6a2d186d3a059d075fa5e6320a9058f242a09b5d55324
                                                                                                                                              • Opcode Fuzzy Hash: b7e89f333e03baeccfa8ec3635c2ba50585afbad42f878ce3ebf915e8941d643
                                                                                                                                              • Instruction Fuzzy Hash: A0D1A173A297828AEB58EF299400329F2E5FF44B48F484039DE5E87794DF3CE8519794
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F88455F0, Relevance: 16.7, APIs: 11, Instructions: 198synchronizationstringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: wave$ObjectSingleWait$ErrorResetTextstrncpy$CloseEventHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3968797382-0
                                                                                                                                              • Opcode ID: badf30f35108f55086afd3896452e4ee5572380fbae024911acc5ad69cadbb61
                                                                                                                                              • Instruction ID: 7c8d0a93cc26b1c010d84a55c3e534c6c3c0072a0f8595ff81c29a98139c4063
                                                                                                                                              • Opcode Fuzzy Hash: badf30f35108f55086afd3896452e4ee5572380fbae024911acc5ad69cadbb61
                                                                                                                                              • Instruction Fuzzy Hash: B7A1C433A386828AE751AF24D8443ADF761FB84B48F984131CE2E5B2D4DF38D851D7A4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8838160, Relevance: 16.7, APIs: 11, Instructions: 186synchronizationCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: EventWait$CreateMultipleObjectObjectsSingle$InitializeUninitialize
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3619541044-0
                                                                                                                                              • Opcode ID: 64a6669a2d71f1ca16f78a0dd077bb3c4e07a2d1cb3074db3c25d549fdd79fcd
                                                                                                                                              • Instruction ID: e32d23fe5498f02580abff5410cbc01d59c8a90354c72dee67a16f391f775f15
                                                                                                                                              • Opcode Fuzzy Hash: 64a6669a2d71f1ca16f78a0dd077bb3c4e07a2d1cb3074db3c25d549fdd79fcd
                                                                                                                                              • Instruction Fuzzy Hash: 15819022B38A4282EB50AF21D44037DE3A5FB84B88F884035CE5E477D4DF3DD565A7A8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8836C20, Relevance: 15.2, APIs: 10, Instructions: 186COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateEvent
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2692171526-0
                                                                                                                                              • Opcode ID: 12e54d53949fe9e50b1c9be472c49e0529b2acfdc9ef9b3315c92e2b323f7c40
                                                                                                                                              • Instruction ID: ee0733e4d3153733f7d9999153cd4e5acd95278219ede614e6812bcb71ce9996
                                                                                                                                              • Opcode Fuzzy Hash: 12e54d53949fe9e50b1c9be472c49e0529b2acfdc9ef9b3315c92e2b323f7c40
                                                                                                                                              • Instruction Fuzzy Hash: B5815E32A39B4285FB50EF29D4543A9F3A5EB44B48F980035DE1D472D5DF38E464B3A8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8837AA0, Relevance: 7.7, APIs: 5, Instructions: 168timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CounterPerformanceQueryTimetime$Event
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3412427456-0
                                                                                                                                              • Opcode ID: 0e3578919e0d3fd49458ce61318ee20cb955fb801daa432ee8404e9a775f71a5
                                                                                                                                              • Instruction ID: ee79b01da8f2ca36612b788f2a9866a28fcfb7d678c9ca9007ec7e62d8343a47
                                                                                                                                              • Opcode Fuzzy Hash: 0e3578919e0d3fd49458ce61318ee20cb955fb801daa432ee8404e9a775f71a5
                                                                                                                                              • Instruction Fuzzy Hash: 08813532A38B858AD752EF34D040269F365FF85B84F948332EA5E27694DF38D091DB54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F883F890, Relevance: 6.4, APIs: 4, Instructions: 380timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CounterPerformanceQueryTimetime
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3486864420-0
                                                                                                                                              • Opcode ID: 025dd641782a8504f8ec5cbd0c6cfb15018f96bda3a0a5ab17bf53006ffbe818
                                                                                                                                              • Instruction ID: 40d3499736d4921fa5d3aa63ebca031d5d0d78a9af7cd5a700f3433e4526bd34
                                                                                                                                              • Opcode Fuzzy Hash: 025dd641782a8504f8ec5cbd0c6cfb15018f96bda3a0a5ab17bf53006ffbe818
                                                                                                                                              • Instruction Fuzzy Hash: 1F02F133A28A828BD759DF24D1447A9F3A1FB84B84F588231DE1D53394DF38E861E790
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8837150, Relevance: 6.3, APIs: 4, Instructions: 329COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 72f7997e42d195513528a0c7d9df1f55a06fa86b615aae94810eaf430c5cf317
                                                                                                                                              • Instruction ID: 3442ecab4238cb006fb96b285ecdd145eccedd2c70ca95523d5d59b7a6d80c78
                                                                                                                                              • Opcode Fuzzy Hash: 72f7997e42d195513528a0c7d9df1f55a06fa86b615aae94810eaf430c5cf317
                                                                                                                                              • Instruction Fuzzy Hash: 6AE193726286828ADB55AF39C4407A9F7E1FB44B88F449231DE1E47784DF38D8A0E794
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F884AF98, Relevance: .0, Instructions: 2COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: eb8420b68293dc8e739d0621d8510748244a5d8ba891e950f10b2e3562faf8b9
                                                                                                                                              • Instruction ID: 70024c4d151ad53ff925f99349d27ac0f28767ee11728730aeb10a669805ba37
                                                                                                                                              • Opcode Fuzzy Hash: eb8420b68293dc8e739d0621d8510748244a5d8ba891e950f10b2e3562faf8b9
                                                                                                                                              • Instruction Fuzzy Hash: 38A0016293C902A9E744AB40E851060E225EB54305BD80032C12E854E09E7CA460E2A8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8844A60, Relevance: 34.7, APIs: 23, Instructions: 225stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Free$Global$wave$CloseError$HandleLaststrncpy$HeaderTextUnprepare$FormatLocalMessage
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 869473751-0
                                                                                                                                              • Opcode ID: 39347660ca827ad7d5204afd35cbe81ec7110c9be17973e0a01f615e7ceaa009
                                                                                                                                              • Instruction ID: 9ee7c757366d111350f91a6e94a8d81cd6465395d1a2182953222981fa4da801
                                                                                                                                              • Opcode Fuzzy Hash: 39347660ca827ad7d5204afd35cbe81ec7110c9be17973e0a01f615e7ceaa009
                                                                                                                                              • Instruction Fuzzy Hash: F2B1773773EA428AEB25AB61E4543B9E754FF44B44F880135CA6E47794CF3DE024A3A4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F883CEF0, Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 195libraryloadermemoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressProc$GlobalLibraryLoad$AllocFree
                                                                                                                                              • String ID: AvRevertMmThreadCharacteristics$AvSetMmThreadCharacteristicsA$AvSetMmThreadPriority$KsCreatePin$Windows WDM-KS$avrt.dll$ksuser.dll
                                                                                                                                              • API String ID: 3785403523-1390085159
                                                                                                                                              • Opcode ID: 173c9f545705e4a14b2fb026d8d1740fc0b305804a0274ab30cf02a35c46f596
                                                                                                                                              • Instruction ID: 891597964908cc170c61543e2bcd377a17b24959595e0bd423db5b419bb446c2
                                                                                                                                              • Opcode Fuzzy Hash: 173c9f545705e4a14b2fb026d8d1740fc0b305804a0274ab30cf02a35c46f596
                                                                                                                                              • Instruction Fuzzy Hash: 81A14E32639B4685EB50EF15E840169F3A4FF48B54F844136CAAD473A4EF3CD464E3A8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F88406B0, Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 100COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: EventReset$ClassCurrentPriorityProcess_beginthreadex
                                                                                                                                              • String ID: Failed to start processing thread (timeout)!
                                                                                                                                              • API String ID: 3593172058-573555537
                                                                                                                                              • Opcode ID: 41954f506944c1473fe530e24a1281484a31340ca2d16a33545113eb6f9b5fa7
                                                                                                                                              • Instruction ID: 5e564d4e723a4e97b7488cd0b815578d85b03a0e890f3c7cbdef14c74908b0d2
                                                                                                                                              • Opcode Fuzzy Hash: 41954f506944c1473fe530e24a1281484a31340ca2d16a33545113eb6f9b5fa7
                                                                                                                                              • Instruction Fuzzy Hash: 64418F3693EA418AEB50AF20E44427DF361FB94B44F9C0135CA1D073A4CF39E46597A8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8842900, Relevance: 19.7, APIs: 13, Instructions: 247memorystringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: wave$Error$CloseFreeGlobalLastOpenTextstrncpy$AllocCreateEventFormatHandleLocalMessage
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1992027424-0
                                                                                                                                              • Opcode ID: 5e273e5f3622a99860ff5bc3c5fef14ee27756cce4d74aff290448043472b633
                                                                                                                                              • Instruction ID: 0cb61e057dc135f7563089a72244b285c36d2e02add3c9d473559b01cd365932
                                                                                                                                              • Opcode Fuzzy Hash: 5e273e5f3622a99860ff5bc3c5fef14ee27756cce4d74aff290448043472b633
                                                                                                                                              • Instruction Fuzzy Hash: 7EB1A233A3C6828AE724AF25E4403BAE760FB84744F485035DA6A476E4DF3DE4609B94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F883D8E0, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 127COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • , xrefs: 00007FF7F883D9DB
                                                                                                                                              • WdmSyncIoctl: DeviceIoControl GLE = 0x%08X (prop_set = {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, prop_id = %u), xrefs: 00007FF7F883DA52
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseHandle$ControlDeviceErrorLast
                                                                                                                                              • String ID: $WdmSyncIoctl: DeviceIoControl GLE = 0x%08X (prop_set = {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, prop_id = %u)
                                                                                                                                              • API String ID: 971623060-1605171604
                                                                                                                                              • Opcode ID: e42599c23d95299d72e984cc8650ec1a513867516ed5c3a31f69b4e229185723
                                                                                                                                              • Instruction ID: ba1b8b7699299eeafe87aa2df60a6728369de6ba3abe18d878ab1d0d5294cc64
                                                                                                                                              • Opcode Fuzzy Hash: e42599c23d95299d72e984cc8650ec1a513867516ed5c3a31f69b4e229185723
                                                                                                                                              • Instruction Fuzzy Hash: F051FE33A297818EEB519F60E5447ADB7A4FB44B48F480135EE8E03B98CF38D460E764
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8833710, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 76libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProc$memset
                                                                                                                                              • String ID: VerSetConditionMask$VerifyVersionInfoA$kernel32
                                                                                                                                              • API String ID: 651189115-756940344
                                                                                                                                              • Opcode ID: 6e3c2dd8ff59a40b1d8ed536f387f49db1569c369bb11e0ff74d600c8eccac2e
                                                                                                                                              • Instruction ID: f88d11d3a31a5c491e0b9512feeeb9dac6b5f33d4a6ec2a831dc449d42442ffb
                                                                                                                                              • Opcode Fuzzy Hash: 6e3c2dd8ff59a40b1d8ed536f387f49db1569c369bb11e0ff74d600c8eccac2e
                                                                                                                                              • Instruction Fuzzy Hash: 77318122A3D74189E720EF21E4503AAF3A1FB88780F844136DA5D47794EF3CD115DB68
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8833490, Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 57stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: strncpy
                                                                                                                                              • String ID: AUDCLNT_E_NOT_INITIALIZED$AUDCLNT_S_BUFFER_EMPTY$AUDCLNT_S_POSITION_STALLED$AUDCLNT_S_THREAD_ALREADY_REGISTERED$CO_E_NOTINITIALIZED: you must call CoInitialize() before Pa_OpenStream()$E_INVALIDARG$E_POINTER$UNKNOWN ERROR
                                                                                                                                              • API String ID: 3301158039-1235710297
                                                                                                                                              • Opcode ID: 837cd92f9a2b391038c3d09ec6a06dfce892db69d5a936e2ce112b36cf4e868f
                                                                                                                                              • Instruction ID: ae22f7c3ff4820907715ae2bfd7319c35a86af621fb6c90d640d514a410deeb5
                                                                                                                                              • Opcode Fuzzy Hash: 837cd92f9a2b391038c3d09ec6a06dfce892db69d5a936e2ce112b36cf4e868f
                                                                                                                                              • Instruction Fuzzy Hash: 7F212F51E3D60399F729AB08E494074D250AF10340FD85035C52F476E4EF6CBAA8B3A8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F883B780, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 190memoryfileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Global$Allocwcsncpy$ControlCreateDeviceErrorFileFreeLast
                                                                                                                                              • String ID: H
                                                                                                                                              • API String ID: 760590111-2852464175
                                                                                                                                              • Opcode ID: abe8c6ea09aa5294bec3d987625f1050caf266c6c1139e189e7c7ea9305ebd53
                                                                                                                                              • Instruction ID: b200f971fe7f92013a17bcba82bb852079ec49b31878030d757940eca528ffb3
                                                                                                                                              • Opcode Fuzzy Hash: abe8c6ea09aa5294bec3d987625f1050caf266c6c1139e189e7c7ea9305ebd53
                                                                                                                                              • Instruction Fuzzy Hash: 0981C572A39B8686EB10AF14E4403AAF3A0FB84788F854135DE9D47794DF3CD464E7A4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8831B10, Relevance: 12.2, APIs: 8, Instructions: 192COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: fgetc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2807381905-0
                                                                                                                                              • Opcode ID: 484e7f66cad9623dfd93f0c89f06917b6dda49faafdfed4a0233ab0587ec56d1
                                                                                                                                              • Instruction ID: d5b25838f2a2a7fbfb8a083a8cce7a209f2f8876700ad23ec0bac9ae74b90413
                                                                                                                                              • Opcode Fuzzy Hash: 484e7f66cad9623dfd93f0c89f06917b6dda49faafdfed4a0233ab0587ec56d1
                                                                                                                                              • Instruction Fuzzy Hash: CA917C36629A81C8EB509F29C4803ACB7A5FB45B58F904232FA6D477D9DF38D064E364
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8845990, Relevance: 12.1, APIs: 8, Instructions: 90stringsynchronizationCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: wave$Reset$ErrorEventObjectSingleTextWaitstrncpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1787551097-0
                                                                                                                                              • Opcode ID: 388925a3b73f28dc34ebbb46e484883b19be8ae7d92feca68de932ebd26fbff9
                                                                                                                                              • Instruction ID: 62bca4cecc8a18c126d87fa2dff6e05bde21361a44c0cb3cabd5a761c3246ecf
                                                                                                                                              • Opcode Fuzzy Hash: 388925a3b73f28dc34ebbb46e484883b19be8ae7d92feca68de932ebd26fbff9
                                                                                                                                              • Instruction Fuzzy Hash: C0419133A3CA8289E751AF20D8983ADF361FB84B88F880231C91D4B2D4DF7CD55597A4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8832A40, Relevance: 12.1, APIs: 8, Instructions: 75COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@ExceptionFacet_Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterThrowV42@@Vfacet@locale@2@std::_std::bad_alloc::bad_alloc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2498942571-0
                                                                                                                                              • Opcode ID: 6a3cddef68530aea925832fd8ec019111011d254c00c8ba8007bb6a2ec5ab874
                                                                                                                                              • Instruction ID: a1be09e770afaee37a983f8b2e55d075998b6d17e8a9edd5d1d4d689c6ca7833
                                                                                                                                              • Opcode Fuzzy Hash: 6a3cddef68530aea925832fd8ec019111011d254c00c8ba8007bb6a2ec5ab874
                                                                                                                                              • Instruction Fuzzy Hash: 7131A22273CA4181EB10AF15E4401A9E365FB94BA0F980232DA7E477E4DF3CD455E764
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8836880, Relevance: 11.3, APIs: 9, Instructions: 81COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeGlobal$CloseHandlefree$ObjectSignalWait
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1848544661-0
                                                                                                                                              • Opcode ID: a95a5ca0d97107f897e2f1e41158a01c01415ddf5a28de5e58f4534dd6fe2762
                                                                                                                                              • Instruction ID: ccc2dcbac1f30557ad24303199faa44371364b86dfe4121db8455809e8e6dab8
                                                                                                                                              • Opcode Fuzzy Hash: a95a5ca0d97107f897e2f1e41158a01c01415ddf5a28de5e58f4534dd6fe2762
                                                                                                                                              • Instruction Fuzzy Hash: 1041092662AB4185EB55EF65D494278E3A4FF84F88F480132CE2E076A4CF38D455A274
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8842CF0, Relevance: 10.7, APIs: 7, Instructions: 166memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Global$AllocFreeHeaderwave$Prepare$Unprepare
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 336845401-0
                                                                                                                                              • Opcode ID: 20a1b3de0ddba39a31511c4585923e2ccf9c09e77f6a64578e47990864c2fe71
                                                                                                                                              • Instruction ID: 7d52493f27c6e28323029e5154b456172b3e3718d59de03862679ca15271c5ca
                                                                                                                                              • Opcode Fuzzy Hash: 20a1b3de0ddba39a31511c4585923e2ccf9c09e77f6a64578e47990864c2fe71
                                                                                                                                              • Instruction Fuzzy Hash: 7161C233A3DA428AE7609F15D8403A9F3A4FB88B88F840135DA1D47799DF3DD420D794
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8832E10, Relevance: 10.6, APIs: 7, Instructions: 133COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF7F8832EA6
                                                                                                                                              • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?), ref: 00007FF7F8832EF6
                                                                                                                                              • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF7F8832F26
                                                                                                                                              • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140(?), ref: 00007FF7F8832F64
                                                                                                                                              • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7F8832F9B
                                                                                                                                              • ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FF7F8832FA2
                                                                                                                                              • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7F8832FAF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1492985063-0
                                                                                                                                              • Opcode ID: 5a470d230702ac9553b80c5004d0b6c8227f8a65a7e8abad6dffa953891fc051
                                                                                                                                              • Instruction ID: 6f11a2c2e5be3d685ab2e562760c03b503a1d21af23f250354a0cad137f8ff49
                                                                                                                                              • Opcode Fuzzy Hash: 5a470d230702ac9553b80c5004d0b6c8227f8a65a7e8abad6dffa953891fc051
                                                                                                                                              • Instruction Fuzzy Hash: 23517122628A4182EB20AF1AE480278E760FF44F96F95C132DF6E437E4CF3DD555A394
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8832880, Relevance: 10.6, APIs: 7, Instructions: 121COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF7F883290A
                                                                                                                                              • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?), ref: 00007FF7F8832957
                                                                                                                                              • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140(?), ref: 00007FF7F8832980
                                                                                                                                              • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF7F88329A6
                                                                                                                                              • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(?), ref: 00007FF7F88329EE
                                                                                                                                              • ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FF7F88329F5
                                                                                                                                              • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7F8832A02
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1492985063-0
                                                                                                                                              • Opcode ID: fa3846f49341b34f0c9ce691b56e92ea10f7db7ad1b07360798bd1219c76bada
                                                                                                                                              • Instruction ID: a48bfba59524dd083064b972d2cb35ebff55fcbeb0cf6c990183b1c2e0b63f8b
                                                                                                                                              • Opcode Fuzzy Hash: fa3846f49341b34f0c9ce691b56e92ea10f7db7ad1b07360798bd1219c76bada
                                                                                                                                              • Instruction Fuzzy Hash: 05516532628A4182EB209F1AE580678E7A1FB84FD1F55C132DE6E437E4CF3DD951A394
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8832B60, Relevance: 9.1, APIs: 6, Instructions: 137COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: memmovememset$__std_exception_copy_invalid_parameter_noinfo_noreturn
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1390898107-0
                                                                                                                                              • Opcode ID: 21c3e1acc8db02690e20971ad5e51eaa126d8762cca43e317a55df0bf851fa69
                                                                                                                                              • Instruction ID: 20df773f50782e9799c6d8fb92e9747e66590d18dfeccc881855be2b97ec793f
                                                                                                                                              • Opcode Fuzzy Hash: 21c3e1acc8db02690e20971ad5e51eaa126d8762cca43e317a55df0bf851fa69
                                                                                                                                              • Instruction Fuzzy Hash: 5B41C062728B8585EF10AB15E4042A9E365FB48BE4F984635DE7D077C9CF3CD061A358
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F883ACA0, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 194COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • WdmSyncIoctl: DeviceIoControl GLE = 0x%08X (prop_set = {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, prop_id = %u), xrefs: 00007FF7F883ADA1, 00007FF7F883AEB7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ControlDeviceErrorLast$__stdio_common_vsprintfstrncpy
                                                                                                                                              • String ID: WdmSyncIoctl: DeviceIoControl GLE = 0x%08X (prop_set = {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, prop_id = %u)
                                                                                                                                              • API String ID: 1041256053-2093342589
                                                                                                                                              • Opcode ID: f5ac43258ce655f3d08fb0ce2dcec94ee30be914e795fea3f9789a1e764533c6
                                                                                                                                              • Instruction ID: ca01a3325a98150e4b039c1565a9abe353ec8a5a92d058d775958350292a1ae8
                                                                                                                                              • Opcode Fuzzy Hash: f5ac43258ce655f3d08fb0ce2dcec94ee30be914e795fea3f9789a1e764533c6
                                                                                                                                              • Instruction Fuzzy Hash: EA919B73A286818FE350CF25E0806ADBBB5F748388F448129FF8857B98DB78D564DB54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8838FF0, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • WdmSyncIoctl: DeviceIoControl GLE = 0x%08X (prop_set = {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, prop_id = %u), xrefs: 00007FF7F88390B2
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Global$AllocControlDeviceErrorFreeLast__stdio_common_vsprintfstrncpy
                                                                                                                                              • String ID: WdmSyncIoctl: DeviceIoControl GLE = 0x%08X (prop_set = {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, prop_id = %u)
                                                                                                                                              • API String ID: 3475721733-2093342589
                                                                                                                                              • Opcode ID: 3751afd23fd94313b9c5f9107f258501b14125af6cf0b5fd6799929943eb070c
                                                                                                                                              • Instruction ID: a5887768b60b209f289232b30814ed11ca7fa206b6969808882e0e48538d30ee
                                                                                                                                              • Opcode Fuzzy Hash: 3751afd23fd94313b9c5f9107f258501b14125af6cf0b5fd6799929943eb070c
                                                                                                                                              • Instruction Fuzzy Hash: 12418173A286908ED3219F24E4407ADBBA4F749798F440136FE8D43B98DB38D560EB64
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8839190, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • WdmSyncIoctl: DeviceIoControl GLE = 0x%08X (prop_set = {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, prop_id = %u), xrefs: 00007FF7F883927D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Global$AllocControlDeviceErrorFreeLast__stdio_common_vsprintfstrncpy
                                                                                                                                              • String ID: WdmSyncIoctl: DeviceIoControl GLE = 0x%08X (prop_set = {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, prop_id = %u)
                                                                                                                                              • API String ID: 3475721733-2093342589
                                                                                                                                              • Opcode ID: eb555785c168e5c1be1900f089d616f3fd37e952063e8e40a505f85b50b5f41d
                                                                                                                                              • Instruction ID: 3395a1a8789fc60c127e96412584f6e0ce41571f33f3ee0cf617d4550a28cfe0
                                                                                                                                              • Opcode Fuzzy Hash: eb555785c168e5c1be1900f089d616f3fd37e952063e8e40a505f85b50b5f41d
                                                                                                                                              • Instruction Fuzzy Hash: 6F416A7262C7D18AD3709F14E4403AEFBA4F789780F44412AEAD993B95EB3CD4609B94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F88395B0, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: bsearchmemset
                                                                                                                                              • String ID: %s$GetNameFromCategory: usbTerminalGUID = %04X $Out
                                                                                                                                              • API String ID: 543184519-2829479460
                                                                                                                                              • Opcode ID: 8de1e324f237a57e610cf5e577d5df677e2229fb6a84d5446bfd72151bde672b
                                                                                                                                              • Instruction ID: bd7cbe597ef596e6184a659e0a671fea894d29d3b618f0ee1e0f12776f9ff253
                                                                                                                                              • Opcode Fuzzy Hash: 8de1e324f237a57e610cf5e577d5df677e2229fb6a84d5446bfd72151bde672b
                                                                                                                                              • Instruction Fuzzy Hash: D531F512B3D59246FB10B725E8143B6E251EF94340FC84032D96D477D1EE7CE621F2A8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8840860, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 61threadsynchronizationCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • StopStream: GECT says not active, but streamActive = %d, xrefs: 00007FF7F88408E6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Thread$CloseCodeExitHandleObjectSingleTerminateWait
                                                                                                                                              • String ID: StopStream: GECT says not active, but streamActive = %d
                                                                                                                                              • API String ID: 3774109050-3709624623
                                                                                                                                              • Opcode ID: 7556ddea97a2a86863989d46cf8fc6b26f0a411301c5f873bdddebad78de3e62
                                                                                                                                              • Instruction ID: 70d467f7132d4075b630c0478449c753ac4742ef91e415860b1f1b692e896519
                                                                                                                                              • Opcode Fuzzy Hash: 7556ddea97a2a86863989d46cf8fc6b26f0a411301c5f873bdddebad78de3e62
                                                                                                                                              • Instruction Fuzzy Hash: B9219333A3D6418AEB509F25E44426AF360FB84B54F5C0235DA6D473D5CF38D851D7A4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8831F70, Relevance: 7.7, APIs: 5, Instructions: 182COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2ce4b7fbad1b18dae616c155517fe21de5cbc897b9976e24a5ec9fd4a4290fdd
                                                                                                                                              • Instruction ID: 2a2f08372d7c9cefc45d1a03b6da840f716e0152cf977501db19a5c60d4f7e19
                                                                                                                                              • Opcode Fuzzy Hash: 2ce4b7fbad1b18dae616c155517fe21de5cbc897b9976e24a5ec9fd4a4290fdd
                                                                                                                                              • Instruction Fuzzy Hash: 1481A137728A8189EB109F75C4802ECB365F758B98F904632EA2D477D8DF38D454E3A4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F883BC70, Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 153memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocGlobal
                                                                                                                                              • String ID: p
                                                                                                                                              • API String ID: 3761449716-2181537457
                                                                                                                                              • Opcode ID: 844fd08051875ee9351f417e04cdf4e51ba35f6cf7db22eaeb5af57ded5a37da
                                                                                                                                              • Instruction ID: aa66f27a30149cbd6b996813186ee78206619be6952dcc5b265fe779a0701d42
                                                                                                                                              • Opcode Fuzzy Hash: 844fd08051875ee9351f417e04cdf4e51ba35f6cf7db22eaeb5af57ded5a37da
                                                                                                                                              • Instruction Fuzzy Hash: 7961AF72A2869186E760AF29D4443B9F3A0FB84B48F840136EE9D4B794DF7CD490E764
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8842F70, Relevance: 7.6, APIs: 5, Instructions: 72COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeGlobal$HeaderUnpreparewave
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4272073931-0
                                                                                                                                              • Opcode ID: 14b0a22b2d143ebd29ff7fd6a5a15041e43d19e46ad62c9544a068c80665e344
                                                                                                                                              • Instruction ID: abf96b53741bc240acb51c6316c84d1fda94a9a6b81ea934a569b56a14feb168
                                                                                                                                              • Opcode Fuzzy Hash: 14b0a22b2d143ebd29ff7fd6a5a15041e43d19e46ad62c9544a068c80665e344
                                                                                                                                              • Instruction Fuzzy Hash: 1131B237A3CA4189DB209F65E400369E764FB84B94F480235DE5D03B98CF3DE065E3A4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F883D280, Relevance: 7.6, APIs: 5, Instructions: 52COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Free$Global$Library
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3906374761-0
                                                                                                                                              • Opcode ID: de7779065d9e27de0083c57515cccba7bca7cc41a4af38e88492309f0f0a2d7f
                                                                                                                                              • Instruction ID: 98b907c7caa8c481dedbfc5d5287d2c291b91df88fb37b442f067846aa045145
                                                                                                                                              • Opcode Fuzzy Hash: de7779065d9e27de0083c57515cccba7bca7cc41a4af38e88492309f0f0a2d7f
                                                                                                                                              • Instruction Fuzzy Hash: 81212125B3DA4285EB55AB51E550238E360EF84B90F880135DE6E07791CF3CE465A3A4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F884A4D4, Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Initialize__scrt_fastfail__scrt_initialize_default_local_stdio_options_configthreadlocale_initialize_narrow_environment_initialize_onexit_table_onexit
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 544430445-0
                                                                                                                                              • Opcode ID: 4c432e8bc6978fdd2ce30b851d4d6bf45260c43fee42b600850a2c7e388d5554
                                                                                                                                              • Instruction ID: de79a1bf219642f598f090621e0b994dafdfe80487ff856cfe22f7e8cfbfceee
                                                                                                                                              • Opcode Fuzzy Hash: 4c432e8bc6978fdd2ce30b851d4d6bf45260c43fee42b600850a2c7e388d5554
                                                                                                                                              • Instruction Fuzzy Hash: 4E116642E3C1134AFB5477F184172BCC2964F81386FEC0434E93D9A2C3ED1EA86562BA
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8837000, Relevance: 7.5, APIs: 6, Instructions: 39COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2962429428-0
                                                                                                                                              • Opcode ID: 9e6624ae70ade41de59ba5546492f52d8a75d29ce7e5406b8ece5e2c4716d8ab
                                                                                                                                              • Instruction ID: 06b1927b846acb99733af01a4af4a6eaad4f42e0bfdde2e11bd75b5b2395652d
                                                                                                                                              • Opcode Fuzzy Hash: 9e6624ae70ade41de59ba5546492f52d8a75d29ce7e5406b8ece5e2c4716d8ab
                                                                                                                                              • Instruction Fuzzy Hash: AA11246663A64185EB48AFA1E450378E3A8FF54F48F8C0239CF1D076958F389061A278
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8833840, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 121libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                              • String ID: GetVersion$kernel32
                                                                                                                                              • API String ID: 1646373207-209173450
                                                                                                                                              • Opcode ID: 29fca037071f7adab3778fd99ef3a58abf1e590a73340b2a11120186793a6580
                                                                                                                                              • Instruction ID: d615a76d6e836d6c1d713972fb95f69f971b38deaf4cb846b72853a3eb801700
                                                                                                                                              • Opcode Fuzzy Hash: 29fca037071f7adab3778fd99ef3a58abf1e590a73340b2a11120186793a6580
                                                                                                                                              • Instruction Fuzzy Hash: F5415261F3934283F754AB16E880275E291EF48351F881035DD2D873C5DF2DE8A5BB68
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F883AFC0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 71COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • (, xrefs: 00007FF7F883AFF3
                                                                                                                                              • WdmSyncIoctl: DeviceIoControl GLE = 0x%08X (prop_set = {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, prop_id = %u), xrefs: 00007FF7F883B0B6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ControlDeviceErrorLast__stdio_common_vsprintfstrncpy
                                                                                                                                              • String ID: ($WdmSyncIoctl: DeviceIoControl GLE = 0x%08X (prop_set = {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, prop_id = %u)
                                                                                                                                              • API String ID: 183689514-773271522
                                                                                                                                              • Opcode ID: 6df38295a287f4b4003d0de7d77b208deda0323c6d432e71d08a74b7d41dcb14
                                                                                                                                              • Instruction ID: 45472a5b094b798dc5fbae46b0b0ce91a0fe9f62fd6b649b2c4e30d3d25b15d6
                                                                                                                                              • Opcode Fuzzy Hash: 6df38295a287f4b4003d0de7d77b208deda0323c6d432e71d08a74b7d41dcb14
                                                                                                                                              • Instruction Fuzzy Hash: 2731167361C6D18AD3718F15F4403AEFBA4F784784F44812AEAD852A99EF78C4A4DF50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F883B140, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • , xrefs: 00007FF7F883B175
                                                                                                                                              • WdmSyncIoctl: DeviceIoControl GLE = 0x%08X (prop_set = {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, prop_id = %u), xrefs: 00007FF7F883B239
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ControlDeviceErrorLast__stdio_common_vsprintfstrncpy
                                                                                                                                              • String ID: $WdmSyncIoctl: DeviceIoControl GLE = 0x%08X (prop_set = {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, prop_id = %u)
                                                                                                                                              • API String ID: 183689514-1605171604
                                                                                                                                              • Opcode ID: 9f869641f05504a2ee1a37140c50f0505cd7dfeaa68ca4aef91160277eeba7c3
                                                                                                                                              • Instruction ID: 0d71881658a48a38f85972077ca966587f7f502a5ad21ee0c5dcbf63046e92c2
                                                                                                                                              • Opcode Fuzzy Hash: 9f869641f05504a2ee1a37140c50f0505cd7dfeaa68ca4aef91160277eeba7c3
                                                                                                                                              • Instruction Fuzzy Hash: 2331167262C7D18AD3708F14E44079EFBA5F785344F44822AEBD842B59EB39C4A4DF14
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F883BAB0, Relevance: 6.3, APIs: 5, Instructions: 59COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeGlobal$CloseHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 685938282-0
                                                                                                                                              • Opcode ID: 9dd64ce0bc72dbd1bf1b4224770a3a66cc5baccbb0916aec9bf0ccf1963742e4
                                                                                                                                              • Instruction ID: 320d564af2d19f8263080ee055b45cc31aba5ca7be372eaae0f2a13c57ec6efb
                                                                                                                                              • Opcode Fuzzy Hash: 9dd64ce0bc72dbd1bf1b4224770a3a66cc5baccbb0916aec9bf0ccf1963742e4
                                                                                                                                              • Instruction Fuzzy Hash: B1213C66A3AA81C9EB54AF51D450378F360FF84F44F8C1135DE9E07688CF39A461E2A8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F883A7E0, Relevance: 6.3, APIs: 5, Instructions: 42COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeGlobal$CloseHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 685938282-0
                                                                                                                                              • Opcode ID: 97e77e498ff1040b354f6a126d10f018f2533e8da981248b5c61797d6c410641
                                                                                                                                              • Instruction ID: b448c2fbcb8d39213cf9d9536fe60d8cf9b0b05fa934a1952f3719e565b6f5e6
                                                                                                                                              • Opcode Fuzzy Hash: 97e77e498ff1040b354f6a126d10f018f2533e8da981248b5c61797d6c410641
                                                                                                                                              • Instruction Fuzzy Hash: B8013C65E3AB4185EF78AF91E455138E315EF84F80B880535CD2E072858E2D95A6B2A8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8846770, Relevance: 6.3, APIs: 5, Instructions: 32COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeGlobal
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2979337801-0
                                                                                                                                              • Opcode ID: 705ec55655180e86fa21eebcdc13aa7b57ad49a53afa77baacdb0cf2e24f607b
                                                                                                                                              • Instruction ID: 12a61103b10a6c0001ec4b205d931bee951aa0b7d1e6bb9a154cad9f19eb642e
                                                                                                                                              • Opcode Fuzzy Hash: 705ec55655180e86fa21eebcdc13aa7b57ad49a53afa77baacdb0cf2e24f607b
                                                                                                                                              • Instruction Fuzzy Hash: 7501FF96F3E501C9FF69EF91D450334D354AF84F84F5C4631CD2E462918E2D95A8A2B8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F883F680, Relevance: 6.1, APIs: 4, Instructions: 142COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ControlDeviceErrorEventLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3225175882-0
                                                                                                                                              • Opcode ID: 0a8ed8136e80ebe352592e29b2bd60eb9cb5c0c508cedc24735560e7ac646c8e
                                                                                                                                              • Instruction ID: b2092f58de9dbca77cd78ae4d44e6b40e86122083ff8c258e30da154619e0b2f
                                                                                                                                              • Opcode Fuzzy Hash: 0a8ed8136e80ebe352592e29b2bd60eb9cb5c0c508cedc24735560e7ac646c8e
                                                                                                                                              • Instruction Fuzzy Hash: F951C372A28B4686D750EF19D080669F3A1FB88F84F554036DE6D833A4DF38E851E7D4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F88369E0, Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InterfaceReleaseStream
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1045689898-0
                                                                                                                                              • Opcode ID: 5b4c9c652e35fb7ee0fa9a0f4cd9b4c74b6f4306bd2bc5010e23716271d86bfc
                                                                                                                                              • Instruction ID: 699e1e74bba3f3bf71495c36de0aa4d941f045ea250fed3181efb3f19d65d508
                                                                                                                                              • Opcode Fuzzy Hash: 5b4c9c652e35fb7ee0fa9a0f4cd9b4c74b6f4306bd2bc5010e23716271d86bfc
                                                                                                                                              • Instruction Fuzzy Hash: C7315032718B8296E748EF65E58819AF3A8FB48780F944035CFA947260DF38E475D394
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8840960, Relevance: 6.0, APIs: 4, Instructions: 43synchronizationthreadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseEventHandleObjectSingleTerminateThreadWait
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1091591685-0
                                                                                                                                              • Opcode ID: 88e8678b54cb53164f05bb3482d961a11aaae672b2bd81e864c7d54f810080e2
                                                                                                                                              • Instruction ID: a8f2ee17c7c6e5cd397376cde41a987f3dec5ea9520be75155db2215da3a4ffd
                                                                                                                                              • Opcode Fuzzy Hash: 88e8678b54cb53164f05bb3482d961a11aaae672b2bd81e864c7d54f810080e2
                                                                                                                                              • Instruction Fuzzy Hash: A2119433A29A8186DB509F65E444269F360FB88F98F5C4235DF5D47398CF38D891C794
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F884ACD8, Relevance: 6.0, APIs: 4, Instructions: 40timethreadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                              • Opcode ID: 504a3d29fe6e7e7e63868e50e1097cf41553f3d7a77a57b0f081a6b50593d0d8
                                                                                                                                              • Instruction ID: 8ab7fce32a3ac369ee89a23a21affa9c860263034b70ce5bfdbe48e3ab27070e
                                                                                                                                              • Opcode Fuzzy Hash: 504a3d29fe6e7e7e63868e50e1097cf41553f3d7a77a57b0f081a6b50593d0d8
                                                                                                                                              • Instruction Fuzzy Hash: 10118232B28F018AEB10DF70E8450A573A4F70D768B841A31EAAD87B94DF3CD1A48394
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8837DA0, Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentPriorityThread$ClassProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1171435874-0
                                                                                                                                              • Opcode ID: fe7fe0cb352e29b3c077d45a794808c95c07474544cf8a33b929dbde4b31e06c
                                                                                                                                              • Instruction ID: bbb05e511aab7da5a703c3cebbdf2742a1d3d965834d6c71fc3759f931ff9897
                                                                                                                                              • Opcode Fuzzy Hash: fe7fe0cb352e29b3c077d45a794808c95c07474544cf8a33b929dbde4b31e06c
                                                                                                                                              • Instruction Fuzzy Hash: 5001A222B3DA0286DF11EB26F444138E3A1EF88F90F881131D92E07798DF3CD4A497A4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F883B2C0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • WdmSyncIoctl: DeviceIoControl GLE = 0x%08X (prop_set = {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, prop_id = %u), xrefs: 00007FF7F883B3BC
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ControlDeviceErrorLast__stdio_common_vsprintfstrncpy
                                                                                                                                              • String ID: WdmSyncIoctl: DeviceIoControl GLE = 0x%08X (prop_set = {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, prop_id = %u)
                                                                                                                                              • API String ID: 183689514-2093342589
                                                                                                                                              • Opcode ID: 1268d3d406744a4e6c91f5e547d6c03f98367f1331a2d43f1d3c201bcebec5bf
                                                                                                                                              • Instruction ID: df1961bfdeacc7fe6f9782d466b03fa69d58fb98adf3cb295dd88f0206f84e02
                                                                                                                                              • Opcode Fuzzy Hash: 1268d3d406744a4e6c91f5e547d6c03f98367f1331a2d43f1d3c201bcebec5bf
                                                                                                                                              • Instruction Fuzzy Hash: AF41467362C7D08AE3608F15E4407AEFBA0F789784F44412AEAC943B89EB38D464DF54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F8838E30, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • WdmSyncIoctl: DeviceIoControl GLE = 0x%08X (prop_set = {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, prop_id = %u), xrefs: 00007FF7F8838EEF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ControlDeviceErrorLast
                                                                                                                                              • String ID: WdmSyncIoctl: DeviceIoControl GLE = 0x%08X (prop_set = {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, prop_id = %u)
                                                                                                                                              • API String ID: 2645620995-2093342589
                                                                                                                                              • Opcode ID: a0bf472580073778cb1946887acaa3659f220e6df73eb0bf40c1070a67824da6
                                                                                                                                              • Instruction ID: ccf8c48e87604fab08cab83a75fa7b4c5773d20e98c92cc1884e27a6adad2ee8
                                                                                                                                              • Opcode Fuzzy Hash: a0bf472580073778cb1946887acaa3659f220e6df73eb0bf40c1070a67824da6
                                                                                                                                              • Instruction Fuzzy Hash: 1F313673A2C7E08AD3618F15E484B2ABBA9F784780F55412AEE9843B94DB38C460DB54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F883B5F0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • WdmSyncIoctl: DeviceIoControl GLE = 0x%08X (prop_set = {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, prop_id = %u), xrefs: 00007FF7F883B6F4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ControlDeviceErrorLast__stdio_common_vsprintfstrncpy
                                                                                                                                              • String ID: WdmSyncIoctl: DeviceIoControl GLE = 0x%08X (prop_set = {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, prop_id = %u)
                                                                                                                                              • API String ID: 183689514-2093342589
                                                                                                                                              • Opcode ID: b45f7f4dc21d7dd47c80538292bf2ee36c66c1c5839058643d5351ba9ad955ec
                                                                                                                                              • Instruction ID: 455a53ceac114faa20a8d794635581f90a3bbc70474d48717a50750caa6afac4
                                                                                                                                              • Opcode Fuzzy Hash: b45f7f4dc21d7dd47c80538292bf2ee36c66c1c5839058643d5351ba9ad955ec
                                                                                                                                              • Instruction Fuzzy Hash: F141457262C6C18AE3708F11E4403AEFBA4F784780F44422AEAD843A99EF3CD464DF50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F883B460, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • WdmSyncIoctl: DeviceIoControl GLE = 0x%08X (prop_set = {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, prop_id = %u), xrefs: 00007FF7F883B564
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ControlDeviceErrorLast__stdio_common_vsprintfstrncpy
                                                                                                                                              • String ID: WdmSyncIoctl: DeviceIoControl GLE = 0x%08X (prop_set = {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, prop_id = %u)
                                                                                                                                              • API String ID: 183689514-2093342589
                                                                                                                                              • Opcode ID: 7f95914c85adb79b88d00046d2c249fdf8ff404b0da80eb36964112b9e4d056f
                                                                                                                                              • Instruction ID: 0303df613a075ff683c07844c3fdc904681fa1eb439b5468b1a066fb177c8b5a
                                                                                                                                              • Opcode Fuzzy Hash: 7f95914c85adb79b88d00046d2c249fdf8ff404b0da80eb36964112b9e4d056f
                                                                                                                                              • Instruction Fuzzy Hash: B141347262C6D18AE3708F15E4407AEFBA5F784784F44422AEAD843A99EB3CD464DF50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00007FF7F883A900, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • WdmSyncIoctl: DeviceIoControl GLE = 0x%08X (prop_set = {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, prop_id = %u), xrefs: 00007FF7F883AA07
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000001E.00000002.444306589.00007FF7F8831000.00000020.00020000.sdmp, Offset: 00007FF7F8830000, based on PE: true
                                                                                                                                              • Associated: 0000001E.00000002.444287453.00007FF7F8830000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444362903.00007FF7F884C000.00000002.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444385334.00007FF7F8853000.00000004.00020000.sdmp Download File
                                                                                                                                              • Associated: 0000001E.00000002.444424837.00007FF7F8854000.00000002.00020000.sdmp Download File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_30_2_7ff7f8830000_SaveDefaultDevices.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ControlDeviceErrorLast__stdio_common_vsprintfstrncpy
                                                                                                                                              • String ID: WdmSyncIoctl: DeviceIoControl GLE = 0x%08X (prop_set = {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, prop_id = %u)
                                                                                                                                              • API String ID: 183689514-2093342589
                                                                                                                                              • Opcode ID: 487be50cbf4b875682c7cd6b175d61f75d7b75cad2fdd4b9cc68eaa69675904a
                                                                                                                                              • Instruction ID: 56719ba777649aca957f3d0f6f752e66f1fdbee3bc862a289bb0e60da114df07
                                                                                                                                              • Opcode Fuzzy Hash: 487be50cbf4b875682c7cd6b175d61f75d7b75cad2fdd4b9cc68eaa69675904a
                                                                                                                                              • Instruction Fuzzy Hash: 54412572A2C7C08AD3719F14E0403AAFBA4F785380F44412AEBD842B98EB3DC464DF54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%