Edit tour

Windows Analysis Report
setup.msi

Overview

General Information

Sample name:	setup.msi
Analysis ID:	1582857
MD5:	3071ce4beeeb67a761ded31e9af3303e
SHA1:	0ae5392d7a1c2cef1a3d30363db0fefb86e64417
SHA256:	ee496f1691290fd1ae686421276bf631156b39a7f80b2c036e076f6df86f77bc
Tags:	kansascityseor-comLegionLoadermsiRobotDropperuser-aachum
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Suricata IDS alerts for network traffic

AI detected suspicious sample

Bypasses PowerShell execution policy

Potentially malicious time measurement code found

Sigma detected: Script Interpreter Execution From Suspicious Folder

Sigma detected: Suspicious Script Execution From Temp Folder

Binary contains a suspicious time stamp

Checks for available system drives (often done to infect USB drives)

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Launches processes in debugging mode, may be used to hinder debugging

May sleep (evasive loops) to hinder dynamic analysis

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: Msiexec Initiated Connection

Sigma detected: Suspicious MsiExec Embedding Parent

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara detected AdvancedInstaller

Classification

Process Tree

System is w10x64

msiexec.exe (PID: 5780 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi" MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 1476 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 6008 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 43F1EC6987E12326EB8EEF7562076489 MD5: 9D09DC1EDA745A5F87553048E57620CF)

powershell.exe (PID: 6672 cmdline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss8679.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi8676.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr8677.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr8678.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue." MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 6556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6556 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\suriqk.bat" "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

obs-ffmpeg-mux.exe (PID: 6728 cmdline: "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe" MD5: D3CAC4D7B35BACAE314F48C374452D71)

conhost.exe (PID: 6000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

createdump.exe (PID: 6660 cmdline: "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe" MD5: 71F796B486C7FAF25B9B16233A7CE0CD)

conhost.exe (PID: 5360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_AdvancedInstaller	Yara detected AdvancedInstaller	Joe Security

Sigma Signatures

System Summary

Sigma detected: Script Interpreter Execution From Suspicious Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss8679.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi8676.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr8677.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr8678.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss8679.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi8676.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr8677.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr8678.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 43F1EC6987E12326EB8EEF7562076489, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6008, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss8679.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi8676.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr8677.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr8678.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 6672, ProcessName: powershell.exe

Sigma detected: Suspicious Script Execution From Temp Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss8679.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi8676.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr8677.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr8678.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss8679.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi8676.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr8677.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr8678.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 43F1EC6987E12326EB8EEF7562076489, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6008, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss8679.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi8676.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr8677.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr8678.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 6672, ProcessName: powershell.exe

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss8679.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi8676.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr8677.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr8678.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss8679.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi8676.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr8677.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr8678.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 43F1EC6987E12326EB8EEF7562076489, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6008, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss8679.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi8676.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr8677.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr8678.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 6672, ProcessName: powershell.exe

Sigma detected: Msiexec Initiated Connection

Source: Network Connection

Author: frack113: Data: DestinationIp: 188.114.97.3, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 6008, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49704

Sigma detected: Suspicious MsiExec Embedding Parent

Source: Process started

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss8679.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi8676.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr8677.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr8678.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss8679.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi8676.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr8677.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr8678.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 43F1EC6987E12326EB8EEF7562076489, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6008, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss8679.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi8676.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr8677.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr8678.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 6672, ProcessName: powershell.exe

Suricata Signatures

ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T17:09:27.539371+0100	2829202	1	A Network Trojan was detected	192.168.2.5	49704	188.114.97.3	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 92.8% probability

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B7114EE-00D6-44D7-B716-410C9ADE9DAB}

Jump to behavior

Source: unknown

HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49704 version: TLS 1.2

Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb source: createdump.exe, 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000008.00000000.2230364693.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmp, createdump.exe.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb= source: setup.msi
Source:	Binary string: ucrtbase.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.1.dr
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: api-ms-win-core-memory-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: api-ms-win-core-debug-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
Source:	Binary string: Microsoft.Web.WebView2.Core.pdbGCTL source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\msvcp140_app.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.1.dr
Source:	Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcomp140_app.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb!! source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: obs-ffmpeg-mux.exe, 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmp, vcruntime140.dll.1.dr
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdb source: api-ms-win-core-console-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-file-l1-1-0.pdb source: api-ms-win-core-file-l1-1-0.dll.1.dr
Source:	Binary string: obs-ffmpeg-mux.pdb source: obs-ffmpeg-mux.exe, 0000000B.00000002.2238957985.00007FF6AB245000.00000004.00000001.01000000.00000007.sdmp, obs-ffmpeg-mux.exe, 0000000B.00000000.2237219754.00007FF6AB245000.00000002.00000001.01000000.00000007.sdmp, obs-ffmpeg-mux.exe.1.dr
Source:	Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb;;;GCTL source: createdump.exe, 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000008.00000000.2230364693.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmp, createdump.exe.1.dr
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: msvcp140.dll.1.dr
Source:	Binary string: Microsoft.Web.WebView2.Core.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: ucrtbase.pdbUGP source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.1.dr
Source:	Binary string: w32-pthreads.pdb source: obs-ffmpeg-mux.exe, 0000000B.00000002.2248326454.00007FF8BFBA8000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: setup.msi, MSI626A.tmp.1.dr, MSI623A.tmp.1.dr, MSI613C.tmp.1.dr, 5c5709.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb)) source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdbk source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdbj source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbm source: setup.msi, MSI61FA.tmp.1.dr, 5c5709.msi.1.dr
Source:	Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcamp140_app.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vccorlib140_app.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.1.dr
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
Source:	Binary string: D:\releases\dva\shared\adobe\utest\lib\win\release\64\utest.pdb source: utest.dll.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.1.dr
Source:	Binary string: D:\releases\dva\shared\adobe\utest\lib\win\release\64\utest.pdb((! source: utest.dll.1.dr
Source:	Binary string: C:\a\_work\1\s\BuildOutput\Release\x86\Microsoft.UI.Xaml\Microsoft.UI.Xaml.pdb source: setup.msi
Source:	Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\vcruntime140_app.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb source: setup.msi
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: setup.msi, MSI61FA.tmp.1.dr, 5c5709.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: setup.msi, 5c5709.msi.1.dr

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe

Code function: 4x nop then push rbx

11_2_00007FF8A7B846C0

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2829202 - Severity 1 - ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA : 192.168.2.5:49704 -> 188.114.97.3:443

Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: kansascityseor.com

Source: unknown

HTTP traffic detected: POST /updater.php HTTP/1.1Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: AdvancedInstallerHost: kansascityseor.comContent-Length: 71Cache-Control: no-cache

Source: setup.msi, utest.dll.1.dr, 5c5709.msi.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr, obs-ffmpeg-mux.exe.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: utest.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: utest.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: setup.msi, utest.dll.1.dr, 5c5709.msi.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr, obs-ffmpeg-mux.exe.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr, obs-ffmpeg-mux.exe.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr, obs-ffmpeg-mux.exe.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: setup.msi, 5c5709.msi.1.dr	String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: createdump.exe.1.dr	String found in binary or memory: http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
Source: createdump.exe.1.dr	String found in binary or memory: http://ccsca2021.ocsp-certum.com05
Source: createdump.exe.1.dr	String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: createdump.exe.1.dr	String found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
Source: createdump.exe.1.dr	String found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr, obs-ffmpeg-mux.exe.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: setup.msi, utest.dll.1.dr, 5c5709.msi.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: utest.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: setup.msi, 5c5709.msi.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr, obs-ffmpeg-mux.exe.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr, obs-ffmpeg-mux.exe.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: obs-ffmpeg-mux.exe.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: utest.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: setup.msi, 5c5709.msi.1.dr	String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: setup.msi, utest.dll.1.dr, 5c5709.msi.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: setup.msi, utest.dll.1.dr, 5c5709.msi.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: utest.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr, obs-ffmpeg-mux.exe.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: utest.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: setup.msi, 5c5709.msi.1.dr	String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0K
Source: setup.msi, utest.dll.1.dr, 5c5709.msi.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: obs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 0000000B.00000002.2239414986.00007FF8A4AEB000.00000002.00000001.01000000.0000000B.sdmp, avformat-60.dll.1.dr	String found in binary or memory: http://dashif.org/guidelines/trickmode
Source: powershell.exe, 00000004.00000002.2184568875.0000000005B5A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr, obs-ffmpeg-mux.exe.1.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr, obs-ffmpeg-mux.exe.1.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: setup.msi, avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr, utest.dll.1.dr, obs-ffmpeg-mux.exe.1.dr, 5c5709.msi.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: utest.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0H
Source: utest.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0I
Source: setup.msi, 5c5709.msi.1.dr	String found in binary or memory: http://ocsp.digicert.com0K
Source: setup.msi, 5c5709.msi.1.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: setup.msi, utest.dll.1.dr, 5c5709.msi.1.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr, obs-ffmpeg-mux.exe.1.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: powershell.exe, 00000004.00000002.2181932305.0000000004C46000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2181180675.0000000002AC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: createdump.exe.1.dr	String found in binary or memory: http://repository.certum.pl/ccsca2021.cer0
Source: createdump.exe.1.dr	String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: createdump.exe.1.dr	String found in binary or memory: http://repository.certum.pl/ctnca2.cer09
Source: createdump.exe.1.dr	String found in binary or memory: http://repository.certum.pl/ctsca2021.cer0
Source: setup.msi, 5c5709.msi.1.dr	String found in binary or memory: http://schemas.micj
Source: powershell.exe, 00000004.00000002.2181932305.0000000004AF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: obs-ffmpeg-mux.exe, 0000000B.00000002.2239414986.00007FF8A4AEB000.00000002.00000001.01000000.0000000B.sdmp, avformat-60.dll.1.dr	String found in binary or memory: http://standards.iso.org/ittf/PubliclyAvailableStandards/MPEG-DASH_schema_files/DASH-MPD.xsd
Source: createdump.exe.1.dr	String found in binary or memory: http://subca.ocsp-certum.com01
Source: createdump.exe.1.dr	String found in binary or memory: http://subca.ocsp-certum.com02
Source: createdump.exe.1.dr	String found in binary or memory: http://subca.ocsp-certum.com05
Source: powershell.exe, 00000004.00000002.2181932305.0000000004C46000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2181180675.0000000002AC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: createdump.exe.1.dr	String found in binary or memory: http://www.certum.pl/CPS0
Source: setup.msi, avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr, utest.dll.1.dr, obs-ffmpeg-mux.exe.1.dr, 5c5709.msi.1.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: utest.dll.1.dr	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: obs-ffmpeg-mux.exe, 0000000B.00000002.2242775751.00007FF8A6CC0000.00000002.00000001.01000000.00000009.sdmp	String found in binary or memory: http://www.videolan.org/x264.html
Source: zlib.dll.1.dr	String found in binary or memory: http://www.zlib.net/D
Source: powershell.exe, 00000004.00000002.2181932305.0000000004AF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6lBcq
Source: setup.msi	String found in binary or memory: https://aka.ms/winui2/webview2download/Reload():
Source: powershell.exe, 00000004.00000002.2184568875.0000000005B5A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000004.00000002.2184568875.0000000005B5A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000004.00000002.2184568875.0000000005B5A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: powershell.exe, 00000004.00000002.2181932305.0000000004C46000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2181180675.0000000002AC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: utest.dll.1.dr	String found in binary or memory: https://github.com/google/googletest/
Source: utest.dll.1.dr	String found in binary or memory: https://github.com/google/googletest/blob/master/googlemock/docs/CookBook.md#knowing-when-to-expect
Source: powershell.exe, 00000004.00000002.2181932305.0000000005388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: setup.msi, 5c5709.msi.1.dr	String found in binary or memory: https://kansascityseor.com/updater.phpx
Source: powershell.exe, 00000004.00000002.2184568875.0000000005B5A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: obs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://streams.videolan.org/upload/
Source: createdump.exe.1.dr	String found in binary or memory: https://www.certum.pl/CPS0
Source: setup.msi, utest.dll.1.dr, 5c5709.msi.1.dr	String found in binary or memory: https://www.digicert.com/CPS0

Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown

HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49704 version: TLS 1.2

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\5c5709.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI60CD.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI613C.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI618B.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI61BB.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI61FA.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI623A.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI626A.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI80D0.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{5B7114EE-00D6-44D7-B716-410C9ADE9DAB}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI8601.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI8612.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\5c570c.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\5c570c.msi	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSI60CD.tmp

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF6AB242EE0	11_2_00007FF6AB242EE0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF6AB242A10	11_2_00007FF6AB242A10
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0B8D0	11_2_00007FF8A7B0B8D0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0D8D0	11_2_00007FF8A7B0D8D0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B328B0	11_2_00007FF8A7B328B0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B84840	11_2_00007FF8A7B84840
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0E820	11_2_00007FF8A7B0E820
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B26820	11_2_00007FF8A7B26820
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B287F0	11_2_00007FF8A7B287F0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0B790	11_2_00007FF8A7B0B790
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B01730	11_2_00007FF8A7B01730
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0D700	11_2_00007FF8A7B0D700
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0B6A0	11_2_00007FF8A7B0B6A0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BB0640	11_2_00007FF8A7BB0640
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B2C650	11_2_00007FF8A7B2C650
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0B5C0	11_2_00007FF8A7B0B5C0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0D5C0	11_2_00007FF8A7B0D5C0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B23580	11_2_00007FF8A7B23580
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B43560	11_2_00007FF8A7B43560
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0A520	11_2_00007FF8A7B0A520
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0E4C0	11_2_00007FF8A7B0E4C0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B224D0	11_2_00007FF8A7B224D0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B444D0	11_2_00007FF8A7B444D0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0B460	11_2_00007FF8A7B0B460
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B013A0	11_2_00007FF8A7B013A0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B233E0	11_2_00007FF8A7B233E0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0B380	11_2_00007FF8A7B0B380
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B45350	11_2_00007FF8A7B45350
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B46350	11_2_00007FF8A7B46350
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B44330	11_2_00007FF8A7B44330
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B2F2C0	11_2_00007FF8A7B2F2C0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0C2F0	11_2_00007FF8A7B0C2F0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B07260	11_2_00007FF8A7B07260
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0D210	11_2_00007FF8A7B0D210
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0C1A0	11_2_00007FF8A7B0C1A0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0A1B0	11_2_00007FF8A7B0A1B0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0B150	11_2_00007FF8A7B0B150
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B31160	11_2_00007FF8A7B31160
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B330A0	11_2_00007FF8A7B330A0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0B030	11_2_00007FF8A7B0B030
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0D030	11_2_00007FF8A7B0D030
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B22F20	11_2_00007FF8A7B22F20
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0DEF0	11_2_00007FF8A7B0DEF0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B06E70	11_2_00007FF8A7B06E70
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B41E10	11_2_00007FF8A7B41E10
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0BE20	11_2_00007FF8A7B0BE20
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B1FDF0	11_2_00007FF8A7B1FDF0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B32D90	11_2_00007FF8A7B32D90
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B09D50	11_2_00007FF8A7B09D50
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B22D20	11_2_00007FF8A7B22D20
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B42CC0	11_2_00007FF8A7B42CC0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0CCE0	11_2_00007FF8A7B0CCE0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B24C80	11_2_00007FF8A7B24C80
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B01C30	11_2_00007FF8A7B01C30
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B33C00	11_2_00007FF8A7B33C00
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B4CBE0	11_2_00007FF8A7B4CBE0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B03B87	11_2_00007FF8A7B03B87
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B22BF0	11_2_00007FF8A7B22BF0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B62B80	11_2_00007FF8A7B62B80
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B32B40	11_2_00007FF8A7B32B40
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B42B60	11_2_00007FF8A7B42B60
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B45B00	11_2_00007FF8A7B45B00
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BADAA0	11_2_00007FF8A7BADAA0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B09A50	11_2_00007FF8A7B09A50
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0BA70	11_2_00007FF8A7B0BA70
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B099C0	11_2_00007FF8A7B099C0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B01990	11_2_00007FF8A7B01990
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B25980	11_2_00007FF8A7B25980
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0E9A0	11_2_00007FF8A7B0E9A0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B0D9B0	11_2_00007FF8A7B0D9B0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B309B0	11_2_00007FF8A7B309B0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7B34920	11_2_00007FF8A7B34920
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8BFB568B0	11_2_00007FF8BFB568B0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8BFB64B4A	11_2_00007FF8BFB64B4A
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8BFB63AA7	11_2_00007FF8BFB63AA7
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8BFB58DB0	11_2_00007FF8BFB58DB0
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8BFB87508	11_2_00007FF8BFB87508

Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: String function: 00007FF8BFB62038 appears 32 times
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: String function: 00007FF8A7B256C0 appears 288 times

Source: avcodec-60.dll.1.dr	Static PE information: Number of sections : 13 > 10
Source: avutil-58.dll.1.dr	Static PE information: Number of sections : 12 > 10
Source: swresample-4.dll.1.dr	Static PE information: Number of sections : 12 > 10
Source: swscale-7.dll.1.dr	Static PE information: Number of sections : 12 > 10
Source: zlib.dll.1.dr	Static PE information: Number of sections : 12 > 10
Source: avformat-60.dll.1.dr	Static PE information: Number of sections : 12 > 10

Source: api-ms-win-core-handle-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found

Source: setup.msi	Binary or memory string: OriginalFilenameAICustAct.dllF vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenameSoftwareDetector.dllF vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenameDataUploader.dllF vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenamePowerShellScriptLauncher.dllF vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenameucrtbase.dllj% vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenamevcruntime140.dllT vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenamemsvcp140.dllT vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenameMicrosoft.Web.WebView2.Core.dll vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenameMicrosoft.UI.Xaml.dllD vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenameembeddeduiproxy.dllF vs setup.msi

Source: classification engine

Classification label: mal68.evad.winMSI@17/88@1/1

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\CML8F11.tmp

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5360:120:WilError_03
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5268:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6000:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6556:120:WilError_03

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DFBFAAE296DA8ED10A.TMP

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\suriqk.bat" "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe""

Source: C:\Windows\SysWOW64\msiexec.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload

Jump to behavior

Source: obs-ffmpeg-mux.exe	String found in binary or memory: #EXT-X-START value isinvalid, it will be ignored
Source: obs-ffmpeg-mux.exe	String found in binary or memory: #EXT-X-START:
Source: obs-ffmpeg-mux.exe	String found in binary or memory: prefer to use #EXT-X-START if it's in playlist instead of live_start_index
Source: obs-ffmpeg-mux.exe	String found in binary or memory: start/stop audio
Source: obs-ffmpeg-mux.exe	String found in binary or memory: start/stop audio

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 43F1EC6987E12326EB8EEF7562076489
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss8679.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi8676.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr8677.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr8678.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\suriqk.bat" "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe""
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe"
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 43F1EC6987E12326EB8EEF7562076489	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss8679.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi8676.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr8677.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr8678.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe"	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.ui.immersive.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Section loaded: obs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Section loaded: avcodec-60.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Section loaded: avutil-58.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Section loaded: avformat-60.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Section loaded: w32-pthreads.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Section loaded: swresample-4.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Section loaded: sspicli.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B7114EE-00D6-44D7-B716-410C9ADE9DAB}

Jump to behavior

Source: setup.msi

Static file information: File size 60716544 > 1048576

Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb source: createdump.exe, 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000008.00000000.2230364693.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmp, createdump.exe.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb= source: setup.msi
Source:	Binary string: ucrtbase.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.1.dr
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: api-ms-win-core-memory-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: api-ms-win-core-debug-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
Source:	Binary string: Microsoft.Web.WebView2.Core.pdbGCTL source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\msvcp140_app.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.1.dr
Source:	Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcomp140_app.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb!! source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: obs-ffmpeg-mux.exe, 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmp, vcruntime140.dll.1.dr
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdb source: api-ms-win-core-console-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-file-l1-1-0.pdb source: api-ms-win-core-file-l1-1-0.dll.1.dr
Source:	Binary string: obs-ffmpeg-mux.pdb source: obs-ffmpeg-mux.exe, 0000000B.00000002.2238957985.00007FF6AB245000.00000004.00000001.01000000.00000007.sdmp, obs-ffmpeg-mux.exe, 0000000B.00000000.2237219754.00007FF6AB245000.00000002.00000001.01000000.00000007.sdmp, obs-ffmpeg-mux.exe.1.dr
Source:	Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb;;;GCTL source: createdump.exe, 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000008.00000000.2230364693.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmp, createdump.exe.1.dr
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: msvcp140.dll.1.dr
Source:	Binary string: Microsoft.Web.WebView2.Core.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: ucrtbase.pdbUGP source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.1.dr
Source:	Binary string: w32-pthreads.pdb source: obs-ffmpeg-mux.exe, 0000000B.00000002.2248326454.00007FF8BFBA8000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: setup.msi, MSI626A.tmp.1.dr, MSI623A.tmp.1.dr, MSI613C.tmp.1.dr, 5c5709.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb)) source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdbk source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdbj source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbm source: setup.msi, MSI61FA.tmp.1.dr, 5c5709.msi.1.dr
Source:	Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcamp140_app.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vccorlib140_app.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.1.dr
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
Source:	Binary string: D:\releases\dva\shared\adobe\utest\lib\win\release\64\utest.pdb source: utest.dll.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.1.dr
Source:	Binary string: D:\releases\dva\shared\adobe\utest\lib\win\release\64\utest.pdb((! source: utest.dll.1.dr
Source:	Binary string: C:\a\_work\1\s\BuildOutput\Release\x86\Microsoft.UI.Xaml\Microsoft.UI.Xaml.pdb source: setup.msi
Source:	Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\vcruntime140_app.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb source: setup.msi
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: setup.msi, 5c5709.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: setup.msi, MSI61FA.tmp.1.dr, 5c5709.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: setup.msi, 5c5709.msi.1.dr

Source: api-ms-win-core-synch-l1-2-0.dll.1.dr

Static PE information: 0x8A188CB0 [Tue Jun 2 13:31:28 2043 UTC]

Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe

Code function: 11_2_00007FF8A7B1ED32 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,

11_2_00007FF8A7B1ED32

Source: vcruntime140.dll.1.dr	Static PE information: section name: _RDATA
Source: BCUninstaller.exe.1.dr	Static PE information: section name: _RDATA
Source: createdump.exe.1.dr	Static PE information: section name: _RDATA
Source: UnRar.exe.1.dr	Static PE information: section name: _RDATA
Source: avformat-60.dll.1.dr	Static PE information: section name: .xdata
Source: avutil-58.dll.1.dr	Static PE information: section name: .xdata
Source: swresample-4.dll.1.dr	Static PE information: section name: .xdata
Source: swscale-7.dll.1.dr	Static PE information: section name: .xdata
Source: zlib.dll.1.dr	Static PE information: section name: .xdata
Source: avcodec-60.dll.1.dr	Static PE information: section name: .rodata
Source: avcodec-60.dll.1.dr	Static PE information: section name: .xdata
Source: MSI8612.tmp.1.dr	Static PE information: section name: .fptable
Source: MSI60CD.tmp.1.dr	Static PE information: section name: .fptable
Source: MSI613C.tmp.1.dr	Static PE information: section name: .fptable
Source: MSI618B.tmp.1.dr	Static PE information: section name: .fptable
Source: MSI61BB.tmp.1.dr	Static PE information: section name: .fptable
Source: MSI61FA.tmp.1.dr	Static PE information: section name: .fptable
Source: MSI623A.tmp.1.dr	Static PE information: section name: .fptable
Source: MSI626A.tmp.1.dr	Static PE information: section name: .fptable
Source: MSI80D0.tmp.1.dr	Static PE information: section name: .fptable

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI623A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI61FA.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\utest.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\avformat-60.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\avcodec-60.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\vcruntime140_1.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI80D0.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\BCUninstaller.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI626A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI60CD.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI61BB.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\avutil-58.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI8612.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\w32-pthreads.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\zlib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-console-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\UnRar.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI618B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\msvcp140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\swscale-7.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\swresample-4.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI613C.tmp	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI623A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI626A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI60CD.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI618B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI61BB.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI80D0.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI61FA.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI8612.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI613C.tmp	Jump to dropped file

Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe

Code function: 11_2_00007FF8A7B1B840 FreeLibrary,free,calloc,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryExW,_aligned_free,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,_errno,GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryExA,FreeLibrary,free,wcslen,GetModuleFileNameW,_aligned_free,_aligned_free,_aligned_free,wcscpy,LoadLibraryExW,LoadLibraryExW,_aligned_free,_aligned_free,_aligned_free,_aligned_free,_aligned_free,_aligned_free,_aligned_free,GetSystemDirectoryW,GetSystemDirectoryW,GetSystemDirectoryW,wcscpy,LoadLibraryExW,_aligned_free,_aligned_free,_aligned_free,_aligned_free,

11_2_00007FF8A7B1B840

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe

Code function: 11_2_00007FF8A7B32D90 rdtsc

11_2_00007FF8A7B32D90

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 875			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3138			Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI623A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI626A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI60CD.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI61BB.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI61FA.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI8612.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\utest.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\zlib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-console-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\UnRar.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI618B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\vcruntime140_1.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI80D0.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\msvcp140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\swscale-7.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\BCUninstaller.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI613C.tmp	Jump to dropped file

Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe

API coverage: 8.2 %

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2820	Thread sleep count: 875 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2820	Thread sleep count: 3138 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6508	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2300	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: 5c5709.msi.1.dr	Binary or memory string: HKEY_USERSRegOpenKeyTransactedW::NetUserGetInfo() failed with error: \@invalid string_view positionVMware, Inc.VMware Virtual PlatformVMware7,1VMware20,1innotek GmbHVirtualBoxMicrosoft CorporationVirtual MachineVRTUALACRSYSA M IGetting system informationManufacturer [Model [BIOS [\\?\UNC\\\?\shim_clone%d.%d.%d.%dDllGetVersion[%!]%!ProgramFilesFolderCommonFilesFolderDesktopFolderAllUsersDesktopFolderAppDataFolderFavoritesFolderStartMenuFolderProgramMenuFolderStartupFolderFontsFolderLocalAppDataFolderCommonAppDataFolderProgramFiles64FolderProgramFilesProgramW6432SystemFolderSystem32FolderWindowsFolderWindowsVolumeTempFolderSETUPEXEDIRshfolder.dllSHGetFolderPathWProgramFilesAPPDATAPROGRAMFILES&+
Source: obs-ffmpeg-mux.exe, 0000000B.00000002.2242775751.00007FF8A68AA000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: vmncVMware Screen Codec / VMware Video @
Source: obs-ffmpeg-mux.exe, 0000000B.00000002.2242775751.00007FF8A679D000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: VMware Screen Codec / VMware Video

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Potentially malicious time measurement code found

Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe

Code function: 11_2_00007FF8A7B32D90 Start: 00007FF8A7B3300F End: 00007FF8A7B32E85

11_2_00007FF8A7B32D90

Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe

Code function: 11_2_00007FF8A7B32D90 rdtsc

11_2_00007FF8A7B32D90

Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe

Code function: 8_2_00007FF7A8532ECC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

8_2_00007FF7A8532ECC

Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe

Code function: 11_2_00007FF8A7B1ED32 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,

11_2_00007FF8A7B1ED32

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe	Code function: 8_2_00007FF7A8532984 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_00007FF7A8532984
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe	Code function: 8_2_00007FF7A8533074 SetUnhandledExceptionFilter,	8_2_00007FF7A8533074
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe	Code function: 8_2_00007FF7A8532ECC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00007FF7A8532ECC
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF6AB243774 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_00007FF6AB243774
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF6AB243C5C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_00007FF6AB243C5C
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF6AB243E04 SetUnhandledExceptionFilter,	11_2_00007FF6AB243E04
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8BFB9004C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_00007FF8BFB9004C
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8BFBA6CBC IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_00007FF8BFBA6CBC
Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8BFBA6710 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_00007FF8BFBA6710

HIPS / PFW / Operating System Protection Evasion

Bypasses PowerShell execution policy

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss8679.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi8676.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr8677.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr8678.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."

Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss8679.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi8676.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr8677.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr8678.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."			Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe"			Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\pss8679.ps1" -propfile "c:\users\user\appdata\local\temp\msi8676.txt" -scriptfile "c:\users\user\appdata\local\temp\scr8677.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scr8678.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\pss8679.ps1" -propfile "c:\users\user\appdata\local\temp\msi8676.txt" -scriptfile "c:\users\user\appdata\local\temp\scr8677.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scr8678.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."			Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe

Code function: 8_2_00007FF7A8532DA0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

8_2_00007FF7A8532DA0

Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe

Code function: 11_2_00007FF8A7BA9720 GetTimeZoneInformation,GetSystemTimeAsFileTime,

11_2_00007FF8A7BA9720

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	1 Replication Through Removable Media	12 Command and Scripting Interpreter	1 Windows Service	1 Windows Service	21 Masquerading	OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 Scripting	11 Process Injection	1 Disable or Modify Tools	LSASS Memory	21 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 PowerShell	1 DLL Side-Loading	1 DLL Side-Loading	21 Virtualization/Sandbox Evasion	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	21 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Obfuscated Files or Information	Cached Domain Credentials	11 Peripheral Device Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Timestomp	DCSync	13 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 File Deletion	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
setup.msi	7%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\BCUninstaller.exe	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\UnRar.exe	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-console-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-console-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-datetime-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-debug-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-errorhandling-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l2-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-handle-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-heap-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-interlocked-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-libraryloader-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-localization-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-memory-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-namedpipe-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processenvironment-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processthreads-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processthreads-l1-1-1.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-profile-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-rtlsupport-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-string-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-synch-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-synch-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-sysinfo-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-timezone-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-util-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-conio-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-convert-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-environment-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-filesystem-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\avcodec-60.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\avformat-60.dll	3%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\avutil-58.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\msvcp140.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\swresample-4.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\swscale-7.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\utest.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\vcruntime140_1.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\w32-pthreads.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\zlib.dll	0%	ReversingLabs
C:\Windows\Installer\MSI60CD.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI613C.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI618B.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI61BB.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI61FA.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI623A.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI626A.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI80D0.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI8612.tmp	0%	ReversingLabs

Source	Detection	Scanner	Label
https://kansascityseor.com/updater.php	0%	Avira URL Cloud	safe
https://kansascityseor.com/updater.phpx	0%	Avira URL Cloud	safe
http://schemas.micj	0%	Avira URL Cloud	safe
http://ccsca2021.ocsp-certum.com05	0%	Avira URL Cloud	safe
http://dashif.org/guidelines/trickmode	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
kansascityseor.com	188.114.97.3	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://kansascityseor.com/updater.php	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://nuget.org/NuGet.exe	powershell.exe, 00000004.00000002.2184568875.0000000005B5A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.certum.pl/ctsca2021.crl0o	createdump.exe.1.dr	false		high
http://repository.certum.pl/ctnca.cer09	createdump.exe.1.dr	false		high
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000004.00000002.2181932305.0000000004C46000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2181180675.0000000002AC9000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.certum.pl/ctnca.crl0k	createdump.exe.1.dr	false		high
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000004.00000002.2181932305.0000000004C46000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2181180675.0000000002AC9000.00000004.00000020.00020000.00000000.sdmp	false		high
https://go.micro	powershell.exe, 00000004.00000002.2181932305.0000000005388000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/pscore6lBcq	powershell.exe, 00000004.00000002.2181932305.0000000004AF1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/License	powershell.exe, 00000004.00000002.2184568875.0000000005B5A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/Icon	powershell.exe, 00000004.00000002.2184568875.0000000005B5A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.micj	setup.msi, 5c5709.msi.1.dr	false	Avira URL Cloud: safe	unknown
http://standards.iso.org/ittf/PubliclyAvailableStandards/MPEG-DASH_schema_files/DASH-MPD.xsd	obs-ffmpeg-mux.exe, 0000000B.00000002.2239414986.00007FF8A4AEB000.00000002.00000001.01000000.0000000B.sdmp, avformat-60.dll.1.dr	false		high
http://ccsca2021.crl.certum.pl/ccsca2021.crl0s	createdump.exe.1.dr	false		high
https://kansascityseor.com/updater.phpx	setup.msi, 5c5709.msi.1.dr	false	Avira URL Cloud: safe	unknown
https://www.certum.pl/CPS0	createdump.exe.1.dr	false		high
https://github.com/Pester/Pester	powershell.exe, 00000004.00000002.2181932305.0000000004C46000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2181180675.0000000002AC9000.00000004.00000020.00020000.00000000.sdmp	false		high
http://repository.certum.pl/ccsca2021.cer0	createdump.exe.1.dr	false		high
https://github.com/google/googletest/	utest.dll.1.dr	false		high
http://repository.certum.pl/ctsca2021.cer0	createdump.exe.1.dr	false		high
https://streams.videolan.org/upload/	obs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmp	false		high
http://subca.ocsp-certum.com05	createdump.exe.1.dr	false		high
http://www.zlib.net/D	zlib.dll.1.dr	false		high
http://subca.ocsp-certum.com02	createdump.exe.1.dr	false		high
http://subca.ocsp-certum.com01	createdump.exe.1.dr	false		high
http://www.videolan.org/x264.html	obs-ffmpeg-mux.exe, 0000000B.00000002.2242775751.00007FF8A6CC0000.00000002.00000001.01000000.00000009.sdmp	false		high
https://contoso.com/	powershell.exe, 00000004.00000002.2184568875.0000000005B5A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://nuget.org/nuget.exe	powershell.exe, 00000004.00000002.2184568875.0000000005B5A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://dashif.org/guidelines/trickmode	obs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 0000000B.00000002.2239414986.00007FF8A4AEB000.00000002.00000001.01000000.0000000B.sdmp, avformat-60.dll.1.dr	false	Avira URL Cloud: safe	unknown
http://crl.certum.pl/ctnca2.crl0l	createdump.exe.1.dr	false		high
http://repository.certum.pl/ctnca2.cer09	createdump.exe.1.dr	false		high
http://ccsca2021.ocsp-certum.com05	createdump.exe.1.dr	false	Avira URL Cloud: safe	unknown
https://aka.ms/winui2/webview2download/Reload():	setup.msi	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000004.00000002.2181932305.0000000004AF1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.certum.pl/CPS0	createdump.exe.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
188.114.97.3	kansascityseor.com	European Union		13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1582857
Start date and time:	2024-12-31 17:08:24 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 21s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	setup.msi
Detection:	MAL
Classification:	mal68.evad.winMSI@17/88@1/1
EGA Information:	Successful, ratio: 33.3%
HCA Information:	Successful, ratio: 100% Number of executed functions: 14 Number of non-executed functions: 272
Cookbook Comments:	Found application associated with file extension: .msi

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 13.107.246.45, 20.109.210.53
Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target obs-ffmpeg-mux.exe, PID 6728 because there are no executed function
Execution Graph export aborted for target powershell.exe, PID 6672 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.

Simulations

Behavior and APIs

Time	Type	Description
11:09:28	API Interceptor	6x Sleep call for process: powershell.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
188.114.97.3	RFQ 3100185 MAHAD.exe	Get hash	malicious	FormBook	Browse	www.rgenerousrs.store/o362/
	A2028041200SD.exe	Get hash	malicious	FormBook	Browse	www.beylikduzu616161.xyz/2nga/
	Delivery_Notification_00000260791.doc.js	Get hash	malicious	Unknown	Browse	radostdetym.ru/?ad=1JXSXybzEjjRJQDbVngTy7d8kEFAxmgmDN&id=rWoA9pTQhV1o4c5fjbOa-d26BGh3QU3-Bk0PqI4WnzM-5vl4IqKPymhrqkRpunF_PTHktMR-2qUlNAtnXA&rnd=45
	ce.vbs	Get hash	malicious	Unknown	Browse	paste.ee/d/lxvbq
	Label_00000852555.doc.js	Get hash	malicious	Unknown	Browse	tamilandth.com/counter/?ad=1GNktTwWR98eDEMovFNDqyUPsyEdCxKRzC&id=LWkA9pJQhl9uXU1kaDN-eSC-55GNxzVDsLXZhtXL8Pr1j1FTCf4XAYGxA0VCjCQra2XwotFrDHGSYxM&rnd=25
	PO 20495088.exe	Get hash	malicious	FormBook	Browse	www.ssrnoremt-rise.sbs/3jsc/
	QUOTATION_NOVQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	filetransfer.io/data-package/zWkbOqX7/download
	http://kklk16.bsyo45ksda.top	Get hash	malicious	Unknown	Browse	kklk16.bsyo45ksda.top/favicon.ico
	gusetup.exe	Get hash	malicious	Unknown	Browse	www.glarysoft.com/update/glary-utilities/pro/pro50/
	Online Interview Scheduling Form.lnk	Get hash	malicious	Ducktail	Browse	gmtagency.online/api/check

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	over.ps1	Get hash	malicious	Vidar	Browse	172.64.41.3
	NL Hybrid.exe	Get hash	malicious	Titanium Proxy, PureLog Stealer	Browse	172.67.217.81
	http://trezorbridge.org/	Get hash	malicious	Unknown	Browse	104.16.79.73
	http://knoxoms.com	Get hash	malicious	Unknown	Browse	188.114.97.3
	EdYEXasNiR.exe	Get hash	malicious	LummaC, Amadey, Babadeda, LummaC Stealer, Stealc, Vidar	Browse	188.114.96.3
	SMmAznmdAa.exe	Get hash	malicious	LummaC	Browse	104.21.48.1
	DypA6KbLrn.lnk	Get hash	malicious	Unknown	Browse	104.21.87.65
	IOnqEVA4Dz.lnk	Get hash	malicious	Unknown	Browse	172.67.129.82
	HngJMpDqxP.lnk	Get hash	malicious	Unknown	Browse	188.114.97.3
	https://br.custmercompa.de/	Get hash	malicious	Unknown	Browse	172.67.139.222

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	over.ps1	Get hash	malicious	Vidar	Browse	188.114.97.3
	MatAugust.exe	Get hash	malicious	Vidar	Browse	188.114.97.3
	DypA6KbLrn.lnk	Get hash	malicious	Unknown	Browse	188.114.97.3
	IOnqEVA4Dz.lnk	Get hash	malicious	Unknown	Browse	188.114.97.3
	HngJMpDqxP.lnk	Get hash	malicious	Unknown	Browse	188.114.97.3
	setup.msi	Get hash	malicious	Unknown	Browse	188.114.97.3
	GYede3Gwn0.lnk	Get hash	malicious	Unknown	Browse	188.114.97.3
	6684V5n83w.exe	Get hash	malicious	Vidar	Browse	188.114.97.3
	heteronymous.vbs	Get hash	malicious	Remcos, GuLoader	Browse	188.114.97.3
	zku4YyCG6L.exe	Get hash	malicious	Unknown	Browse	188.114.97.3

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\BCUninstaller.exe	setup.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	48.252.190.9.zip	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	TrdIE26br9.msi	Get hash	malicious	Unknown	Browse
	b8ygJBG5cb.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	installer.msi	Get hash	malicious	Unknown	Browse
C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\UnRar.exe	setup.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	48.252.190.9.zip	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	TrdIE26br9.msi	Get hash	malicious	Unknown	Browse
	b8ygJBG5cb.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	installer.msi	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Config.Msi\5c570b.rbs

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	modified
Size (bytes):	20759
Entropy (8bit):	5.817268805110119
Encrypted:	false
SSDEEP:	384:1pLpzPtMtEu2Rws+U78xx7j7N+HnU5bFyuLDSW8AFuhWKZ1WsSkHkpdttHQEwuEo:1pLpzPtMtEu2Rws+U78xx7j7N+HnU5bz
MD5:	4798A980F615653C188CAFA0750F3DBB
SHA1:	78EC91F21C80CBCA87AE1C69EFA39C6726A22871
SHA-256:	CD6B4A63AB7421B3CB680CDF03662716C527A8A08745882FE4B46411572BA5BD
SHA-512:	DFD034C7129AECB157676F352ADF6373BCBDB543AC08387A624DF03D06286D4E60C712F584E0DA58F433131B2F1C068678FB2ED6733F4524D6EA086532C4AB60
Malicious:	false
Preview:	...@IXOS.@.....@/Y.Y.@.....@.....@.....@.....@.....@......&.{5B7114EE-00D6-44D7-B716-410C9ADE9DAB}..Strave App..setup.msi.@.....@.....@.....@......icon_24.exe..&.{5BEA70BD-B5E4-40DD-8B1F-5C981F77F6D6}.....@.....@.....@.....@.......@.....@.....@.......@......Strave App......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{F39C344E-A83E-4760-8DA8-F27602095B4F}&.{5B7114EE-00D6-44D7-B716-410C9ADE9DAB}.@......&.{BC83E781-7DE2-47A8-97C3-2E6CC9BCAD82}&.{5B7114EE-00D6-44D7-B716-410C9ADE9DAB}.@......&.{279C32E3-A00A-4513-9A8B-D3984A41A6FB}&.{5B7114EE-00D6-44D7-B716-410C9ADE9DAB}.@......&.{B61B35E4-8BE1-4171-B69B-E2423CE9179F}&.{5B7114EE-00D6-44D7-B716-410C9ADE9DAB}.@......&.{FDDB96EE-847D-4B25-85B1-65E662CF63A8}&.{5B7114EE-00D6-44D7-B716-410C9ADE9DAB}.@......&.{9608D8ED-8EC6-4540-B232-4A823606F862}&.{5B7114EE-00D6-44D7-B716-410C9ADE9DAB}.@......&.{17B6E8D6-C004-40DB-BB2D-125D7C1CC21E}&.{5B7114EE-00D6-44

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	5.415059038751397
Encrypted:	false
SSDEEP:	24:3Uyt3WSKco4KmZjKbm51s4RPT6moUebIKo+mZ9t7J0gt/NK3R82r+SVbR:ky9WSU4xymI4RfoUeW+mZ9tK8NWR82jD
MD5:	FD6EFA8F14C5DC6D31919F10350E7E37
SHA1:	19C81E14CD96499CA522E985EF49006061DDE189
SHA-256:	9BCB3D1FF78418525F66B02DAD61C5A09975BF673C27EBD9EAB7AF1B3CACBCBE
SHA-512:	EF44DB604F1990F96A422C4937D87CFA31C0793BC1E5B03EABFD464480633EACBB286A7DD31EE3250DCAC55585DC7E55EB4E504D44973A4E66D7A3AC13E4D0EA
Malicious:	false
Preview:	@...e.................................^..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...\|...........System.Configuration4.................%...K... ...........System.Xml..L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_han1tlwj.eeq.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vriwzcc3.0rk.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\msi8676.txt

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	Unicode text, UTF-16, little-endian text, with no line terminators
Category:	dropped
Size (bytes):	100
Entropy (8bit):	3.0073551160284637
Encrypted:	false
SSDEEP:	3:Q0JUINRYplflrOdlVWNlANf5Yplf955:Q0JB0LJOn03ANqLN
MD5:	7A131AC8F407D08D1649D8B66D73C3B0
SHA1:	D93E1B78B1289FB51E791E524162D69D19753F22
SHA-256:	9ACBF0D3EEF230CC2D5A394CA5657AE42F3E369292DA663E2537A278A811FF5B
SHA-512:	47B6FF38B4DF0845A83F17E0FE889747A478746E1E7F17926A5CCAC1DD39C71D93F05A88E0EC176C1E5D752F85D4BDCFFB5C64125D1BA92ACC91D03D6031848D
Malicious:	true
Preview:	..Q.u.i.t.e.S.e.s. .:.<.-.>.:. . .<.<.:.>.>. .E.x.t.e.n.d.E.x.p.i.r.e. .:.<.-.>.:. .0. .<.<.:.>.>. .

C:\Users\user\AppData\Local\Temp\pss8679.ps1

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6668
Entropy (8bit):	3.5127462716425657
Encrypted:	false
SSDEEP:	96:5Wb5VNkKmeHn/V2BVrIovmgNlGjxcj6BngOcvjb:5WbyZ/gVyvb
MD5:	30C30EF2CB47E35101D13402B5661179
SHA1:	25696B2AAB86A9233F19017539E2DD83B2F75D4E
SHA-256:	53094DF6FA4E57A3265FF04BC1E970C10BCDB3D4094AD6DD610C05B7A8B79E0F
SHA-512:	882BE2768138BB75FF7DDE7D5CA4C2E024699398BAACD0CE1D4619902402E054297E4F464D8CB3C22B2F35D3DABC408122C207FACAD64EC8014F2C54834CF458
Malicious:	true
Preview:	..p.a.r.a.m.(..... . .[.a.l.i.a.s.(.".p.r.o.p.F.i.l.e.".).]. . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.O.u.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".p.r.o.p.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.K.V.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".l.i.n.e.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.L.i.n.e.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.F.i.l.e.".).]. . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.A.r.g.s.F.i.l.e.".).].[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.f.a.l.s.e.).].[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.A.r.g.s.F.i.l.e.P.a.t.h..... .,.[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. . . . . . . . . . . . . . . . . . . . . . . . . .

C:\Users\user\AppData\Local\Temp\scr8677.ps1

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	254
Entropy (8bit):	3.555045878547657
Encrypted:	false
SSDEEP:	6:QfFok79idK3fOlFogltHN+KiVmMXFVrMTlP1LlG7JidK3falnUOn03AnfInO:QfF3KvogM/XFVrMTQNeFUr3+
MD5:	E8A84AE0A0597E0C4FBB7FA36F7D0CA7
SHA1:	B97096DF7801FA5F91542F0F9A70616DD5D49B03
SHA-256:	9F2D8F053895BF9377A4686714833304E87A4E926B7581599D44B45380B5DFDE
SHA-512:	83960868B8DBFFEF2B3EE557AD89BB18CF80043FEB2A7BFDB0630F32A1870585158E4F4B367C72BBFDD760A586E5D1FEB73192C0E769507A6ED81E90BF4925EB
Malicious:	true
Preview:	..$.o.i.g.n.q.p. .=. .A.I._.G.e.t.M.s.i.P.r.o.p.e.r.t.y. .".Q.u.i.t.e.S.e.s.".....$.a.v.o.i.j.g. .=. .[.u.i.n.t.3.2.].(.$.o.i.g.n.q.p. .-.r.e.p.l.a.c.e. .'.t.'.,. .'.'.).....A.I._.S.e.t.M.s.i.P.r.o.p.e.r.t.y. .".E.x.t.e.n.d.E.x.p.i.r.e.". .$.a.v.o.i.j.g.

C:\Users\user\AppData\Roaming\Microsoft\Installer\{5B7114EE-00D6-44D7-B716-410C9ADE9DAB}\icon_24.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows icon resource - 9 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
Category:	dropped
Size (bytes):	195906
Entropy (8bit):	4.669224805215773
Encrypted:	false
SSDEEP:	1536:k1Z0Ceau0a/r3NLZZOjjDcC7uFFy9Z8YJNs9Z7E9ykl:k1Z0vZXJZYDFufyXbJNCcr
MD5:	E40B08C6FF5F07916B45741B7D0C5E87
SHA1:	94C2357A59BAA3B537993F570CEA03EC51C1917B
SHA-256:	131ABD59B7D4B6177F2815E8CEB0F3DA325CB1074AEFBE99F61A382F1895AF44
SHA-512:	FA8453DD4936F772381E50533CD91DB8857F1A608CEB91F225300FC4E9DE8475EB416A3682D0C85829058570EBB9BBDF18CC650D36FA87E13BC262C827D0C695
Malicious:	false
Preview:	............ .............. .(.......``.... .........HH.... ..T..R"..@@.... .(B...v..00.... ..%...... .... ............... .....R......... .h........PNG........IHDR.............\r.f....pHYs..........o.d.. .IDATx..yx.e.>\|.Ug?Y.N..d%...6M."....".=......v..f....5}..3.b.h#v..".....b.(...@.}..........8kr...}]\".N.[u.y.g....\|....\|....\|....\|....\|....\|....\|...[..F/......h4..h$...5.....Z.f..J%322...... .p...\HH.l6.a..c.............rC>.8\|..&..;....f.Y.q....a.?.e.x..eY6F....a..DBH...F....@..R.\v.!...QJ[....(...Z.!.@#!d.R..l'!.3..V........s3..\|..\|.`.b..LSS...._A.Q.....@. ...2.o...J)C.a(...B.a.s.B......>N.......PB.O..(.m...t..P.0L...^&..p.g.....<x..g...S......2.L..h4..a.y..#.,..A.I..@)..`.!.!.qv>W...D...Z.R...cLA..Z.\|G)..p.a.J..8..t..9......S.7.EEEZ..Q.I..;.AXJ.Y.0L....0......8Z#.....B,..J...e...p..~???...n..+...)...7.[[[.4.M0.%..{(........jA.m..)...A.x.).+.."....\|E...y.p..q..Y.m....a....CBB.,..0.s/...q.^.@1Q@nvaw.W./..#.p...J.Q.e..B..,;..._.o.Ro.....`...^....ls.!......

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\BCUninstaller.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	310928
Entropy (8bit):	6.001677789306043
Encrypted:	false
SSDEEP:	3072:Zczkitvo4BpYN/6mBPry8TXROLdW5m4mURs9OOGC0kvxVCd7wANmSrvlPSIB0P+4:ZA4NCmBPry/N24OOjVxM7RNrrvEc0a
MD5:	147B71C906F421AC77F534821F80A0C6
SHA1:	3381128CA482A62333E20D0293FDA50DC5893323
SHA-256:	7DCD48CEF4CC4C249F39A373A63BBA97C66F4D8AFDBE3BAB196FD452A58290B2
SHA-512:	2FCD2127D9005D66431DD8C9BD5BC60A148D6F3DFE4B80B82672AFD0D148F308377A0C38D55CA58002E5380D412CE18BD0061CB3B12F4DAA90E0174144EA20C8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: setup.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: 48.252.190.9.zip, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: TrdIE26br9.msi, Detection: malicious, Browse Filename: b8ygJBG5cb.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: installer.msi, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8.}\|...\|...\|....../p....../v....../1...u.a.l....../u...\|........./v....../}...Rich\|...........PE..d...i..d..........".................`<.........@..........................................`.................................................t$...........S...`..@........(..............T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data........@......................@....pdata..@....`.......&..............@..@_RDATA...............<..............@..@.rsrc....S.......T...>..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\UnRar.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	506008
Entropy (8bit):	6.4284173495366845
Encrypted:	false
SSDEEP:	6144:yY8mmN3YWYGAj9JwXScp39ioIKzKVEKfr01//bbh3S62Wt3A3ksFqXqjh6AusDyn:yY8XiWYGAkXh3Qqia/zAot3A6AhezSpK
MD5:	98CCD44353F7BC5BAD1BC6BA9AE0CD68
SHA1:	76A4E5BF8D298800C886D29F85EE629E7726052D
SHA-256:	E51021F6CB20EFBD2169F2A2DA10CE1ABCA58B4F5F30FBF4BAE931E4ECAAC99B
SHA-512:	D6E8146A1055A59CBA5E2AAF47F6CB184ACDBE28E42EC3DAEBF1961A91CEC5904554D9D433EBF943DD3639C239EF11560FA49F00E1CFF02E11CD8D3506C4125F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: setup.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: 48.252.190.9.zip, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: TrdIE26br9.msi, Detection: malicious, Browse Filename: b8ygJBG5cb.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: installer.msi, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g.}............\|.&.....\|.$.J...\|.%.....H}*.....H}./....H}./.....~P.....H}./.....~D.........z...F}./....F}(.....F}./....Rich............PE..d.....@f.........."....!.b.....................@.....................................'....`.................................................\|...........H........4.......(......8...0I..T....................J..(....G..@............................................text....a.......b.................. ..`.rdata...3.......4...f..............@..@.data...............................@....pdata...4.......6..................@..@_RDATA..\...........................@..@.rsrc...H...........................@..@.reloc..8...........................@..B................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-console-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12224
Entropy (8bit):	6.596101286914553
Encrypted:	false
SSDEEP:	192:4nWYhWxWWFYg7VWQ4uWjXUtpwBqnajrmaaGJ:2WYhWvZqlQGJ
MD5:	919E653868A3D9F0C9865941573025DF
SHA1:	EFF2D4FF97E2B8D7ED0E456CB53B74199118A2E2
SHA-256:	2AFBFA1D77969D0F4CEE4547870355498D5C1DA81D241E09556D0BD1D6230F8C
SHA-512:	6AEC9D7767EB82EBC893EBD97D499DEBFF8DA130817B6BB4BCB5EB5DE1B074898F87DB4F6C48B50052D4F8A027B3A707CAD9D7ED5837A6DD9B53642B8A168932
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...Y.=i.........." .........................................................0......a.....`.........................................`...,............ ...................!..............T............................................................................rdata..P...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-console-l1-2-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12224
Entropy (8bit):	6.640081558424349
Encrypted:	false
SSDEEP:	192:iTWYhWyWWFYg7VWQ4uWq6Cu87ZqnajgnLSyu:sWYhWi1XHllk2yu
MD5:	7676560D0E9BC1EE9502D2F920D2892F
SHA1:	4A7A7A99900E41FF8A359CA85949ACD828DDB068
SHA-256:	00942431C2D3193061C7F4DC340E8446BFDBF792A7489F60349299DFF689C2F9
SHA-512:	F1E8DB9AD44CD1AA991B9ED0E000C58978EB60B3B7D9908B6EB78E8146E9E12590B0014FC4A97BC490FFE378C0BF59A6E02109BFD8A01C3B6D0D653A5B612D15
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....y1..........." .........................................................0...........`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-datetime-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11712
Entropy (8bit):	6.6023398138369505
Encrypted:	false
SSDEEP:	192:5WYhWYWWFYg7VWQ4SWSS/njxceXqnajLJ35H:5WYhW4gjmAlnJpH
MD5:	AC51E3459E8FCE2A646A6AD4A2E220B9
SHA1:	60CF810B7AD8F460D0B8783CE5E5BBCD61C82F1A
SHA-256:	77577F35D3A61217EA70F21398E178F8749455689DB52A2B35A85F9B54C79638
SHA-512:	6239240D4F4FA64FC771370FB25A16269F91A59A81A99A6A021B8F57CA93D6BB3B3FCECC8DEDE0EF7914652A2C85D84D774F13A4143536A3F986487A776A2EAE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....Ab.........." .........................................................0......d.....`.........................................`................ ...................!..............T............................................................................rdata..4...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-debug-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.614262942006268
Encrypted:	false
SSDEEP:	192:4WYhWFsWWFYg7VWQ4eWZzAR/BVrqnajcJH:4WYhWFMJRLlA5
MD5:	B0E0678DDC403EFFC7CDC69AE6D641FB
SHA1:	C1A4CE4DED47740D3518CD1FF9E9CE277D959335
SHA-256:	45E48320ABE6E3C6079F3F6B84636920A367989A88F9BA6847F88C210D972CF1
SHA-512:	2BADF761A0614D09A60D0ABB6289EBCBFA3BF69425640EB8494571AFD569C8695AE20130AAC0E1025E8739D76A9BFF2EFC9B4358B49EFE162B2773BE9C3E2AD4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-errorhandling-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.654155040985372
Encrypted:	false
SSDEEP:	192:imxD3vEWYhWnWWFYg7VWQ4eWMOwNbDXbBqnaj0qJm8:iIEWYhWFpLbBlwqJm
MD5:	94788729C9E7B9C888F4E323A27AB548
SHA1:	B0BA0C4CF1D8B2B94532AA1880310F28E87756EC
SHA-256:	ACCDD7455FB6D02FE298B987AD412E00D0B8E6F5FB10B52826367E7358AE1187
SHA-512:	AB65495B1D0DD261F2669E04DC18A8DA8F837B9AC622FC69FDE271FF5E6AA958B1544EDD8988F017D3DD83454756812C927A7702B1ED71247E506530A11F21C6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....:.[.........." .........................................................0......~.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	15304
Entropy (8bit):	6.548897063441128
Encrypted:	false
SSDEEP:	192:+AuVYPvVX8rFTsRWYhWyWWFYg7VWQ4eWQBAW+JSdqnajeMoLR9au:TBPvVXLWYhWiBdlaLFAu
MD5:	580D9EA2308FC2D2D2054A79EA63227C
SHA1:	04B3F21CBBA6D59A61CD839AE3192EA111856F65
SHA-256:	7CB0396229C3DA434482A5EF929D3A2C392791712242C9693F06BAA78948EF66
SHA-512:	97C1D3F4F9ADD03F21C6B3517E1D88D1BF9A8733D7BDCA1AECBA9E238D58FF35780C4D865461CC7CD29E9480B3B3B60864ABB664DCDC6F691383D0B281C33369
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................@............`.........................................`................0...................!..............T............................................................................rdata..(...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l1-2-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11712
Entropy (8bit):	6.622041192039296
Encrypted:	false
SSDEEP:	192:dzWYhW1sWWFYg7VWQ4yWL3sQlmqnajlD4h1N:BWYhW2e6l94h1N
MD5:	35BC1F1C6FBCCEC7EB8819178EF67664
SHA1:	BBCAD0148FF008E984A75937AADDF1EF6FDA5E0C
SHA-256:	7A3C5167731238CF262F749AA46AB3BFB2AE1B22191B76E28E1D7499D28C24B7
SHA-512:	9AB9B5B12215E57AF5B3C588ED5003D978071DC591ED18C78C4563381A132EDB7B2C508A8B75B4F1ED8823118D23C88EDA453CD4B42B9020463416F8F6832A3D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......./....`.........................................`...L............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l2-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.730719514840594
Encrypted:	false
SSDEEP:	192:/VyWYhWjAWWFYg7VWQ4eWiuNwzNbDXbBqnaj0q:/VyWYhW8g+LbBlwq
MD5:	3BF4406DE02AA148F460E5D709F4F67D
SHA1:	89B28107C39BB216DA00507FFD8ADB7838D883F6
SHA-256:	349A79FA1572E3538DFBB942610D8C47D03E8A41B98897BC02EC7E897D05237E
SHA-512:	5FF6E8AD602D9E31AC88E06A6FBB54303C57D011C388F46D957AEE8CD3B7D7CCED8B6BFA821FF347ADE62F7359ACB1FBA9EE181527F349C03D295BDB74EFBACE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-handle-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.626458901834476
Encrypted:	false
SSDEEP:	192:P9RWYhWEWWFYg7VWQ4eWncTjxceXqnajLJS:LWYhWk3TjmAlnJS
MD5:	BBAFA10627AF6DFAE5ED6E4AEAE57B2A
SHA1:	3094832B393416F212DB9107ADD80A6E93A37947
SHA-256:	C78A1217F8DCB157D1A66B80348DA48EBDBBEDCEA1D487FC393191C05AAD476D
SHA-512:	D5FCBA2314FFE7FF6E8B350D65A2CDD99CA95EA36B71B861733BC1ED6B6BB4D85D4B1C4C4DE2769FBF90D4100B343C250347D9ED1425F4A6C3FE6A20AED01F17
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...>G.j.........." .........................................................0............`.........................................`...`............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-heap-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.577869728469469
Encrypted:	false
SSDEEP:	192:5t6DjZlTIWYhWsWWFYg7VWQ4eW4MtkR/BVrqnajc:5t6Dll0WYhWMqkRLlA
MD5:	3A4B6B36470BAD66621542F6D0D153AB
SHA1:	5005454BA8E13BAC64189C7A8416ECC1E3834DC6
SHA-256:	2E981EE04F35C0E0B7C58282B70DCC9FC0318F20F900607DAE7A0D40B36E80AF
SHA-512:	84B00167ABE67F6B58341045012723EF4839C1DFC0D8F7242370C4AD9FABBE4FEEFE73F9C6F7953EAE30422E0E743DC62503A0E8F7449E11C5820F2DFCA89294
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......M.....`.........................................`................ ...................!..............T............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-interlocked-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11712
Entropy (8bit):	6.6496318655699795
Encrypted:	false
SSDEEP:	192:nWYhWNWWFYg7VWQ4uWtGDlR/BVrqnajcU8:nWYhWLJDlRLlAU8
MD5:	A038716D7BBD490378B26642C0C18E94
SHA1:	29CD67219B65339B637A1716A78221915CEB4370
SHA-256:	B02324C49DD039FA889B4647331AA9AC65E5ADC0CC06B26F9F086E2654FF9F08
SHA-512:	43CB12D715DDA4DCDB131D99127417A71A16E4491BC2D5723F63A1C6DFABE578553BC9DC8CF8EFFAE4A6BE3E65422EC82079396E9A4D766BF91681BDBD7837B1
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...*............." .........................................................0......-.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-libraryloader-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12736
Entropy (8bit):	6.587452239016064
Encrypted:	false
SSDEEP:	192:FvuBL3BBLZWYhWxWWFYg7VWQ4uW4g0jrQYcunYqnajv9Ml:FvuBL3BPWYhWv8jYulhMl
MD5:	D75144FCB3897425A855A270331E38C9
SHA1:	132C9ADE61D574AA318E835EB78C4CCCDDEFDEA2
SHA-256:	08484ED55E43584068C337281E2C577CF984BB504871B3156DE11C7CC1EEC38F
SHA-512:	295A6699529D6B173F686C9BBB412F38D646C66AAB329EAC4C36713FDD32A3728B9C929F9DCADDE562F625FB80BC79026A52772141AD2080A0C9797305ADFF2E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0......V`....`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-localization-l1-2-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14280
Entropy (8bit):	6.658205945107734
Encrypted:	false
SSDEEP:	384:NOMw3zdp3bwjGzue9/0jCRrndbwNWYhW6WAulh2:NOMwBprwjGzue9/0jCRrndbw5D
MD5:	8ACB83D102DABD9A5017A94239A2B0C6
SHA1:	9B43A40A7B498E02F96107E1524FE2F4112D36AE
SHA-256:	059CB23FDCF4D80B92E3DA29E9EF4C322EDF6FBA9A1837978FD983E9BDFC7413
SHA-512:	B7ECF60E20098EA509B76B1CC308A954A6EDE8D836BF709790CE7D4BD1B85B84CF5F3AEDF55AF225D2D21FBD3065D01AA201DAE6C131B8E1E3AA80ED6FC910A4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......._....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-memory-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12224
Entropy (8bit):	6.621310788423453
Encrypted:	false
SSDEEP:	96:qo1aCFEWYhWwp/DEs39DHDs35FrsvYgmr0DD0ADEs3TDL2L4m2grMWaLNpDEs3OC:teWYhWVWWFYg7VWQ4yWwAKZRqnajl6x7
MD5:	808F1CB8F155E871A33D85510A360E9E
SHA1:	C6251ABFF887789F1F4FC6B9D85705788379D149
SHA-256:	DADBD2204B015E81F94C537AC7A36CD39F82D7C366C193062210C7288BAA19E3
SHA-512:	441F36CA196E1C773FADF17A0F64C2BBDC6AF22B8756A4A576E6B8469B4267E942571A0AE81F4B2230B8DE55702F2E1260E8D0AFD5447F2EA52F467F4CAA9BC6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...f092.........." .........................................................0............`.........................................`...l............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-namedpipe-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.7263193693903345
Encrypted:	false
SSDEEP:	192:cWYhWZSWWFYg7VWQ4eWkcc7ZqnajgnLSp:cWYhW84cllk2p
MD5:	CFF476BB11CC50C41D8D3BF5183D07EC
SHA1:	71E0036364FD49E3E535093E665F15E05A3BDE8F
SHA-256:	B57E70798AF248F91C8C46A3F3B2952EFFAE92CA8EF9640C952467BC6726F363
SHA-512:	7A87E4EE08169E9390D0DFE607E9A220DC7963F9B4C2CDC2F8C33D706E90DC405FBEE00DDC4943794FB502D9882B21FAAE3486BC66B97348121AE665AE58B01C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....%..........." .........................................................0......[.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processenvironment-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12744
Entropy (8bit):	6.601327134572443
Encrypted:	false
SSDEEP:	192:qKWYhWbWWFYg7VWQ4eWYoWjxceXqnajLJe:qKWYhWJ4WjmAlnJe
MD5:	F43286B695326FC0C20704F0EEBFDEA6
SHA1:	3E0189D2A1968D7F54E721B1C8949487EF11B871
SHA-256:	AA415DB99828F30A396CBD4E53C94096DB89756C88A19D8564F0EED0674ADD43
SHA-512:	6EAD35348477A08F48A9DEB94D26DA5F4E4683E36F0A46117B078311235C8B9B40C17259C2671A90D1A210F73BF94C9C063404280AC5DD5C7F9971470BEAF8B7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0.......Z....`.........................................`...H............ ...................!..............T............................................................................rdata..x...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processthreads-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14272
Entropy (8bit):	6.519411559704781
Encrypted:	false
SSDEEP:	192:AWXk1JzX9cKSIvWYhWLWWFYg7VWQ4SWW0uI7oinEqnajxMyqY:AWXk1JzNcKSIvWYhW5+uOEle6
MD5:	E173F3AB46096482C4361378F6DCB261
SHA1:	7922932D87D3E32CE708F071C02FB86D33562530
SHA-256:	C9A686030E073975009F993485D362CC31C7F79B683DEF713E667D13E9605A14
SHA-512:	3AAFEFD8A9D7B0C869D0C49E0C23086115FD550B7DC5C75A5B8A8620AD37F36A4C24D2BF269043D81A7448C351FF56CB518EC4E151960D4F6BD655C38AFF547F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...j............." .........................................................0......%C....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processthreads-l1-1-1.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.659079053710614
Encrypted:	false
SSDEEP:	192:NtxDfIeA6WYhW7WWFYg7VWQ4eWpB5ABzR/BVrqnajcb:NtxDfIeA6WYhWp28RLlA
MD5:	9C9B50B204FCB84265810EF1F3C5D70A
SHA1:	0913AB720BD692ABCDB18A2609DF6A7F85D96DB3
SHA-256:	25A99BDF8BF4D16077DC30DD9FFEF7BB5A2CEAF9AFCEE7CF52AD408355239D40
SHA-512:	EA2D22234E587AD9FA255D9F57907CC14327EAD917FDEDE8B0A38516E7C7A08C4172349C8A7479EC55D1976A37E520628006F5C362F6A3EC76EC87978C4469CD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......6y....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-profile-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11200
Entropy (8bit):	6.7627840671368835
Encrypted:	false
SSDEEP:	192:clIHyZ36WYhWulWWFYg7VWQ4yWqeQDbLtsQlmqnajlDC:clIHyZKWYhWKhlbp6l9C
MD5:	0233F97324AAAA048F705D999244BC71
SHA1:	5427D57D0354A103D4BB8B655C31E3189192FC6A
SHA-256:	42F4E84073CF876BBAB9DD42FD87124A4BA10BB0B59D2C3031CB2B2DA7140594
SHA-512:	8339F3C0D824204B541AECBD5AD0D72B35EAF6717C3F547E0FD945656BCB2D52E9BD645E14893B3F599ED8F2DE6D3BCBEBF3B23ED43203599AF7AFA5A4000311
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....f............" .........................................................0.......>....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-rtlsupport-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12224
Entropy (8bit):	6.590253878523919
Encrypted:	false
SSDEEP:	192:4GeVvXK9WYhW1WWFYg7VWQ4yWj6k50IsQlmqnajlDl:4GeVy9WYhWzVk6l9l
MD5:	E1BA66696901CF9B456559861F92786E
SHA1:	D28266C7EDE971DC875360EB1F5EA8571693603E
SHA-256:	02D987EBA4A65509A2DF8ED5DD0B1A0578966E624FCF5806614ECE88A817499F
SHA-512:	08638A0DD0FB6125F4AB56E35D707655F48AE1AA609004329A0E25C13D2E71CB3EDB319726F10B8F6D70A99F1E0848B229A37A9AB5427BFEE69CD890EDFB89D2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...._............" .........................................................0.......S....`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-string-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.672720452347989
Encrypted:	false
SSDEEP:	192:byMvQWYhW5fWWFYg7VWQ4eWio3gDwcunYqnajv9JS:byMvQWYhW/BXwulhw
MD5:	7A15B909B6B11A3BE6458604B2FF6F5E
SHA1:	0FEB824D22B6BEEB97BCE58225688CB84AC809C7
SHA-256:	9447218CC4AB1A2C012629AAAE8D1C8A428A99184B011BCC766792AF5891E234
SHA-512:	D01DD566FF906AAD2379A46516E6D060855558C3027CE3B991056244A8EDD09CE29EACEC5EE70CEEA326DED7FC2683AE04C87F0E189EBA0E1D38C06685B743C9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....<.........." .........................................................0.......g....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-synch-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13760
Entropy (8bit):	6.575688560984027
Encrypted:	false
SSDEEP:	192:L1dv3V0dfpkXc2MAvVaoKKDWYhWTJWWFYg7VWQ4uWoSUtpwBqnajrmaaGWpmJ:Zdv3V0dfpkXc0vVaeWYhWj/qlQGWpmJ
MD5:	6C3FCD71A6A1A39EAB3E5C2FD72172CD
SHA1:	15B55097E54028D1466E46FEBCA1DBB8DBEFEA4F
SHA-256:	A31A15BED26232A178BA7ECB8C8AA9487C3287BB7909952FC06ED0D2C795DB26
SHA-512:	EF1C14965E5974754CC6A9B94A4FA5107E89966CB2E584CE71BBBDD2D9DC0C0536CCC9D488C06FA828D3627206E7D9CC8065C45C6FB0C9121962CCBECB063D4F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0............`.........................................`...X............ ...................!..............T............................................................................rdata..\|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-synch-l1-2-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.70261983917014
Encrypted:	false
SSDEEP:	192:ztZ3XWYhW3WWFYg7VWQ4eWNnpit7ZqnajgnLSl:ztZ3XWYhWVg+llk2
MD5:	D175430EFF058838CEE2E334951F6C9C
SHA1:	7F17FBDCEF12042D215828C1D6675E483A4C62B1
SHA-256:	1C72AC404781A9986D8EDEB0EE5DD39D2C27CE505683CA3324C0ECCD6193610A
SHA-512:	6076086082E3E824309BA2C178E95570A34ECE6F2339BE500B8B0A51F0F316B39A4C8D70898C4D50F89F3F43D65C5EBBEC3094A47D91677399802F327287D43B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......G.....`.........................................`...x............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-sysinfo-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12744
Entropy (8bit):	6.599515320379107
Encrypted:	false
SSDEEP:	192:fKIMFFyWYhW6WWFYg7VWQ4eWoVjxceXqnajLJ4:fcyWYhWKRjmAlnJ4
MD5:	9D43B5E3C7C529425EDF1183511C29E4
SHA1:	07CE4B878C25B2D9D1C48C462F1623AE3821FCEF
SHA-256:	19C78EF5BA470C5B295DDDEE9244CBD07D0368C5743B02A16D375BFB494D3328
SHA-512:	C8A1C581C3E465EFBC3FF06F4636A749B99358CA899E362EA04B3706EAD021C69AE9EA0EFC1115EAE6BBD9CF6723E22518E9BEC21F27DDAAFA3CF18B3A0034A7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r............" .........................................................0............`.........................................`...H............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-timezone-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.690164913578267
Encrypted:	false
SSDEEP:	192:4EWYhWdWWFYg7VWQ4eWvvJ6jxceXqnajLJn:4EWYhWbwYjmAlnJ
MD5:	43E1AE2E432EB99AA4427BB68F8826BB
SHA1:	EEE1747B3ADE5A9B985467512215CAF7E0D4CB9B
SHA-256:	3D798B9C345A507E142E8DACD7FB6C17528CC1453ABFEF2FFA9710D2FA9E032C
SHA-512:	40EC0482F668BDE71AEB4520A0709D3E84F093062BFBD05285E2CC09B19B7492CB96CDD6056281C213AB0560F87BD485EE4D2AEEFA0B285D2D005634C1F3AF0B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....Y$..........." .........................................................0.......d....`.........................................`...H............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-util-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.615761482304143
Encrypted:	false
SSDEEP:	192:dZ89WYhWFWWFYg7VWQ4eW5QLyFqnajziMOci:dZ89WYhWDnolniMOP
MD5:	735636096B86B761DA49EF26A1C7F779
SHA1:	E51FFBDDBF63DDE1B216DCCC753AD810E91ABC58
SHA-256:	5EB724C51EECBA9AC7B8A53861A1D029BF2E6C62251D00F61AC7E2A5F813AAA3
SHA-512:	3D5110F0E5244A58F426FBB72E17444D571141515611E65330ECFEABDCC57AD3A89A1A8B2DC573DA6192212FB65C478D335A86678A883A1A1B68FF88ED624659
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......Xc....`.........................................`...<............ ...................!..............T............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-conio-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12744
Entropy (8bit):	6.627282858694643
Encrypted:	false
SSDEEP:	192:R0WYhWRWWFYg7VWQ4eWLeNxUUtpwBqnajrmaaG:R0WYhWPzjqlQG
MD5:	031DC390780AC08F498E82A5604EF1EB
SHA1:	CF23D59674286D3DC7A3B10CD8689490F583F15F
SHA-256:	B119ADAD588EBCA7F9C88628010D47D68BF6E7DC6050B7E4B787559F131F5EDE
SHA-512:	1468AD9E313E184B5C88FFD79A17C7D458D5603722620B500DBA06E5B831037CD1DD198C8CE2721C3260AB376582F5791958763910E77AA718449B6622D023C7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d..../}..........." .........................................................0......a.....`.........................................0................ ...................!..............T............................................................................rdata.. ...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-convert-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	15816
Entropy (8bit):	6.435326465651674
Encrypted:	false
SSDEEP:	192:JM0wd8dc9cydWYhWyWWFYg7VWQ4eW9jTXfH098uXqnajH/VCf:G0wd8xydWYhWi2bXuXlTV2
MD5:	285DCD72D73559678CFD3ED39F81DDAD
SHA1:	DF22928E43EA6A9A41C1B2B5BFCAB5BA58D2A83A
SHA-256:	6C008BE766C44BF968C9E91CDDC5B472110BEFFEE3106A99532E68C605C78D44
SHA-512:	84EF0A843798FD6BD6246E1D40924BE42550D3EF239DAB6DB4D423B142FA8F691C6F0603687901F1C52898554BF4F48D18D3AEBD47DE935560CDE4906798C39A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...x............." .........................................................@.......5....`.........................................0................0...................!..............T............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-environment-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.5874576656353145
Encrypted:	false
SSDEEP:	192:6KNMWYhW6WWFYg7VWQ4eWSA5lJSdqnajeMh3:6KNMWYhWKiKdlaW
MD5:	5CCE7A5ED4C2EBAF9243B324F6618C0E
SHA1:	FDB5954EE91583A5A4CBB0054FB8B3BF6235EED3
SHA-256:	AA3E3E99964D7F9B89F288DBE30FF18CBC960EE5ADD533EC1B8326FE63787AA3
SHA-512:	FC85A3BE23621145B8DC067290BD66416B6B1566001A799975BF99F0F526935E41A2C8861625E7CFB8539CA0621ED9F46343C04B6C41DB812F58412BE9C8A0DE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...g P..........." .........................................................0............`.........................................0..."............ ...................!..............T............................................................................rdata..R...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-filesystem-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13768
Entropy (8bit):	6.645869978118917
Encrypted:	false
SSDEEP:	192:CGnWlC0i5ClWYhWwWWFYg7VWQ4eWtOUtpwBqnajrmaaGN4P:9nWm5ClWYhWQ8qlQGN6
MD5:	41FBBB054AF69F0141E8FC7480D7F122
SHA1:	3613A572B462845D6478A92A94769885DA0843AF
SHA-256:	974AF1F1A38C02869073B4E7EC4B2A47A6CE8339FA62C549DA6B20668DE6798C
SHA-512:	97FB0A19227887D55905C2D622FBF5451921567F145BE7855F72909EB3027F48A57D8C4D76E98305121B1B0CC1F5F2667EF6109C59A83EA1B3E266934B2EB33C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r..x.........." .........................................................0.......(....`.........................................0................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\avcodec-60.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	37333152
Entropy (8bit):	6.632921864082428
Encrypted:	false
SSDEEP:	393216:LzyCmQCOCLheXbl4MEf+Eidgrpj3xO6FLzq2KHplhrX5:L5WLheXbl4MEf+HgrpjVF6PD5
MD5:	32F56F3E644C4AC8C258022C93E62765
SHA1:	06DFF5904EBBF69551DFA9F92E6CC2FFA9679BA1
SHA-256:	85AF2FB4836145098423E08218AC381110A6519CB559FF6FC7648BA310704315
SHA-512:	CAE2B9E40FF71DDAF76A346C20028867439B5726A16AE1AD5E38E804253DFCF6ED0741095A619D0999728D953F2C375329E86B8DE4A0FCE55A8CDC13946D5AD8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........(........&"...&............P........................................P.......3:...`... ......................................`...........A.....p.......t...X.9.H'.......M..............................(......................P............................text...............................`..`.rodata.0........................... ..`.data...............................@....rdata....X......X.................@..@.pdata..t...........................@..@.xdata..`...........................@..@.bss...................................edata.......`.......\|..............@..@.idata...A.......B..................@....CRT....`..........................@....tls...............................@....rsrc...p..........................@....reloc...M.......N..................@..B........................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\avformat-60.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	5100112
Entropy (8bit):	6.374242928276845
Encrypted:	false
SSDEEP:	49152:WBUp8DPNkkup6GAx9HEekwEfG/66xcPiw+UgAnBM+sVf9d3PWKOyz/Omlc69kXOV:WB/Z16w8idUgfT0b6LnBSpytGyodUl
MD5:	01589E66D46ABCD9ACB739DA4B542CE4
SHA1:	6BF1BD142DF68FA39EF26E2CAE82450FED03ECB6
SHA-256:	9BB4A5F453DA85ACD26C35969C049592A71A7EF3060BFA4EB698361F2EDB37A3
SHA-512:	0527AF5C1E7A5017E223B3CC0343ED5D42EC236D53ECA30D6DECCEB2945AF0C1FBF8C7CE367E87BC10FCD54A77F5801A0D4112F783C3B7E829B2F40897AF8379
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........D..,....&"...&.R4...D.....P.........................................E.....r}N...`... .......................................D.0-....D.hX...PE.......?.......M.H'...`E..e............................>.(.....................D.`............................text....P4......R4.................`..`.data....3...p4..4...V4.............@....rdata...&....4..(....4.............@..@.pdata........?.......?.............@..@.xdata..8{....A..\|...TA.............@..@.bss..........D..........................edata..0-....D.......C.............@..@.idata..hX....D..Z....C.............@....CRT....`....0E......XD.............@....tls.........@E......ZD.............@....rsrc........PE......\D.............@....reloc...e...`E..f...`D.............@..B................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\avutil-58.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	1089600
Entropy (8bit):	6.535744457220272
Encrypted:	false
SSDEEP:	24576:NFUq9wHzADwiB0Bm3k6gz0sA+wLDZyoFNRsKYw:TUdMDwIgm3kpzsNpyoFDsKYw
MD5:	3AAF57892F2D66F4A4F0575C6194F0F8
SHA1:	D65C9143603940EDE756D7363AB6750F6B45AB4E
SHA-256:	9E0D0A05B798DA5D6C38D858CE1AD855C6D68BA2F9822FA3DA16E148E97F9926
SHA-512:	A5F595D9C48B8D5191149D59896694C6DD0E9E1AF782366162D7E3C90C75B2914F6E7AFF384F4B59CA7C5A1ECCCDBF5758E90A6A2B14A8625858A599DCCA429B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........f..X.....&"...&.2...b......P......................................... ......?....`... ......................................0 .xC.... ....... .h.......@>...x..H'.... ............................. Z..(..................... .P............................text....1.......2..................`..`.data........P.......6..............@....rdata...,...`.......8..............@..@.pdata..@>.......@...f..............@..@.xdata...K.......L..................@..@.bss......... ...........................edata..xC...0 ..D..................@..@.idata........ ......6..............@....CRT....`..... ......N..............@....tls.......... ......P..............@....rsrc...h..... ......R..............@....reloc........ ......V..............@..B................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	57488
Entropy (8bit):	6.382541157520703
Encrypted:	false
SSDEEP:	768:eQ6XULhGj8TzwsoeZwVAsuEIBh8v6H3eQdFyN+yghK3m5rR8vSoQuSd:ECVbTGkiE/c+XA3g2L7S
MD5:	71F796B486C7FAF25B9B16233A7CE0CD
SHA1:	21FFC41E62CD5F2EFCC94BAF71BD2659B76D28D3
SHA-256:	B2ACB555E6D5C6933A53E74581FD68D523A60BCD6BD53E4A12D9401579284FFD
SHA-512:	A82EA6FC7E7096C10763F2D821081F1B1AFFA391684B8B47B5071640C8A4772F555B953445664C89A7DFDB528C5D91A9ADDB5D73F4F5E7509C6D58697ED68432
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l............uU.....x.....x.....x....{...........ox....ox9....ox....Rich...........................PE..d......d.........."......f...N......p).........@....................................2.....`.....................................................................P........(......d.......T...............................8............................................text....e.......f.................. ..`.rdata...6.......8...j..............@..@.data...............................@....pdata..P...........................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..d...........................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\iwhgjds.rar

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	RAR archive data, v5
Category:	dropped
Size (bytes):	414206
Entropy (8bit):	7.999579797967773
Encrypted:	true
SSDEEP:	12288:2GGrNFDDiLrieAOW/WLup5RrfXs5sZ6psdHpTRFo:2GqNFqLnQ/We5Rrf5gpsdHD6
MD5:	3369EC99E74F030639BA5BB316B7A1F0
SHA1:	D703EDEC018861DEC872146989E49C756B2043CD
SHA-256:	F452D95C5A69B1E7B00A8BC90711C62EDC8221BE80A61CF73D3A426A0DD00D40
SHA-512:	ADE0797581BEB431153A21C95B7B3F8F9BB98B4AA5D0DA5DFE63198FBED6A34CD8AC87994AE10A58CF497862F46515738E487102A08DCC85C62BC8ABE6472575
Malicious:	false
Preview:	Rar!....C.-.!..........;.;...` !.7<[...pv.?{...f..Z.R]..h.U.)..Fr../A;<.1.... L6..f.B+..\..p...@.......]_?..(..#L..0......3..^.-.5.ht...3..P.%...Zd9b.W..m..5R.{o@1-:4.....B2K..oC...6j....VF.....Y.q.tGA.A.?.k\..^.'s.[..}):...(J.jJ..6...HN..\|.....V..l..L.)..~=s/ob.Y5@B#iw=cw.P.....m.{A...3.B.[...2.....b.8a..M.m...........v.i;.M.4wuQ.\|.=.\.s7a3..TT&a.....:SO..X.Gp.R.:'........C..+.k...!.E...(....P.."cJ...,..:......z%.maq.h{.;.cC.rBB..G.i.KZ.....a...=..jx.l...O.!.GM....M....)7..%p..sY..J.Ye.#\....-pl0S4.v.t.tps<+..je.qt..h.h....A. 5R....d..T]......Y.e#.......\.z.....;.....Q....@...x.c\|.Bt...........R...wGb....>..Y...1b..Im2.W.!..d..dL....4....^....O$.PN.\zl{..pJ)..XA.0.>:.cp.sK._..>I..V.......~.....\|..E.....?....K5.!u...U{.M-a......RRG..d..>T.....I.W.........vMWbX..>.2G........l...&.2..;...v8.<.4...N.$.oD..Q"b.0..{...\|..G.Y...uF..S~.nyY.d...B.%.3.o.7......`.,...!.wp.)..O....M...!....HY......<Z... .1..}.y.\.K....c`....,M5.J....aEH*.. z%-4

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\msvcp140.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	566704
Entropy (8bit):	6.494428734965787
Encrypted:	false
SSDEEP:	12288:M/Wn7JnU0QUgqtLe1fqSKnqEXG6IOaaal7wC/QaDWxncycIW6zuyLQEKZm+jWodj:yN59IW6zuAQEKZm+jWodEEY1u
MD5:	6DA7F4530EDB350CF9D967D969CCECF8
SHA1:	3E2681EA91F60A7A9EF2407399D13C1CA6AA71E9
SHA-256:	9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA
SHA-512:	1F77F900215A4966F7F4E5D23B4AAAD203136CB8561F4E36F03F13659FE1FF4B81CAA75FEF557C890E108F28F0484AD2BAA825559114C0DAA588CF1DE6C1AFAB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y...................Z.........O.....O.....O.....O.....O.....O.6....O.....Rich...........................PE..d...%\|.a.........." .....<...\.......)...................................................`A.........................................5..h...(...,............p...9...~...'......0.......T...............................8............P...............................text....;.......<.................. ..`.rdata..j....P.......@..............@..@.data...`:...0......................@....pdata...9...p...:...6..............@..@.rsrc................p..............@..@.reloc..0............t..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	35656
Entropy (8bit):	6.370522595411868
Encrypted:	false
SSDEEP:	768:ixmeWkfdHAWcgj7Y7rEabyLcRwEpYinAMx1nyqaJ:pXUdg8jU7r4LcRZ7Hx1nyqa
MD5:	D3CAC4D7B35BACAE314F48C374452D71
SHA1:	95D2980786BC36FEC50733B9843FDE9EAB081918
SHA-256:	4233600651FB45B9E50D2EC8B98B9A76F268893B789A425B4159675B74F802AA
SHA-512:	21C8D73CC001EF566C1F3C7924324E553A6DCA68764ECB11C115846CA54E74BD1DFED12A65AF28D9B00DDABA04F987088AA30E91B96E050E4FC1A256FFF20880
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........D..D..D..M.3.J......F......W......N......G......F..D..l......A..D.........E...._.E......E..RichD..................PE..d................"....#.2...4......`7.........@..........................................`..................................................b..,....................d..H'......<....Z..p...........................`Y..@............P...............................text....1.......2.................. ..`.rdata..H"...P...$...6..............@..@.data...H............Z..............@....pdata...............\..............@..@.rsrc................`..............@..@.reloc..<............b..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\suriqk.bat

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	22
Entropy (8bit):	3.879664004902594
Encrypted:	false
SSDEEP:	3:mKDDlR+7H6U:hOD6U
MD5:	D9324699E54DC12B3B207C7433E1711C
SHA1:	864EB0A68C2979DCFF624118C9C0618FF76FA76C
SHA-256:	EDFACD2D5328E4FFF172E0C21A54CC90BAF97477931B47B0A528BFE363EF7C7E
SHA-512:	E8CC55B04A744A71157FCCA040B8365473C1165B3446E00C61AD697427221BE11271144F93F853F22906D0FEB61BC49ADFE9CBA0A1F3B3905E7AD6BD57655EB8
Malicious:	false
Preview:	@echo off..Start "" %1

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\swresample-4.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	158968
Entropy (8bit):	6.4238235663554955
Encrypted:	false
SSDEEP:	1536:izN/1rbQ+rTccg/Lla75jjVBzYCDNzuDQr5whduOd7EKPuh9Aco6uAGUtQFUzcnX:8N/FQ+rejlaFhdrXORhjD6VGUtQWk
MD5:	7FB892E2AC9FF6981B6411FF1F932556
SHA1:	861B6A1E59D4CD0816F4FEC6FD4E31FDE8536C81
SHA-256:	A45A29AECB118FC1A27ECA103EAD50EDD5343F85365D1E27211FE3903643C623
SHA-512:	986672FBB14F3D61FFF0924801AAB3E9D6854BB3141B95EE708BF5B80F8552D5E0D57182226BABA0AE8995A6A6F613864AB0E5F26C4DCE4EB88AB82B060BDAC5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...........O.....&"...&.h..........P.....................................................`... ...................................... .......0..T....`..........X....E..H'...p..................................(...................02...............................text....f.......h..................`..`.data................l..............@....rdata...Q.......R...n..............@..@.pdata..X...........................@..@.xdata..............................@..@.bss.....................................edata....... ......................@..@.idata..T....0......................@....CRT....X....@......................@....tls.........P......................@....rsrc........`......................@....reloc.......p......................@..B................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\swscale-7.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	707200
Entropy (8bit):	6.610520126248797
Encrypted:	false
SSDEEP:	12288:hTl8xt5jEuhuoWZz8Rt5brZcXVEZMbYwepVQ0G6ddTD8qevJMLf50555555555mj:hZ8xt5jEuhuoWZz8Rt5brZcXVEZMbYJz
MD5:	1144E36E0F8F739DB55A7CF9D4E21E1B
SHA1:	9FA49645C0E3BAE0EDD44726138D7C72EECE06DD
SHA-256:	65F8E4D76067C11F183C0E1670972D81E878E6208E501475DE514BC4ED8638FD
SHA-512:	A82290D95247A67C4D06E5B120415318A0524D00B9149DDDD8B32E21BBD0EE4D86BB397778C4F137BF60DDD4167EE2E9C6490B3018031053E9FE3C0D0B3250E7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...........-.....&"...&............P.....................................................`... ......................................P.......`..........x....P......8...H'......................................(....................c..`............................text...(...........................`..`.data...............................@....rdata...s.......t..................@..@.pdata.......P...0...&..............@..@.xdata...9.......:...V..............@..@.bss.....................................edata.......P......................@..@.idata.......`......................@....CRT....`....p......................@....tls................................@....rsrc...x...........................@....reloc..............................@..B................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\una_front\classes.jsa

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	12124160
Entropy (8bit):	4.1175508751036585
Encrypted:	false
SSDEEP:	49152:opbNLHjtBKapOZoWPQ8MQvfyf3t+WpskQS+ZSZmpPwoe5GOSwleJiXACPQDk8p8j:o9NDU1eB1
MD5:	8A13CBE402E0BBF3DA56315F0EBA7F8E
SHA1:	EE8B33FA87D7FA04B9B7766BCF2E2C39C4F641EA
SHA-256:	7B5E6A18A805D030779757B5B9C62721200AD899710FF930FC1C72259383278C
SHA-512:	46B804321AB1642427572DD141761E559924AF5D015F3F1DD97795FB74B6795408DEAD5EA822D2EB8FBD88E747ECCAD9C3EE8F9884DFDB73E87FAD7B541391DA
Malicious:	false
Preview:	.................*.\.....................................+................................Ol.....................................">.............................d..3......................A.......@...... t.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................(#......(............... ................Java HotSpot(TM) 64-Bit Server VM (15.0.1+9-18) for windows-amd64 JRE (15.0.1+9-18), built on Sep 15 2020 14:43:54 by "mach5one" with unknown MS VC++:1925....................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\una_front\java.datatransfer.jmod

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Java jmod module version 1.0
Category:	dropped
Size (bytes):	51389
Entropy (8bit):	7.916683616123071
Encrypted:	false
SSDEEP:	768:GO5DN7hkJDEnwQm0aCDOdC4Lk1eo8eNEyu/73vVjPx5S+3TYWFwSvZt6xdWDvw:GO5h7hkREnyvo8QBuDNjfvD1/3vw
MD5:	8F4C0388762CD566EAE3261FF8E55D14
SHA1:	B6C5AA0BBFDDE8058ABFD06637F7BEE055C79F4C
SHA-256:	AAEFACDD81ADEEC7DBF9C627663306EF6B8CDCDF8B66E0F46590CAA95CE09650
SHA-512:	1EF4D8A9D5457AF99171B0D70A330B702E275DCC842504579E24FC98CC0B276F8F3432782E212589FC52AA93BBBC00A236FE927BE0D832DD083E8F5EBDEB67C2
Malicious:	false
Preview:	JM..PK.........n/Q................classes/module-info.classeP.N.0..../.$...pAM.D.p..!!..X...m.d'.....P7...biw..Y.?._...pM.m..X.q..2.D8o...o.0.J.s...,...".'..>..F..r..M..G.L......!.je.BG....:v.;..a@...Y...3..?.Y....\.m.).CBwn......'.N..+G+^#.j...R.A..qV.1o...p.....\|._.-N$.!.;X....\|....G......qi.W{PK...^0.........PK.........n/Q............-...classes/java/awt/datatransfer/Clipboard.class.X.w.W....c...-.Ii...#.P..........@(`.......3.....R...........<....h..W.z......=.=~....l..DN..............;y.@7..#....2.P.._.WR.b.Km..f......9w1T...A.....d..b.r.Ie.Gq,..U+.kcC.be..eTe......K3.usU.2...Pe.4T.aYz....>!..q..3.dL.Q..fh/#..P.t.;.f,.."..7..v.(..K7}.2nZ;.Mg..OuzU..c.....!wR.xz....7...tG..d.ED..3...fs.{n\...x...r.!.#X.6.Ke.v........1n.P......#..P...J....)^.dt....k...k...F5...e$.d...=~Do.t.2....KX....B.#Ha..U2n.j...+fh&....&.zk,.....>...aQ......kj...:.h.Q.uTv.B ......N......r'..x..D.4.`k 76fZ....fG..#.....7.4.:w..6....#...x..>lfh.B'.....'l..V.....5..H..

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\una_front\java.instrument.jmod

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Java jmod module version 1.0
Category:	dropped
Size (bytes):	41127
Entropy (8bit):	7.961466748192397
Encrypted:	false
SSDEEP:	768:L0xH2Z5C7/c8GqFsHWShYYptTpmPSB4gTQSq4Yz1jHoAsbjX:wxH66/crqiH3tTVTsSVYz1jIAsfX
MD5:	D039093C051B1D555C8F9B245B3D7FA0
SHA1:	C81B0DAEDAB28354DEA0634B9AE9E10EE72C4313
SHA-256:	4A495FC5D119724F7D40699BB5D2B298B0B87199D09129AEC88BBBDBC279A68D
SHA-512:	334FD85ACE22C90F8D4F82886EEF1E6583184369A031DCEE6E0B6624291F231D406A2CEC86397C1B94D535B36A5CF7CB632BB9149B8518B794CBFA1D18A2478F
Malicious:	false
Preview:	JM..PK.........n/Q................classes/module-info.classU.M..0..../..........LL...A.$.t.\x..e,U.N.N..7o.....=B+..,.@..:.`.....`....L.,.".B.M......:...._..uBGf.5.M..g..."..8K\..B.".z..\|=6.=1.KB..v,.yJ0/......[.r..OU`....Q}...kP.94oh...b..K{...].'PK........#...PK.........n/Q............2...classes/java/lang/instrument/ClassDefinition.class.SMo.@.}.8q.4M.@.h..b;... ..d.RP$.c...#g...#@.....@.G..........7o.......@.-..J.T.eT..'.......tt.=.P9.C_t.J.5... ...Y...z\|.(..TE...e.....(.......v?pg....<...I.1.:....H.U...1.)..p...P.......\|...04..Q..2...%..8~.......#..p"...n..<.Uq..=..:.c..1.2...x.o.w..#....^?q.I..:..Y...6...N..c..>2.k.U...L..&V.H...%....y...[.~GJ...B/M......%...t....+.I.E....H..}....m..j_..8C...:.n...(*..z..Z.Q...$....a.}..T.xW.$....52...T.o..mSL_~.L.FM....W.z.I.]....)..e.....A..$..xH...Td...0i..."...0X....PK..X..~........PK.........n/Q............7...classes/java/lang/instrument/ClassFileTransformer.class.S.n.@.=.8.M.n..b^-/..G..

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\una_front\java.logging.jmod

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Java jmod module version 1.0
Category:	dropped
Size (bytes):	113725
Entropy (8bit):	7.928841651831531
Encrypted:	false
SSDEEP:	3072:6jB5A+VPT8IdtpHAUfEzhLpIrxbt2rlnH6:6ZRTPHgU2pItshH6
MD5:	3A03EF8F05A2D0472AE865D9457DAB32
SHA1:	7204170A08115A16A50D5A06C3DE7B0ADB6113B1
SHA-256:	584D15427F5B0AC0CE4BE4CAA2B3FC25030A0CF292F890C6D3F35836BC97FA6D
SHA-512:	1702C6231DAAB27700160B271C3D6171387F89DA0A97A3725B4B9D404C94713CB09BA175DE8E78A8F0CBD8DD0DD73836A38C59CE8D1BD38B4F57771CF9536E77
Malicious:	false
Preview:	JM..PK.........n/Q................classes/module-info.classuQ.N.1.=W......n\1.D.5$&....T...2%....\..~..3(......9.6...o....%..:L...x.=..p..L.......".Gm........Z9.R+...}x..$.Y,,..-..z..{.v.K..:9m[.dl....Q#t..F$:5c..h..^x".8 \N..A!....O....@.0.Z....p]......0_(.mB...=.J..<.k"4....g<......M$,....:Kz\|..^.........8q..{...}.G....p.S.W...l.M.....PK..R...).......PK.........n/Q................classes/java/util/logging/ConsoleHandler.class}S[o.A...KW..jk.....jy...K.b.R.mH\|.......2.K....h...G..,..K...s..r......7....d.u....C...y3..j..2...1..!wx..2T:.T...b.^..`.D[...0....n.cXy#C..e...=.E.....]..%L..<x.....W........z..u.s..a.e..Zq..-.E@n.!..)....F...\.E...<...[.;W..t.i%.mT".w.x..(.m,...r.....tZ..vPepFI_...D..b..0.U...S;....XP.@..C.#Cq..}aNy_..ZG...q#m<;..g2b.]"..Y.....[7."+..#"wOtb..-..."..@..(.>Y0......C.h...?.~..8A.Mp.....N....Z$ .E...."o.E.uz3;..m.P.z.....7...?.'.q>...2mN.gLv...q1..[}..@~..M.....K..sS.....PK....0w........PK.........n/Q............,...classes/ja

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\una_front\java.management.jmod

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Java jmod module version 1.0
Category:	dropped
Size (bytes):	896846
Entropy (8bit):	7.923431656723031
Encrypted:	false
SSDEEP:	12288:3xz+ej0yUGnip25kAyyrAm0G4hcpbLIWFWb4YNlgWUz4u5cnLXlAVz/Q+9Ec8zCU:3cZpcryy8mp4hpSxWUQuV//yDXX
MD5:	C6FBB7D49CAA027010C2A817D80CA77C
SHA1:	4191E275E1154271ABF1E54E85A4FF94F59E7223
SHA-256:	1C8D9EFAEB087AA474AD8416C3C2E0E415B311D43BCCA3B67CBF729065065F09
SHA-512:	FDDC31FA97AF16470EA2F93E3EF206FFB217E4ED8A5C379D69C512652987E345CB977DB84EDA233B190181C6E6E65C173062A93DB3E6BB9EE7E71472C9BBFE34
Malicious:	false
Preview:	JM..PK.........n/Q................classes/module-info.class.S.N.A.=-.............^PQP4F..\|..]{.........S\|...(cu/..i.d.z...[....'.M\|`.M.GrI.).1.4...8...V.b.EE.Rg...zV.K......Os.W.S?.e.GY.Q`.od..d..Zf....2>.B.29.D.3L7...M&....8.;..2...}..n..n.g...S. ?..._V..Q..9mBo0L..~dD.t.c.ric..2r5qLvr..V....Sm..I}.}.a..Od$2e..M.v.m..w....L..s.C.;...#.f..Ln.......5..9.2....5......P......M.$V.\|;...'mw.Vl.2....D..1%.l.a..o...O....!.......h...9V.L.x..?..n]/.6......iVe..{.4.K..s.[....y..\|2....3,`.a.....H69.a.;09.5K.C....a_.G.`Jm...ER......9I.D.n...Wp........%..WI...tf..pg5..SN.8y..Y'.:9....U.pq.....}.]X..aE....^t..x.l...^....m.#.......a."r.l.2..Lf).y.^.h..u....PK....N.i.......PK.........n/Q............0...classes/com/sun/jmx/defaults/JmxProperties.class.UMS#U.=.aH.4.4.....J2...h..6v.L2q.......tS.)F........\.....Y..h2...*...{.......w..8Ha.....p.C.c..C;..^+S...F.0..xNt....J5.$.b.og..9l.g....Q..k......"..I....b....-..^.n..<x..4.$pY.(..,\~.F..0...Z<`X[...(p...u^.

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\utest.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	639224
Entropy (8bit):	6.219852228773659
Encrypted:	false
SSDEEP:	12288:FgLcjQQPKZZK8aF4yBj3Fnx4DMDO8jalo:FggjQKuyDnxvOYaC
MD5:	01DACEA3CBE5F2557D0816FC64FAE363
SHA1:	566064A9CB1E33DB10681189A45B105CDD504FD4
SHA-256:	B4C96B1E5EEE34871D9AB43BCEE8096089742032C0669DF3C9234941AAC3D502
SHA-512:	C22BFE54894C26C0BD8A99848B33E1B9A9859B3C0C893CB6039F9486562C98AA4CEAB0D28C98C1038BD62160E03961A255B6F8627A7B2BB51B86CC7D6CBA9151
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*...D..D..D.....D.1J...D...@..D...G..D...A..D...E..D..E..D...E..D..E.O.D...A..D...D..D......D.....D...F..D.Rich..D.........PE..d.....-a.........." ...............................................................E..... .....................................................,.......@....p..xK..................`...T.......................(.......................(............................text............................... ..`.rdata..H=.......>..................@..@.data....H... ...@..................@....pdata..xK...p...L...J..............@..@.rsrc...@...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\vcruntime140.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	98224
Entropy (8bit):	6.452201564717313
Encrypted:	false
SSDEEP:	1536:ywqHLG4SsAzAvadZw+1Hcx8uIYNUzUoHA4decbK/zJNuw6z5U:ytrfZ+jPYNzoHA4decbK/FNu51U
MD5:	F34EB034AA4A9735218686590CBA2E8B
SHA1:	2BC20ACDCB201676B77A66FA7EC6B53FA2644713
SHA-256:	9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1
SHA-512:	D27D5E65E8206BD7923CF2A3C4384FEC0FC59E8BC29E25F8C03D039F3741C01D1A8C82979D7B88C10B209DB31FBBEC23909E976B3EE593DC33481F0050A445AF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...%\|.a.........." .........`......p................................................{....`A.........................................B..4....J...............p..X....X...'..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\vcruntime140_1.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	37256
Entropy (8bit):	6.297533243519742
Encrypted:	false
SSDEEP:	384:5hnvMCmWEKhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+Xf0+uncS7IO5WrCKWU/tQ0g:YCm5KhUcwrHY/ntTxT6ov07b4SwY1zl
MD5:	135359D350F72AD4BF716B764D39E749
SHA1:	2E59D9BBCCE356F0FECE56C9C4917A5CACEC63D7
SHA-256:	34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32
SHA-512:	CF23513D63AB2192C78CAE98BD3FEA67D933212B630BE111FA7E03BE3E92AF38E247EB2D3804437FD0FDA70FDC87916CD24CF1D3911E9F3BFB2CC4AB72B459BA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D_.O.>...>...>...N...>..RK...>...F^..>...>..1>..RK...>..RK...>..RK...>..RK...>..RK2..>..RK...>..Rich.>..........................PE..d...)\|.a.........." .....:...6......`A....................................................`A.........................................l.......m..x....................n...#......<...(b..T............................b..8............P..X............................text...e9.......:.................. ..`.rdata.. "...P...$...>..............@..@.data... ............b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..<............l..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\w32-pthreads.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	53576
Entropy (8bit):	6.371750593889357
Encrypted:	false
SSDEEP:	1536:ij2SSS5nVoSiH/pOfv3Q3cY37Hx1nI6q:GhSSntiH/pOfvAf3
MD5:	E1EEBD44F9F4B52229D6E54155876056
SHA1:	052CEA514FC3DA5A23DE6541F97CD4D5E9009E58
SHA-256:	D96F2242444A334319B4286403D4BFADAF3F9FCCF390F3DD40BE32FB48CA512A
SHA-512:	235BB9516409A55FE7DDB49B4F3179BDCA406D62FD0EC1345ACDDF032B0F3F111C43FF957D4D09AD683D39449C0FFC4C050B387507FADF5384940BD973DAB159
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*.<.K.o.K.o.K.o.3.o.K.oK7.n.K.oK7so.K.oK7.n.K.oK7.n.K.oK7.n.K.o'9.n.K.o.K.o.K.o,6.n.K.o,6.n.K.o,6qo.K.o.K.o.K.o,6.n.K.oRich.K.o........PE..d....Q............" ...#.b...J.......f............................................../.....`............................................X...(...........................H'......8.......p...........................P...@...............@............................text...ha.......b.................. ..`.rdata..P,...........f..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..8...........................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\zlib.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	144200
Entropy (8bit):	6.592048391646652
Encrypted:	false
SSDEEP:	1536:GjxOs8gLeu4iSssNiTh9Yks32X3KqVy5SmBolzXfqLROJA0o1ZXMvr7Rn6dheIOI:I34iDsG5vm4bfqFKoDmr7h2MHTtwV6K
MD5:	3A0DBC5701D20AA87BE5680111A47662
SHA1:	BC581374CA1EBE8565DB182AC75FB37413220F03
SHA-256:	D53BC4348AD6355C20F75ED16A2F4F641D24881956A7AE8A0B739C0B50CF8091
SHA-512:	4740945606636C110AB6C365BD1BE6377A2A9AC224DE6A79AA506183472A9AD0641ECC63E5C5219EE8097ADEF6533AB35E2594D6F8A91788347FDA93CDB0440E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...&............P....................................................`... ......................................0..\|....@..8....p..................H'......................................(....................A..p............................text...............................`..`.data...............................@....rdata...W.......X..................@..@.pdata..............................@..@.xdata..............................@..@.bss......... ...........................edata..\|....0......................@..@.idata..8....@......................@....CRT....X....P......................@....tls.........`......................@....rsrc........p......................@....reloc..............................@..B................................................................................................................................

C:\Windows\Installer\5c5709.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {5BEA70BD-B5E4-40DD-8B1F-5C981F77F6D6}, Number of Words: 10, Subject: Strave App, Author: Triaox Completely Solutions, Name of Creating Application: Strave App, Template: x64;2057, Comments: This installer database contains the logic and data required to install Strave App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Mon Dec 30 15:33:06 2024, Last Saved Time/Date: Mon Dec 30 15:33:06 2024, Last Printed: Mon Dec 30 15:33:06 2024, Number of Pages: 450
Category:	dropped
Size (bytes):	60716544
Entropy (8bit):	7.214700363985255
Encrypted:	false
SSDEEP:	1572864:/rWVmrjV7eIvnOTZXcak5wE7nTZh8MoF:T9Cc7XzVC5
MD5:	3071CE4BEEEB67A761DED31E9AF3303E
SHA1:	0AE5392D7A1C2CEF1A3D30363DB0FEFB86E64417
SHA-256:	EE496F1691290FD1AE686421276BF631156B39A7F80B2C036E076F6DF86F77BC
SHA-512:	0CEC1EE67F6B3D2A4886844352312642A8756BF05CB37D613763EFAB89848C6EC77548CDACD4219F4B7D356A17EF012909AFE306EE2B7C3FA3E534F53C39AFBD
Malicious:	false
Preview:	......................>............................................2..................................................................x...............................................................................................................................................%...&...'...(...)......................................................Z"..."..E#..F#..G#..H#..I#..J#..K#..L#..M#..N#..O#..P#..Q#..R#..S#..T#..U#...+...+...,...,...,...,...,...,...,..-0...0../0..00...2...2...2...2...2...2...2...2..............d...........................8...............B................................................................... ...!..."...#...$...%...&...'...(...)......+...,...-...7.../...0...1...2...3...4...5...6.......9...M...:...;...<...=...>...?...@...A...D...C...J...E...F...G...H...I...X...K...L...e...N...O...P...Q...R...S...T...U...V...W...("..""..Z...[...\...]...^..._...`...a...b...c.......~...f...g...h...i...j...k...l...m...n...o...p...q...r.......t...u...v...w...x...y...z...

C:\Windows\Installer\5c570c.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {5BEA70BD-B5E4-40DD-8B1F-5C981F77F6D6}, Number of Words: 10, Subject: Strave App, Author: Triaox Completely Solutions, Name of Creating Application: Strave App, Template: x64;2057, Comments: This installer database contains the logic and data required to install Strave App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Mon Dec 30 15:33:06 2024, Last Saved Time/Date: Mon Dec 30 15:33:06 2024, Last Printed: Mon Dec 30 15:33:06 2024, Number of Pages: 450
Category:	dropped
Size (bytes):	60716544
Entropy (8bit):	7.214700363985255
Encrypted:	false
SSDEEP:	1572864:/rWVmrjV7eIvnOTZXcak5wE7nTZh8MoF:T9Cc7XzVC5
MD5:	3071CE4BEEEB67A761DED31E9AF3303E
SHA1:	0AE5392D7A1C2CEF1A3D30363DB0FEFB86E64417
SHA-256:	EE496F1691290FD1AE686421276BF631156B39A7F80B2C036E076F6DF86F77BC
SHA-512:	0CEC1EE67F6B3D2A4886844352312642A8756BF05CB37D613763EFAB89848C6EC77548CDACD4219F4B7D356A17EF012909AFE306EE2B7C3FA3E534F53C39AFBD
Malicious:	false
Preview:	......................>............................................2..................................................................x...............................................................................................................................................%...&...'...(...)......................................................Z"..."..E#..F#..G#..H#..I#..J#..K#..L#..M#..N#..O#..P#..Q#..R#..S#..T#..U#...+...+...,...,...,...,...,...,...,..-0...0../0..00...2...2...2...2...2...2...2...2..............d...........................8...............B................................................................... ...!..."...#...$...%...&...'...(...)......+...,...-...7.../...0...1...2...3...4...5...6.......9...M...:...;...<...=...>...?...@...A...D...C...J...E...F...G...H...I...X...K...L...e...N...O...P...Q...R...S...T...U...V...W...("..""..Z...[...\...]...^..._...`...a...b...c.......~...f...g...h...i...j...k...l...m...n...o...p...q...r.......t...u...v...w...x...y...z...

C:\Windows\Installer\MSI60CD.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608727172078022
Encrypted:	false
SSDEEP:	24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
MD5:	EE09D6A1BB908B42C05FD0BEEB67DFD2
SHA1:	1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
SHA-256:	7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
SHA-512:	2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\MSI613C.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608727172078022
Encrypted:	false
SSDEEP:	24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
MD5:	EE09D6A1BB908B42C05FD0BEEB67DFD2
SHA1:	1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
SHA-256:	7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
SHA-512:	2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\MSI618B.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608727172078022
Encrypted:	false
SSDEEP:	24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
MD5:	EE09D6A1BB908B42C05FD0BEEB67DFD2
SHA1:	1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
SHA-256:	7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
SHA-512:	2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\MSI61BB.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608727172078022
Encrypted:	false
SSDEEP:	24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
MD5:	EE09D6A1BB908B42C05FD0BEEB67DFD2
SHA1:	1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
SHA-256:	7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
SHA-512:	2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\MSI61FA.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1201504
Entropy (8bit):	6.4557937684843365
Encrypted:	false
SSDEEP:	24576:W4FsQxRqkY1ngOktwC2Tec+4VGWSlnH/YrjPWeTIUGVUrHtAkJMsFUh29BKjxw:D2QxNwCsec+4VGWSlnfYvO3UGVUrHtAg
MD5:	E83D774F643972B8ECCDB3A34DA135C5
SHA1:	A58ECCFB12D723C3460563C5191D604DEF235D15
SHA-256:	D0A6F6373CFB902FCD95BC12360A9E949F5597B72C01E0BD328F9B1E2080B5B7
SHA-512:	CB5FF0E66827E6A1FA27ABDD322987906CFDB3CDB49248EFEE04D51FEE65E93B5D964FF78095866E197448358A9DE9EC7F45D4158C0913CBF0DBD849883A6E90
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............@G..@G..@G.yCF..@G.yEF..@G.\|CF..@G.\|DF..@G.\|EF..@G.yDF..@G.yAF..@G..AG..@G.}IF..@G.}@F..@G.}.G..@G...G..@G.}BF..@GRich..@G........PE..L...'.$g.........."!...).~..........Pq.......................................`......0.....@A........................ ...t...............................`=.......l......p........................... ...@...............L............................text...J}.......~.................. ..`.rdata...;.......<..................@..@.data...............................@....fptable............................@....rsrc...............................@..@.reloc...l.......n..................@..B........................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI623A.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608727172078022
Encrypted:	false
SSDEEP:	24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
MD5:	EE09D6A1BB908B42C05FD0BEEB67DFD2
SHA1:	1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
SHA-256:	7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
SHA-512:	2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\MSI626A.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608727172078022
Encrypted:	false
SSDEEP:	24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
MD5:	EE09D6A1BB908B42C05FD0BEEB67DFD2
SHA1:	1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
SHA-256:	7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
SHA-512:	2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\MSI80D0.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	380520
Entropy (8bit):	6.512348002260683
Encrypted:	false
SSDEEP:	6144:ZSXJmYiFGLzkhEFeCPGi5B8dZ6t+6bUSfcqKgAST:ZSXJ9khElPGvcttbxpAST
MD5:	FFDAACB43C074A8CB9A608C612D7540B
SHA1:	8F054A7F77853DE365A7763D93933660E6E1A890
SHA-256:	7484797EA4480BC71509FA28B16E607F82323E05C44F59FFA65DB3826ED1B388
SHA-512:	A9BD31377F7A6ECF75B1D90648847CB83D8BD65AD0B408C4F8DE6EB50764EEF1402E7ACDFF375B7C3B07AC9F94184BD399A10A22418DB474908B5E7A1ADFE263
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^..?{..?{..?{..x..?{..~..?{...x..?{......?{...~..?{.....?{..z..?{..?z..>{..r..?{..{..?{....?{..?.?{..y..?{.Rich.?{.........PE..L...>.$g.........."!...)..................... .......................................'....@A........................@3..X....3.......... ...............h:.......6..@...p...............................@............ ..(............................text...J........................... ..`.rdata...$... ...&..................@..@.data....!...P......................@....fptable.............@..............@....rsrc... ............B..............@..@.reloc...6.......8...\..............@..B........................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI8601.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	216009
Entropy (8bit):	4.956542596463702
Encrypted:	false
SSDEEP:	1536:Hq6j9WTi1Z0Ceau0a/r3NLZZOjjDcC7uFFy9Z8YJNs9Z7E9yklE:Hdj9V1Z0vZXJZYDFufyXbJNCcw
MD5:	743DDFBBB4E58510D367CD40F907313A
SHA1:	14858CB577403D7C999314F7F50E7AE12BFA78E7
SHA-256:	DE505F0AB4B3A2497BB4A8E5A3D3B10829353B9D7D0AC99BE851B80404313F6E
SHA-512:	0D70F5D2D5A6376FE20D29E22BDEEAC16C982F0BA180BEF19405652AF859B0CC789D282F4BF979B0514B04595D5EAAACB11B693CAF87892660EB588AB5D2C14C
Malicious:	false
Preview:	...@IXOS.@.....@.Y.Y.@.....@.....@.....@.....@.....@......&.{5B7114EE-00D6-44D7-B716-410C9ADE9DAB}..Strave App..setup.msi.@.....@.....@.....@......icon_24.exe..&.{5BEA70BD-B5E4-40DD-8B1F-5C981F77F6D6}.....@.....@.....@.....@.......@.....@.....@.......@......Strave App......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@3....@.....@.]....&.{F39C344E-A83E-4760-8DA8-F27602095B4F}G.C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\.@.......@.....@.....@......&.{BC83E781-7DE2-47A8-97C3-2E6CC9BCAD82};.21:\Software\Triaox Completely Solutions\Strave App\Version.@.......@.....@.....@......&.{279C32E3-A00A-4513-9A8B-D3984A41A6FB}P.C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\utest.dll.@.......@.....@.....@......&.{B61B35E4-8BE1-4171-B69B-E2423CE9179F}W.C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\vcruntime140.dll.@

C:\Windows\Installer\MSI8612.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	787808
Entropy (8bit):	6.693392695195763
Encrypted:	false
SSDEEP:	24576:aE33f8zyjmfyY43pNRmkL7mh0lhSMXlEeGXDMGz+:L3fSyjmfyY43pNRp7T0eGwGz+
MD5:	8CF47242B5DF6A7F6D2D7AF9CC3A7921
SHA1:	B51595A8A113CF889B0D1DD4B04DF16B3E18F318
SHA-256:	CCB57BDBB19E1AEB2C8DD3845CDC53880C1979284E7B26A1D8AE73BBEAF25474
SHA-512:	748C4767D258BFA6AD2664AA05EF7DC16F2D204FAE40530430EF5D1F38C8F61F074C6EC6501489053195B6B6F6E02D29FDE970D74C6AE97649D8FE1FD342A288
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............m..m..m.'n..m.'h.q.m.'i..m.."i..m.."n..m.."h..m.'l..m..l..m.#d..m.#m..m.#...m.....m.#o..m.Rich.m.........PE..L.....$g.........."!...).....4............................................... ............@A........................@J.......J..........................`=......4`...~..p........................... ~..@............................................text............................... ..`.rdata..Z...........................@..@.data...D-...`.......B..............@....fptable.............^..............@....rsrc................`..............@..@.reloc..4`.......b...f..............@..B........................................................................................................................................................................................................................................................

C:\Windows\Installer\SourceHash{5B7114EE-00D6-44D7-B716-410C9ADE9DAB}

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.1621805758991095
Encrypted:	false
SSDEEP:	12:JSbX72Fj7AGiLIlHVRpMh/7777777777777777777777777vDHFz6cp3Xl0i8Q:JNQI5c936F
MD5:	5C092B14C9EE6FDF8854B1C782DDB3A4
SHA1:	A37383B00B7A219907005DCC96AAC497B09DE21E
SHA-256:	AD3D14395DEB4C9EC6FFD7445FDED44334D6B9671E3BD745FC5B55C850BC50BC
SHA-512:	E57F9B7D8DE8FD2B33A1C64ACCA1FDE684969A990D1FD81D407594DBAB78A4FC8DA33B116A3AB67395EA5BD5AE0B83D1F29F0B6C99E50BE7CE62EF3486EF728D
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\inprogressinstallinfo.ipi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.5881742078919046
Encrypted:	false
SSDEEP:	48:B8PhhuRc06WXJ8FT5kcCQz8lQMoAErCyKSq8l53Xm8lQSq8lITxG:chh1fFT8xwChIXCD
MD5:	E457BC660FF169E670632464373F2870
SHA1:	CB1761EA848AE7A0F92F15C6B66DA8053FF16D3F
SHA-256:	B5E58C0E2D4B685E268B1FC21DE874D7B8A656714A8EED892642855240B55003
SHA-512:	5A67B83966D733E9689B55AF9238CA86844EA05E2DC05683EECB420640014DEDB6F0C9B82353CEA91F8EF9B99A538383A52DEFED32F17D774CB7631E68B02ECC
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	364484
Entropy (8bit):	5.365504341654535
Encrypted:	false
SSDEEP:	1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgauw:zTtbmkExhMJCIpEr
MD5:	62234428C14B15B0FE8E5E440ECB29BC
SHA1:	2CDEB631363B3AF0AA5EDFBDB25B797E678C88B9
SHA-256:	6CC293903E13099E7AC97D13F4CED588AAAE0FFEBD7CFEB51BB3A32214C863D3
SHA-512:	86E25CD3E50319BDE242859C6B0FD9EF435BA6D5B00EC66CF79C6EA7E56F570037C13EFD91EAC7EF4AC9C8BE0622F4C29AB63ADF6F497AA2A8D670175A48F617
Malicious:	false
Preview:	.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

C:\Windows\Temp\~DF0CC9011F70FF4558.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF2B536CBC3B55BA42.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF2EFE556E8BB36EBE.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.2710307692742995
Encrypted:	false
SSDEEP:	48:LHuZu7O+CFXJxT5EVycCQz8lQMoAErCyKSq8l53Xm8lQSq8lITxG:aZfJTuV0xwChIXCD
MD5:	30C64D57FE79A2967B4F6BAE447B1974
SHA1:	6B56F84C9C4BA037BA911AD5D4D4E315CE31BE70
SHA-256:	204D9586269EB98E2AE40E8FB0AE58FE35A7AD00491A4C6D517C3E8B5F21FD91
SHA-512:	6925C963A0B40AC80D6323415A1212883E7C84F6A557266BB627D9FD1637811E8AF9EF4E22EF6E0F028928BF42532B56CF150D75F8740070D8107F8CEDDEC1D0
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF2F31FA9F9A6C971C.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.06898990870023025
Encrypted:	false
SSDEEP:	6:2/9LG7iVCnLG7iVrKOzPLHKOz6BEQyVky6l3X:2F0i8n0itFzDHFz693X
MD5:	79F6564305DFE67DE5541C94BFB1EC17
SHA1:	78A3E4534D7B3AF985C094D308E17E7DC9CF02AD
SHA-256:	71936DD8BBBD6F298D29910F462FC401917E43EA7BE3AD0389A477FF55DB78B1
SHA-512:	24BDBDAAC4938F3EE56096B30F25E2F4C6A4375137B1CCD798806CE7B7BB62F3F5FD0914F471F95E214DECE8453738BFAA11F3D8C0E0ACACC05277C39487D10D
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF37D86128910604B9.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.2710307692742995
Encrypted:	false
SSDEEP:	48:LHuZu7O+CFXJxT5EVycCQz8lQMoAErCyKSq8l53Xm8lQSq8lITxG:aZfJTuV0xwChIXCD
MD5:	30C64D57FE79A2967B4F6BAE447B1974
SHA1:	6B56F84C9C4BA037BA911AD5D4D4E315CE31BE70
SHA-256:	204D9586269EB98E2AE40E8FB0AE58FE35A7AD00491A4C6D517C3E8B5F21FD91
SHA-512:	6925C963A0B40AC80D6323415A1212883E7C84F6A557266BB627D9FD1637811E8AF9EF4E22EF6E0F028928BF42532B56CF150D75F8740070D8107F8CEDDEC1D0
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF4F8E9AEEB34A2CB9.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF647965594216A190.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFA9F5D2CF67D04A36.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.5881742078919046
Encrypted:	false
SSDEEP:	48:B8PhhuRc06WXJ8FT5kcCQz8lQMoAErCyKSq8l53Xm8lQSq8lITxG:chh1fFT8xwChIXCD
MD5:	E457BC660FF169E670632464373F2870
SHA1:	CB1761EA848AE7A0F92F15C6B66DA8053FF16D3F
SHA-256:	B5E58C0E2D4B685E268B1FC21DE874D7B8A656714A8EED892642855240B55003
SHA-512:	5A67B83966D733E9689B55AF9238CA86844EA05E2DC05683EECB420640014DEDB6F0C9B82353CEA91F8EF9B99A538383A52DEFED32F17D774CB7631E68B02ECC
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFBFAAE296DA8ED10A.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	0.14653917599037503
Encrypted:	false
SSDEEP:	48:2GyT28lQSq8lV8lQMoAErCyKSq8l53XKGks:2yBwChIXr
MD5:	9B5D1981A63A6D91E74C87222F001DB0
SHA1:	B202A4EBE410F33D0D02235AE7F7F4E7705C9A03
SHA-256:	565CC221F009632C2C4E76EBECA1171DB497766B0F4AB29A58C4B04681D8E8F8
SHA-512:	285AA95AFEC12A4212B4508ADED90A9ACA88F62312767B297F4AE0385882CB0E334A279C5AB077015FD00DA8C9EF35237B52232CC94B8373901B177F460A9284
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFC1917EBDAB713AA0.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.5881742078919046
Encrypted:	false
SSDEEP:	48:B8PhhuRc06WXJ8FT5kcCQz8lQMoAErCyKSq8l53Xm8lQSq8lITxG:chh1fFT8xwChIXCD
MD5:	E457BC660FF169E670632464373F2870
SHA1:	CB1761EA848AE7A0F92F15C6B66DA8053FF16D3F
SHA-256:	B5E58C0E2D4B685E268B1FC21DE874D7B8A656714A8EED892642855240B55003
SHA-512:	5A67B83966D733E9689B55AF9238CA86844EA05E2DC05683EECB420640014DEDB6F0C9B82353CEA91F8EF9B99A538383A52DEFED32F17D774CB7631E68B02ECC
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFF9F019E5D6587830.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.2710307692742995
Encrypted:	false
SSDEEP:	48:LHuZu7O+CFXJxT5EVycCQz8lQMoAErCyKSq8l53Xm8lQSq8lITxG:aZfJTuV0xwChIXCD
MD5:	30C64D57FE79A2967B4F6BAE447B1974
SHA1:	6B56F84C9C4BA037BA911AD5D4D4E315CE31BE70
SHA-256:	204D9586269EB98E2AE40E8FB0AE58FE35A7AD00491A4C6D517C3E8B5F21FD91
SHA-512:	6925C963A0B40AC80D6323415A1212883E7C84F6A557266BB627D9FD1637811E8AF9EF4E22EF6E0F028928BF42532B56CF150D75F8740070D8107F8CEDDEC1D0
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFFDAC8F52E4458606.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

\Device\ConDrv

Download File

Process:	C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	638
Entropy (8bit):	4.751962275036146
Encrypted:	false
SSDEEP:	12:ku/L92WF4gx9l+jsPczo/CdaD0gwiSrlEX6OPkRVdoaQLeU4wv:ku/h5F4Bs0oCdalwisCkRVKVeU4wv
MD5:	15CA959638E74EEC47E0830B90D0696E
SHA1:	E836936738DCB6C551B6B76054F834CFB8CC53E5
SHA-256:	57F2C730C98D62D6C84B693294F6191FD2BEC7D7563AD9963A96AE87ABEBF9EE
SHA-512:	101390C5D2FA93162804B589376CF1E4A1A3DD4BDF4B6FE26D807AFC3FF80DA26EE3BAEB731D297A482165DE7CA48508D6EAA69A5509168E9CEF20B4A88A49FD
Malicious:	false
Preview:	[createdump] createdump [options] pid..-f, --name - dump path and file name. The default is '%TEMP%\dump.%p.dmp'. These specifiers are substituted with following values:.. %p PID of dumped process... %e The process executable filename... %h Hostname return by gethostname()... %t Time of dump, expressed as seconds since the Epoch, 1970-01-01 00:00:00 +0000 (UTC)...-n, --normal - create minidump...-h, --withheap - create minidump with heap (default)...-t, --triage - create triage minidump...-u, --full - create full core dump...-d, --diag - enable diagnostic messages...-v, --verbose - enable verbose diagnostic messages...

Static File Info

General

File type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {5BEA70BD-B5E4-40DD-8B1F-5C981F77F6D6}, Number of Words: 10, Subject: Strave App, Author: Triaox Completely Solutions, Name of Creating Application: Strave App, Template: x64;2057, Comments: This installer database contains the logic and data required to install Strave App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Mon Dec 30 15:33:06 2024, Last Saved Time/Date: Mon Dec 30 15:33:06 2024, Last Printed: Mon Dec 30 15:33:06 2024, Number of Pages: 450
Entropy (8bit):	7.214700363985255
TrID:	Windows SDK Setup Transform Script (63028/2) 88.73% Generic OLE2 / Multistream Compound File (8008/1) 11.27%
File name:	setup.msi
File size:	60'716'544 bytes
MD5:	3071ce4beeeb67a761ded31e9af3303e
SHA1:	0ae5392d7a1c2cef1a3d30363db0fefb86e64417
SHA256:	ee496f1691290fd1ae686421276bf631156b39a7f80b2c036e076f6df86f77bc
SHA512:	0cec1ee67f6b3d2a4886844352312642a8756bf05cb37d613763efab89848c6ec77548cdacd4219f4b7d356a17ef012909afe306ee2b7c3fa3e534f53c39afbd
SSDEEP:	1572864:/rWVmrjV7eIvnOTZXcak5wE7nTZh8MoF:T9Cc7XzVC5
TLSH:	67D76C01B3FA4148F2F75EB17EBA85A5947ABD521B30C0EF1244A60E1B71BC25BB1763
File Content Preview:	........................>............................................2..................................................................x......................................................................................................................

File Icon


Icon Hash:	2d2e3797b32b2b99

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-31T17:09:27.539371+0100	2829202	ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA	1	192.168.2.5	49704	188.114.97.3	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 31, 2024 17:09:27.009568930 CET	49704	443	192.168.2.5	188.114.97.3
Dec 31, 2024 17:09:27.009614944 CET	443	49704	188.114.97.3	192.168.2.5
Dec 31, 2024 17:09:27.009699106 CET	49704	443	192.168.2.5	188.114.97.3
Dec 31, 2024 17:09:27.012061119 CET	49704	443	192.168.2.5	188.114.97.3
Dec 31, 2024 17:09:27.012077093 CET	443	49704	188.114.97.3	192.168.2.5
Dec 31, 2024 17:09:27.493807077 CET	443	49704	188.114.97.3	192.168.2.5
Dec 31, 2024 17:09:27.494005919 CET	49704	443	192.168.2.5	188.114.97.3
Dec 31, 2024 17:09:27.536734104 CET	49704	443	192.168.2.5	188.114.97.3
Dec 31, 2024 17:09:27.536751986 CET	443	49704	188.114.97.3	192.168.2.5
Dec 31, 2024 17:09:27.537036896 CET	443	49704	188.114.97.3	192.168.2.5
Dec 31, 2024 17:09:27.537115097 CET	49704	443	192.168.2.5	188.114.97.3
Dec 31, 2024 17:09:27.539207935 CET	49704	443	192.168.2.5	188.114.97.3
Dec 31, 2024 17:09:27.539289951 CET	49704	443	192.168.2.5	188.114.97.3
Dec 31, 2024 17:09:27.539304018 CET	443	49704	188.114.97.3	192.168.2.5
Dec 31, 2024 17:09:27.994224072 CET	443	49704	188.114.97.3	192.168.2.5
Dec 31, 2024 17:09:27.994280100 CET	443	49704	188.114.97.3	192.168.2.5
Dec 31, 2024 17:09:27.994287968 CET	49704	443	192.168.2.5	188.114.97.3
Dec 31, 2024 17:09:27.994338989 CET	49704	443	192.168.2.5	188.114.97.3
Dec 31, 2024 17:09:27.994950056 CET	49704	443	192.168.2.5	188.114.97.3
Dec 31, 2024 17:09:27.994965076 CET	443	49704	188.114.97.3	192.168.2.5
Dec 31, 2024 17:09:27.994975090 CET	49704	443	192.168.2.5	188.114.97.3
Dec 31, 2024 17:09:27.995021105 CET	49704	443	192.168.2.5	188.114.97.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 31, 2024 17:09:26.994088888 CET	50596	53	192.168.2.5	1.1.1.1
Dec 31, 2024 17:09:27.004410982 CET	53	50596	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 31, 2024 17:09:26.994088888 CET	192.168.2.5	1.1.1.1	0x2389	Standard query (0)	kansascityseor.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 31, 2024 17:09:27.004410982 CET	1.1.1.1	192.168.2.5	0x2389	No error (0)	kansascityseor.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Dec 31, 2024 17:09:27.004410982 CET	1.1.1.1	192.168.2.5	0x2389	No error (0)	kansascityseor.com		188.114.96.3	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

kansascityseor.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	188.114.97.3	443	6008	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 16:09:27 UTC	196	OUT	POST /updater.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvancedInstaller Host: kansascityseor.com Content-Length: 71 Cache-Control: no-cache
2024-12-31 16:09:27 UTC	71	OUT	Data Raw: 44 61 74 65 3d 33 31 25 32 46 31 32 25 32 46 32 30 32 34 26 54 69 6d 65 3d 31 31 25 33 41 30 39 25 33 41 32 36 26 42 75 69 6c 64 56 65 72 73 69 6f 6e 3d 38 2e 39 2e 39 26 53 6f 72 6f 71 56 69 6e 73 3d 54 72 75 65 Data Ascii: Date=31%2F12%2F2024&Time=11%3A09%3A26&BuildVersion=8.9.9&SoroqVins=True
2024-12-31 16:09:27 UTC	833	IN	HTTP/1.1 500 Internal Server Error Date: Tue, 31 Dec 2024 16:09:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-store cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vCBthrg%2Bm0AfbRCqKTQHhHavkEzSBPhWEDafC2linTW3XRNzkR%2FIgPPZU6mca1n8BlWxlCmEfUl3baY2r6OZn1hwEJsVxLGEJZ2NdGuLwb5UaVfGDXZEvXlOyp4o8GtbfgHbUFI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fab88bb7811c33f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1667&min_rtt=1587&rtt_var=756&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2846&recv_bytes=927&delivery_rate=1309417&cwnd=235&unsent_bytes=0&cid=230e337337d2f216&ts=513&x=0"
2024-12-31 16:09:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	11:09:15
Start date:	31/12/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi"
Imagebase:	0x7ff7d6d60000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	11:09:15
Start date:	31/12/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\msiexec.exe /V
Imagebase:	0x7ff7d6d60000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	11:09:18
Start date:	31/12/2024
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding 43F1EC6987E12326EB8EEF7562076489
Imagebase:	0xcf0000
File size:	59'904 bytes
MD5 hash:	9D09DC1EDA745A5F87553048E57620CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	11:09:27
Start date:	31/12/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss8679.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi8676.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr8677.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr8678.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
Imagebase:	0x9b0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	11:09:27
Start date:	31/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	11:09:34
Start date:	31/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\suriqk.bat" "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe""
Imagebase:	0x7ff77d860000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	11:09:34
Start date:	31/12/2024
Path:	C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe"
Imagebase:	0x7ff7a8530000
File size:	57'488 bytes
MD5 hash:	71F796B486C7FAF25B9B16233A7CE0CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	11:09:34
Start date:	31/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	11:09:34
Start date:	31/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	11:09:34
Start date:	31/12/2024
Path:	C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe"
Imagebase:	0x7ff6ab240000
File size:	35'656 bytes
MD5 hash:	D3CAC4D7B35BACAE314F48C374452D71
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	11:09:34
Start date:	31/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Function 07401B50 Relevance: 4.0, Strings: 3, Instructions: 204COMMON

Download Yara Rule

Strings

$cq, xrefs: 07401C3E
$cq, xrefs: 07401BEB
$cq, xrefs: 07401C32

Memory Dump Source

Source File: 00000004.00000002.2186345563.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7400000_powershell.jbxd

Similarity

API ID:
String ID: $cq$$cq$$cq
API String ID: 0-2085107096
Opcode ID: d6d28fd84eb2868ab03b1ec8b1a312f423643a09f8786c65c8be06e4babb3fdf
Instruction ID: 258f097dbe894034efcebf85f3a1d8ed2c51d84f17f69be9adce18a9c36798a8
Opcode Fuzzy Hash: d6d28fd84eb2868ab03b1ec8b1a312f423643a09f8786c65c8be06e4babb3fdf
Instruction Fuzzy Hash: 8761FEB170824E9FDB249F68D8406AFBBE6AF85310F14807BE4558B392DB31D941CBE1

Function 07401B37 Relevance: 2.6, Strings: 2, Instructions: 109COMMON

Download Yara Rule

Strings

$cq, xrefs: 07401BEB
$cq, xrefs: 07401C32

Memory Dump Source

Source File: 00000004.00000002.2186345563.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7400000_powershell.jbxd

Similarity

API ID:
String ID: $cq$$cq
API String ID: 0-2695052418
Opcode ID: 3a08add1f8107001abd7a16c5d65e28a3a361272c3ae6262e512fa4e0f8f0724
Instruction ID: 0e7da1f317cdb1dc2f72fca735333266775eb5fdcb28d174d71348ecc83b9fa1
Opcode Fuzzy Hash: 3a08add1f8107001abd7a16c5d65e28a3a361272c3ae6262e512fa4e0f8f0724
Instruction Fuzzy Hash: CA418EF1A0824E9FDB258E64D540AEB7BF5AF41311F5880BBD4048B2D2E334C945CBE1

Function 04578460 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2181691838.0000000004570000.00000040.00000800.00020000.00000000.sdmp, Offset: 04570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4570000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7b1b50706fe842f5244e143343c256608fde583f43eb43b06d0da3e7b9480ef
Instruction ID: b66a6b358209fa99ee658d2ee5426c1ab0f13ad0de922d0dec7778b4acf5390e
Opcode Fuzzy Hash: f7b1b50706fe842f5244e143343c256608fde583f43eb43b06d0da3e7b9480ef
Instruction Fuzzy Hash: 8DA18131E002099FDB14EFA5E948A9DBBB2FF84350F258568E406AF355DB38BD49DB40

Function 04573BF8 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2181691838.0000000004570000.00000040.00000800.00020000.00000000.sdmp, Offset: 04570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4570000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: debf6bc477ab6b87cba823b7dc9844f85b7ce30115a20421e50a42173696c3fb
Instruction ID: c1a39e71bd05af0e7415e5d6c86d82d82b08439df0c1057431646f6c00209403
Opcode Fuzzy Hash: debf6bc477ab6b87cba823b7dc9844f85b7ce30115a20421e50a42173696c3fb
Instruction Fuzzy Hash: 00A1CD70A042498FCB06CF58D8949EEBBB1FF49320B2586A6D8549B3A5C735FC45CBA0

Function 04578BB0 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2181691838.0000000004570000.00000040.00000800.00020000.00000000.sdmp, Offset: 04570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4570000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ab34c401055d1734ab101b503640745846ce4dec3ac9fe05cc4ba4504aa223
Instruction ID: e19efa831adb74b8ad51ecea96c30910d33b9d8782b26b8ea046457219edca39
Opcode Fuzzy Hash: d8ab34c401055d1734ab101b503640745846ce4dec3ac9fe05cc4ba4504aa223
Instruction Fuzzy Hash: 0D71B070A00209CFDB14DF68E888A9EBBF6FF85314F24857AE415DB651DB35AC45CB90

Function 04578D1E Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2181691838.0000000004570000.00000040.00000800.00020000.00000000.sdmp, Offset: 04570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4570000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c447bd2176acb83af47545536af0e54530a377bd23a95cab05cddad67d62301
Instruction ID: 66a742bd2856e5c4b142f06dc231eada68dc0d926762b88afd0b74004e95d8ec
Opcode Fuzzy Hash: 3c447bd2176acb83af47545536af0e54530a377bd23a95cab05cddad67d62301
Instruction Fuzzy Hash: 57717070E00209DFDB14EFA4E498AADBBF6FF88314F258429D412AB291DF34AC45DB51

Function 04578941 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2181691838.0000000004570000.00000040.00000800.00020000.00000000.sdmp, Offset: 04570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4570000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f512552956f72712f4211141dbc4dd5b80c50ddbd04eb58cf7200ec9681c33d3
Instruction ID: 907ba0c1bed04277695658e1f57345ef415a937558e047e2f9bb1ea24c04afb1
Opcode Fuzzy Hash: f512552956f72712f4211141dbc4dd5b80c50ddbd04eb58cf7200ec9681c33d3
Instruction Fuzzy Hash: 1A418E757002049FEB14EF24E459AAE7BB2FF89750F284469E506EB7A0CF34AC41DB50

Function 04578B9B Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2181691838.0000000004570000.00000040.00000800.00020000.00000000.sdmp, Offset: 04570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4570000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d09594e763c2d7a00322802917906e4315be458010e6ea0619fa38dbb247343d
Instruction ID: dae08d5b1317cc0fc35427c40d3b6eb9b7e81ddc022b34fccf50341919bc1da4
Opcode Fuzzy Hash: d09594e763c2d7a00322802917906e4315be458010e6ea0619fa38dbb247343d
Instruction Fuzzy Hash: 7E418E70A002499FDB14DFA9D49869DBBF2FF85310F248479D006AB751DB746C85CB50

Function 02DCD01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2181425723.0000000002DCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DCD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2dcd000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 980654424e3b757acaf6886ca75da729c67c6b20a4ecbb0b371e5eeac3bc43ce
Instruction ID: 4396bd1aabf41bb1dd284f09ce6f6d28512bff6c4c3a661ae112b980abf647cf
Opcode Fuzzy Hash: 980654424e3b757acaf6886ca75da729c67c6b20a4ecbb0b371e5eeac3bc43ce
Instruction Fuzzy Hash: 3701DF714083029AE7208A29DC84B67BFA8DF41334F38C52EEC480B242C3789C46DAB1

Function 02DCD005 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2181425723.0000000002DCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DCD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2dcd000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf207ea873d6b87d75f915d7347ce33dfb1f25433776bff84cd447549315e8e7
Instruction ID: 0e8e4cd5a9400096d9e2391753ba98970157ed756dc5099c7dece812d30ce251
Opcode Fuzzy Hash: cf207ea873d6b87d75f915d7347ce33dfb1f25433776bff84cd447549315e8e7
Instruction Fuzzy Hash: C3014C6140E3C05ED7128B258C94B62BFB4DF43224F2DC1DBD8888F2A3C2695849DB72

Function 045788D5 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2181691838.0000000004570000.00000040.00000800.00020000.00000000.sdmp, Offset: 04570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4570000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bed9786a787f93692af9f7255250210e6c20970f5c0bcdd8bec19752fd208651
Instruction ID: 5325879a604927eaada53aca21fa9fa9913a8104aa17ca6efac6fdc8a66bbb5f
Opcode Fuzzy Hash: bed9786a787f93692af9f7255250210e6c20970f5c0bcdd8bec19752fd208651
Instruction Fuzzy Hash: 47F01270B402069FDB14DBA4D565B5E77B2EF40340F208914E5019F295DB786D449B90

Non-executed Functions

Function 07401658 Relevance: 15.3, Strings: 12, Instructions: 265COMMON

Download Yara Rule

Strings

84Wk, xrefs: 074017E0
Ok, xrefs: 0740174D
$cq, xrefs: 0740169C
$cq, xrefs: 0740166A
Ok, xrefs: 0740173F
tPcq, xrefs: 07401843
$cq, xrefs: 07401690
$cq, xrefs: 074017B4
tPcq, xrefs: 07401837
tPcq, xrefs: 074016D5
tPcq, xrefs: 074016E1
84Wk, xrefs: 074017EA

Memory Dump Source

Source File: 00000004.00000002.2186345563.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7400000_powershell.jbxd

Similarity

API ID:
String ID: 84Wk$84Wk$tPcq$tPcq$tPcq$tPcq$$cq$$cq$$cq$$cq$Ok$Ok
API String ID: 0-2469481553
Opcode ID: 28b1dcf6ac7988744574120e050f49541c678b3806d18a4d2eb1cdab2f2492fa
Instruction ID: a1835f748d717ef45fde271b58b128edcc51515d2a3c88ca08b6fcd27bff63c6
Opcode Fuzzy Hash: 28b1dcf6ac7988744574120e050f49541c678b3806d18a4d2eb1cdab2f2492fa
Instruction Fuzzy Hash: 588139B570424A9FD7259B6898006AFBBE6EF85320F1880BBD544CB3D2CA31CC41C7E2

Function 07400898 Relevance: 10.2, Strings: 8, Instructions: 183COMMON

Download Yara Rule

Strings

$cq, xrefs: 07400A62
$cq, xrefs: 0740091D
$cq, xrefs: 07400A56
4'cq, xrefs: 07400947
$cq, xrefs: 07400A3E
4'cq, xrefs: 07400953
$cq, xrefs: 07400929
$cq, xrefs: 074008EF

Memory Dump Source

Source File: 00000004.00000002.2186345563.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7400000_powershell.jbxd

Similarity

API ID:
String ID: 4'cq$4'cq$$cq$$cq$$cq$$cq$$cq$$cq
API String ID: 0-1968672451
Opcode ID: 7f4d4a6493ea0ddea06037746ff86943b82be9a7e428f1e21b43e00486c3d971
Instruction ID: 4cd5c8455926e3ec07385d3ae2a2461659d44dc61fea9c95850c663646021c67
Opcode Fuzzy Hash: 7f4d4a6493ea0ddea06037746ff86943b82be9a7e428f1e21b43e00486c3d971
Instruction Fuzzy Hash: BF5105B57142068FDB258A6998007EBBBA2EBD6220F24807BD545873E1DA35C952CBE1

Function 07400E88 Relevance: 6.3, Strings: 5, Instructions: 79COMMON

Download Yara Rule

Strings

$cq, xrefs: 07400F00
$cq, xrefs: 07400F0C
$cq, xrefs: 07400ECB
4Vk, xrefs: 07400F3E
4Vk, xrefs: 07400F30

Memory Dump Source

Source File: 00000004.00000002.2186345563.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7400000_powershell.jbxd

Similarity

API ID:
String ID: 4Vk$4Vk$$cq$$cq$$cq
API String ID: 0-1381115774
Opcode ID: da72119164cbfc7cb5e8b1117e5b04483126ab68e586a19aa61e1ad6ffd5c2dd
Instruction ID: 68d32321bb309072c9536aedba4447597ac00f76e94d28f1cb1f50217aecc3b6
Opcode Fuzzy Hash: da72119164cbfc7cb5e8b1117e5b04483126ab68e586a19aa61e1ad6ffd5c2dd
Instruction Fuzzy Hash: 2011D5F13242069FDB249669A8107FB66D68BC1661B14843BD505D63E2DF76C842D3F1

Function 074004D3 Relevance: 5.0, Strings: 4, Instructions: 45COMMON

Download Yara Rule

Strings

$cq, xrefs: 07400526
4'cq, xrefs: 0740053B
$cq, xrefs: 0740051A
4'cq, xrefs: 07400547

Memory Dump Source

Source File: 00000004.00000002.2186345563.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7400000_powershell.jbxd

Similarity

API ID:
String ID: 4'cq$4'cq$$cq$$cq
API String ID: 0-1126079151
Opcode ID: cb4e8d483a99e66eb0ebb70613e3304c0ed8fc942d464e4b7ff9ac221740224e
Instruction ID: db1d2a255c3d39d35e578d61dd2bac1ad0b95a2d7e18508e427ea0406471e2b2
Opcode Fuzzy Hash: cb4e8d483a99e66eb0ebb70613e3304c0ed8fc942d464e4b7ff9ac221740224e
Instruction Fuzzy Hash: EA0184A170D3864FD717622828202A66FB35FC315076A00DBC081CB2E3CD258D4687E3

Analysis Process: createdump.exePID: 6660, Parent PID: 1476COMMON

Execution Graph

Execution Coverage:	3.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.7%
Total number of Nodes:	701
Total number of Limit Nodes:	1

Executed Functions

Function 00007FF7A8531060 Relevance: 65.0, APIs: 13, Strings: 24, Instructions: 214
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7A853112F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7A853115B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7A8531187
strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7A8531230
atoi.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF7A853123C
GetTempPathA.KERNEL32 ref: 00007FF7A85312C1
GetLastError.KERNEL32 ref: 00007FF7A85312CB
GetLastError.KERNEL32 ref: 00007FF7A85312DF
strcat_s.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7A85312F8
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A8531350
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A8531359
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A8531364
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A853136D

Strings

triage minidump, xrefs: 00007FF7A8531247
--normal, xrefs: 00007FF7A8531125
--verbose, xrefs: 00007FF7A8531226
-, xrefs: 00007FF7A85310DC
GetTempPath failed (0x%08x), xrefs: 00007FF7A85312D3
-, xrefs: 00007FF7A85311D7
--diag, xrefs: 00007FF7A85311EF
--withheap, xrefs: 00007FF7A8531151
dump.%p.dmp, xrefs: 00007FF7A85312E9
-, xrefs: 00007FF7A8531168
createdump [options] pid-f, --name - dump path and file name. The default is '%TEMP%\dump.%p.dmp'. These specifiers are substituted with following values: %p PID of dumped process. %e The process executable filename. %h Hostname return by gethostn, xrefs: 00007FF7A8531386
minidump with heap, xrefs: 00007FF7A853107C, 00007FF7A85310BF
strcat_s failed (%d), xrefs: 00007FF7A8531306
Dump successfully written, xrefs: 00007FF7A8531338
--name, xrefs: 00007FF7A85310B8
-, xrefs: 00007FF7A8531110
--triage, xrefs: 00007FF7A853117D
minidump, xrefs: 00007FF7A8531267
-, xrefs: 00007FF7A8531215
full dump, xrefs: 00007FF7A85311C3
v, xrefs: 00007FF7A853121A
-, xrefs: 00007FF7A8531194
-, xrefs: 00007FF7A853113C
--full, xrefs: 00007FF7A85311A8

Memory Dump Source

Source File: 00000008.00000002.2237550277.00007FF7A8531000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A8530000, based on PE: true

Associated: 00000008.00000002.2237527134.00007FF7A8530000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237616407.00007FF7A853C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237637092.00007FF7A853D000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a8530000_createdump.jbxd

Similarity

API ID: strcmp$ErrorLast__acrt_iob_funcfflush$PathTempatoistrcat_s
String ID: -$-$-$-$-$-$-$--diag$--full$--name$--normal$--triage$--verbose$--withheap$Dump successfully written$GetTempPath failed (0x%08x)$createdump [options] pid-f, --name - dump path and file name. The default is '%TEMP%\dump.%p.dmp'. These specifiers are substituted with following values: %p PID of dumped process. %e The process executable filename. %h Hostname return by gethostn$dump.%p.dmp$full dump$minidump$minidump with heap$strcat_s failed (%d)$triage minidump$v
API String ID: 2647627392-2367407095
Opcode ID: 3e8843d71ddd811f5735ae345386871f6517bdd5673e2455e3aa9b185965a2cd
Instruction ID: c1931ca9edb910b9e66d773f6855d80b7e389f5451cf9de23b4d3f0bcbce3c91
Opcode Fuzzy Hash: 3e8843d71ddd811f5735ae345386871f6517bdd5673e2455e3aa9b185965a2cd
Instruction Fuzzy Hash: 7DA1A061D4E78241FF69AB31E4202B9E7A0EF46794F8A4131ED8E526B5DE3CE445C328

Function 00007FF7A85327EC Relevance: 13.6, APIs: 9, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__scrt_initialize_crt.LIBCMT ref: 00007FF7A8532800

Part of subcall function 00007FF7A8532B8C: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF7A8532BAE

__scrt_release_startup_lock.LIBCMT ref: 00007FF7A8532883
_register_thread_local_exe_atexit_callback.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7A85328D1
_get_initial_narrow_environment.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7A85328D6
__p___argv.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7A85328DE
__p___argc.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7A85328E6
__scrt_is_managed_app.LIBCMT ref: 00007FF7A85328FA
_cexit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7A8532908
_exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7A8532962

Memory Dump Source

Source File: 00000008.00000002.2237550277.00007FF7A8531000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A8530000, based on PE: true

Associated: 00000008.00000002.2237527134.00007FF7A8530000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237616407.00007FF7A853C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237637092.00007FF7A853D000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a8530000_createdump.jbxd

Similarity

API ID: __p___argc__p___argv__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock_cexit_exit_get_initial_narrow_environment_register_thread_local_exe_atexit_callback
String ID:
API String ID: 2308368977-0
Opcode ID: 5a9b20bb9eaae0def914decdfc47a4fcc48693c8541f2657ef11ecffac799aa6
Instruction ID: e8a884988a79dd448b1a9dd0b742792e67f2052ab2105511c7ff2ff53381fb29
Opcode Fuzzy Hash: 5a9b20bb9eaae0def914decdfc47a4fcc48693c8541f2657ef11ecffac799aa6
Instruction Fuzzy Hash: CE312921A0EA0641FB1CBB24E4313B9E291EF45785FC65038EE6D472B3CE2CA8458278

Function 00007FF7A8531450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 34
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A8531475
fprintf.MSPDB140-MSVCRT ref: 00007FF7A8531485

Part of subcall function 00007FF7A8531010: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A8531047

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A8531494
__stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A85314B3
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A85314BE
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A85314C7

Strings

[createdump] , xrefs: 00007FF7A853147E

Memory Dump Source

Source File: 00000008.00000002.2237550277.00007FF7A8531000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A8530000, based on PE: true

Associated: 00000008.00000002.2237527134.00007FF7A8530000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237616407.00007FF7A853C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237637092.00007FF7A853D000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a8530000_createdump.jbxd

Similarity

API ID: __acrt_iob_func$__stdio_common_vfprintf$fflushfprintf
String ID: [createdump]
API String ID: 3735572767-2657508301
Opcode ID: f7b41b5d75985a22341ebafe60962d777547180dfe076665e84a48d8af4ee52e
Instruction ID: c7a843598a567dc4f8683c1e8b33124cb6d99f96eeba3a5b7ef04df21fdc1f51
Opcode Fuzzy Hash: f7b41b5d75985a22341ebafe60962d777547180dfe076665e84a48d8af4ee52e
Instruction Fuzzy Hash: 7A014B29A09B8182EB0CAB51F82526AE364FB84BD2F804539EE8D13775DF7CD465C714

Non-executed Functions

Function 00007FF7A8532ECC Relevance: 10.6, APIs: 7, Instructions: 72
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF7A8532EE8
RtlCaptureContext.KERNEL32 ref: 00007FF7A8532F15
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF7A8532F2F
RtlVirtualUnwind.KERNEL32 ref: 00007FF7A8532F70
IsDebuggerPresent.KERNEL32 ref: 00007FF7A8532FC4
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF7A8532FE5
UnhandledExceptionFilter.KERNEL32 ref: 00007FF7A8532FF0

Memory Dump Source

Source File: 00000008.00000002.2237550277.00007FF7A8531000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A8530000, based on PE: true

Associated: 00000008.00000002.2237527134.00007FF7A8530000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237616407.00007FF7A853C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237637092.00007FF7A853D000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a8530000_createdump.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 92083fc3b2590fb7f42fdf2bff26a09e0be32edceb9cda99800bf26d983c5eac
Instruction ID: 36dd684e8ff915de28faf377d8f0e886435e476f46caeba0d7a963fa756c5542
Opcode Fuzzy Hash: 92083fc3b2590fb7f42fdf2bff26a09e0be32edceb9cda99800bf26d983c5eac
Instruction Fuzzy Hash: 82317276609B8186EB689F60E8503EDB361FB44744F814039DA4E47BA4EF38D548C724

Function 00007FF7A8533074 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2237550277.00007FF7A8531000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A8530000, based on PE: true

Associated: 00000008.00000002.2237527134.00007FF7A8530000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237616407.00007FF7A853C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237637092.00007FF7A853D000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a8530000_createdump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c8a5ce5a61a9accbe9d72245b7862f6c7c599a8b634bc8698eb0ff17e984138
Instruction ID: 4abc2bb0b33b336b71b25d711e397c88164876536b80d8aac7ba78c85291fc4a
Opcode Fuzzy Hash: 8c8a5ce5a61a9accbe9d72245b7862f6c7c599a8b634bc8698eb0ff17e984138
Instruction Fuzzy Hash: 0FA0022990EC02D0E74CAB50F9B4171E330FB50300BC21431D80D810B0EF3CA458C328

Function 00007FF7A85323C0 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 157
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7A853242D
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7A853243B

Part of subcall function 00007FF7A8531450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A8531475
Part of subcall function 00007FF7A8531450: fprintf.MSPDB140-MSVCRT ref: 00007FF7A8531485
Part of subcall function 00007FF7A8531450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A8531494
Part of subcall function 00007FF7A8531450: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A85314B3
Part of subcall function 00007FF7A8531450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A85314BE
Part of subcall function 00007FF7A8531450: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A85314C7

K32GetModuleBaseNameA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7A8532466
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7A8532470
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7A8532487
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7A85325F3

Strings

Invalid dump path '%s' error %d, xrefs: 00007FF7A853252C
Get process name FAILED %d, xrefs: 00007FF7A8532478
Writing %s to file %s, xrefs: 00007FF7A85324C3
Write dump FAILED 0x%08x, xrefs: 00007FF7A853258E
Invalid process id '%d' error %d, xrefs: 00007FF7A8532447

Memory Dump Source

Source File: 00000008.00000002.2237550277.00007FF7A8531000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A8530000, based on PE: true

Associated: 00000008.00000002.2237527134.00007FF7A8530000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237616407.00007FF7A853C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237637092.00007FF7A853D000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a8530000_createdump.jbxd

Similarity

API ID: __acrt_iob_func$ErrorLast$BaseCloseHandleModuleNameOpenProcess__stdio_common_vfprintf_invalid_parameter_noinfo_noreturnfflushfprintf
String ID: Get process name FAILED %d$Invalid dump path '%s' error %d$Invalid process id '%d' error %d$Write dump FAILED 0x%08x$Writing %s to file %s
API String ID: 3971781330-1292085346
Opcode ID: 8ec448eeb6e8f02312a1538d84a3c8dfc991fc7cafdc13e8cd0ded943aea62a7
Instruction ID: 335ddd9bab87a02b11e0737245d520bb651b816a052397c21790d9003dc005e4
Opcode Fuzzy Hash: 8ec448eeb6e8f02312a1538d84a3c8dfc991fc7cafdc13e8cd0ded943aea62a7
Instruction Fuzzy Hash: D561C335A0EA4182EB1CAB11E46067EF761FB85791F910130EEAE47AB5CF3CE445C728

Function 00007FF7A85349A4 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 316
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF7A8534B42
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF7A8534E65
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7A8534E7B
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7A8534E93
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7A8534E99

Strings

csm, xrefs: 00007FF7A8534AEB
csm, xrefs: 00007FF7A8534B69
csm, xrefs: 00007FF7A8534A89

Memory Dump Source

Source File: 00000008.00000002.2237550277.00007FF7A8531000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A8530000, based on PE: true

Associated: 00000008.00000002.2237527134.00007FF7A8530000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237616407.00007FF7A853C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237637092.00007FF7A853D000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a8530000_createdump.jbxd

Similarity

API ID: terminate$Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 695522112-393685449
Opcode ID: b33eca4017884e99d2f222704934a1d2e619e74398d1b95ed41b8d3f9756be10
Instruction ID: 6d66033a7c4a306d2e09d92e6eba12ef48ef3fa7939878abaaa0c1d56ffa222a
Opcode Fuzzy Hash: b33eca4017884e99d2f222704934a1d2e619e74398d1b95ed41b8d3f9756be10
Instruction Fuzzy Hash: 20E1E2329097828AEB18EF24D4A03ADFBA0FB54748F924135DE8D477A5DF38E081C714

Function 00007FF7A85313C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 34
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A85313E5
fprintf.MSPDB140-MSVCRT ref: 00007FF7A85313F5

Part of subcall function 00007FF7A8531010: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A8531047

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A8531404
__stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A8531423
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A853142E
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A8531437

Strings

[createdump] , xrefs: 00007FF7A85313EE

Memory Dump Source

Source File: 00000008.00000002.2237550277.00007FF7A8531000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A8530000, based on PE: true

Associated: 00000008.00000002.2237527134.00007FF7A8530000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237616407.00007FF7A853C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237637092.00007FF7A853D000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a8530000_createdump.jbxd

Similarity

API ID: __acrt_iob_func$__stdio_common_vfprintf$fflushfprintf
String ID: [createdump]
API String ID: 3735572767-2657508301
Opcode ID: 5b675bc39e039bc525fd467c26ca74d7b5bd1981a0b88a155956b168aee24ed4
Instruction ID: b7e6d6b2f3991056bdc8e36b2023857095bb53a523c47fd8dbc79c1ba698f993
Opcode Fuzzy Hash: 5b675bc39e039bc525fd467c26ca74d7b5bd1981a0b88a155956b168aee24ed4
Instruction Fuzzy Hash: 7A014B39A09B8182EB0CAB51F8242AAE360FB84BD2F804135EE8D13775DF7CD4A5C754

Function 00007FF7A8531800 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 92
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32 ref: 00007FF7A853186C

Part of subcall function 00007FF7A8531450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A8531475
Part of subcall function 00007FF7A8531450: fprintf.MSPDB140-MSVCRT ref: 00007FF7A8531485
Part of subcall function 00007FF7A8531450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A8531494
Part of subcall function 00007FF7A8531450: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A85314B3
Part of subcall function 00007FF7A8531450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A85314BE
Part of subcall function 00007FF7A8531450: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A85314C7

Strings

Invalid dump name format char '%c', xrefs: 00007FF7A8531DD0
--name, xrefs: 00007FF7A853180A
%%%%%%%%, xrefs: 00007FF7A8531D5C
%%%%%%%%, xrefs: 00007FF7A8531890
Pipe syntax in dump name not supported, xrefs: 00007FF7A8531850

Memory Dump Source

Source File: 00000008.00000002.2237550277.00007FF7A8531000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A8530000, based on PE: true

Associated: 00000008.00000002.2237527134.00007FF7A8530000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237616407.00007FF7A853C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237637092.00007FF7A853D000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a8530000_createdump.jbxd

Similarity

API ID: __acrt_iob_func$Startup__stdio_common_vfprintffflushfprintf
String ID: %%%%%%%%$%%%%%%%%$--name$Invalid dump name format char '%c'$Pipe syntax in dump name not supported
API String ID: 3378602911-3973674938
Opcode ID: 6d691e12a95190b73438bc01f861d361a60469c0dc3d28550e2b0afd423a51ff
Instruction ID: 818e406b53e3d8edb310c3210fd13b6221fc3284b80af75dc1dadb8b8d6474b8
Opcode Fuzzy Hash: 6d691e12a95190b73438bc01f861d361a60469c0dc3d28550e2b0afd423a51ff
Instruction Fuzzy Hash: EE31E462E09A8186E75DAF25D8647F9E751FB46384FC60072EE8D032A1CF3CD145C328

Function 00007FF7A8536498 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(00000000,?,00000000,00007FF7A853669F,?,?,?,00007FF7A853441E,?,?,?,00007FF7A85343D9), ref: 00007FF7A853651D
GetLastError.KERNEL32(?,00000000,00007FF7A853669F,?,?,?,00007FF7A853441E,?,?,?,00007FF7A85343D9,?,?,?,?,00007FF7A8533524), ref: 00007FF7A853652B
LoadLibraryExW.KERNEL32(?,00000000,00007FF7A853669F,?,?,?,00007FF7A853441E,?,?,?,00007FF7A85343D9,?,?,?,?,00007FF7A8533524), ref: 00007FF7A8536555
FreeLibrary.KERNEL32(?,00000000,00007FF7A853669F,?,?,?,00007FF7A853441E,?,?,?,00007FF7A85343D9,?,?,?,?,00007FF7A8533524), ref: 00007FF7A853659B
GetProcAddress.KERNEL32(?,00000000,00007FF7A853669F,?,?,?,00007FF7A853441E,?,?,?,00007FF7A85343D9,?,?,?,?,00007FF7A8533524), ref: 00007FF7A85365A7

Strings

api-ms-, xrefs: 00007FF7A853653D

Memory Dump Source

Source File: 00000008.00000002.2237550277.00007FF7A8531000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A8530000, based on PE: true

Associated: 00000008.00000002.2237527134.00007FF7A8530000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237616407.00007FF7A853C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237637092.00007FF7A853D000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a8530000_createdump.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 91eaabdab86b5d7484fb536d38c8d26551698fbc6984510a5f5d6d43d06b7795
Instruction ID: 48780c53d9c30f760f83c410459167f423993244988e206bec0d5b6e6cfa3af6
Opcode Fuzzy Hash: 91eaabdab86b5d7484fb536d38c8d26551698fbc6984510a5f5d6d43d06b7795
Instruction Fuzzy Hash: 2D317071A1B64292EF1EBB12D820575E2D4FF48BA1FDA4638DD1D463A4EF3CE4448328

Function 00007FF7A8531B18 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 149
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF7A8531B1D

Strings

Could not get the host name for dump name: %d, xrefs: 00007FF7A8531DB2
%%%%%%%%, xrefs: 00007FF7A8531D5C

Memory Dump Source

Source File: 00000008.00000002.2237550277.00007FF7A8531000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A8530000, based on PE: true

Associated: 00000008.00000002.2237527134.00007FF7A8530000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237616407.00007FF7A853C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237637092.00007FF7A853D000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a8530000_createdump.jbxd

Similarity

API ID: _time64
String ID: %%%%%%%%$Could not get the host name for dump name: %d
API String ID: 1670930206-4114407318
Opcode ID: 30f253d6cb86930f70187238c9af70fef4a32202514a54efb800f102df6d23dc
Instruction ID: 63376e4ca644f160b8cbcf143688a8822c9aae1eb6efc0fc4804584394514154
Opcode Fuzzy Hash: 30f253d6cb86930f70187238c9af70fef4a32202514a54efb800f102df6d23dc
Instruction Fuzzy Hash: 1B51E362E19B8186EB089B38D4603A9EBA4EB417D0F810135EE9D13BB9DF3CD041D354

Function 00007FF7A8534EA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EncodePointer.KERNEL32 ref: 00007FF7A8534F10
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7A8535189

Strings

MOC, xrefs: 00007FF7A8534F24
RCC, xrefs: 00007FF7A8534F2C

Memory Dump Source

Source File: 00000008.00000002.2237550277.00007FF7A8531000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A8530000, based on PE: true

Associated: 00000008.00000002.2237527134.00007FF7A8530000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237616407.00007FF7A853C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237637092.00007FF7A853D000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a8530000_createdump.jbxd

Similarity

API ID: EncodePointerabort
String ID: MOC$RCC
API String ID: 1188231555-2084237596
Opcode ID: 97abe66515cb1414aeefc8003222462485e27fa84eefc4111ad6d0138f6fd2ea
Instruction ID: 09d11af458880b5cde22bdd81e616f90dbf4872e04af110eb270512b59729865
Opcode Fuzzy Hash: 97abe66515cb1414aeefc8003222462485e27fa84eefc4111ad6d0138f6fd2ea
Instruction Fuzzy Hash: 9D91D073A09B828AE714EB65E8942ADFBB0FB44788F554129EE8D07764DF3CD195C700

Function 00007FF7A8535414 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF7A853543E
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7A85356A2

Strings

csm, xrefs: 00007FF7A8535463
csm, xrefs: 00007FF7A85355D2

Memory Dump Source

Source File: 00000008.00000002.2237550277.00007FF7A8531000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A8530000, based on PE: true

Associated: 00000008.00000002.2237527134.00007FF7A8530000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237616407.00007FF7A853C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237637092.00007FF7A853D000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a8530000_createdump.jbxd

Similarity

API ID: __except_validate_context_recordabort
String ID: csm$csm
API String ID: 746414643-3733052814
Opcode ID: 1056e810e0031d83590426beccc43492b2f2866ca19cabfb7471893f0b3bcd0b
Instruction ID: 70b43a25d6de3b2ad34b76bbb61d7f277c8949ab23765fdc0a52fc20227353cd
Opcode Fuzzy Hash: 1056e810e0031d83590426beccc43492b2f2866ca19cabfb7471893f0b3bcd0b
Instruction Fuzzy Hash: 3271067250A6828AD729AF21D06437DFBA0FB00B89F869131DE8D07BA5CF3CD560C714

Function 00007FF7A853195F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Could not get the host name for dump name: %d, xrefs: 00007FF7A8531DB2
%%%%%%%%, xrefs: 00007FF7A8531D5C

Memory Dump Source

Source File: 00000008.00000002.2237550277.00007FF7A8531000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A8530000, based on PE: true

Associated: 00000008.00000002.2237527134.00007FF7A8530000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237616407.00007FF7A853C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237637092.00007FF7A853D000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a8530000_createdump.jbxd

Similarity

API ID:
String ID: %%%%%%%%$Could not get the host name for dump name: %d
API String ID: 0-4114407318
Opcode ID: 3a1402493b52144332fc7ef885a246e0bef5bb5eddb931c8bdeb75c83dbb8659
Instruction ID: 8defd601241182c2a96fa6a05af23d6549e9ac44b452fd13d61887712cb9d915
Opcode Fuzzy Hash: 3a1402493b52144332fc7ef885a246e0bef5bb5eddb931c8bdeb75c83dbb8659
Instruction Fuzzy Hash: 1651E222E19B8586E708DB39E4A07AAE7A1EB817D0F810135EE9D13BB9CF3DD041D754

Function 00007FF7A8535860 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF7A853590A
_CreateFrameInfo.LIBVCRUNTIME ref: 00007FF7A8535936

Strings

csm, xrefs: 00007FF7A8535A36

Memory Dump Source

Source File: 00000008.00000002.2237550277.00007FF7A8531000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A8530000, based on PE: true

Associated: 00000008.00000002.2237527134.00007FF7A8530000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237616407.00007FF7A853C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237637092.00007FF7A853D000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a8530000_createdump.jbxd

Similarity

API ID: CreateFrameInfo__except_validate_context_record
String ID: csm
API String ID: 2558813199-1018135373
Opcode ID: 08459d2de849ea082ca6f7467207d0873ef5a0572d3180cf677e49d91fe67cef
Instruction ID: 401056d0ec65fab7887ae80a654617528cd0e1bc372e07f3cc1063b6868c6d59
Opcode Fuzzy Hash: 08459d2de849ea082ca6f7467207d0873ef5a0572d3180cf677e49d91fe67cef
Instruction Fuzzy Hash: 62517B3261A74286E724AB16E0502AEF7B4FB99B90F451134EF8D07B65CF78E0A0CB54

Function 00007FF7A85317E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 59networkCOMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF7A85317EB
WSAStartup.WS2_32 ref: 00007FF7A853186C

Part of subcall function 00007FF7A8531450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A8531475
Part of subcall function 00007FF7A8531450: fprintf.MSPDB140-MSVCRT ref: 00007FF7A8531485
Part of subcall function 00007FF7A8531450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A8531494
Part of subcall function 00007FF7A8531450: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A85314B3
Part of subcall function 00007FF7A8531450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A85314BE
Part of subcall function 00007FF7A8531450: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7A85314C7

Strings

--name, xrefs: 00007FF7A853180A
Pipe syntax in dump name not supported, xrefs: 00007FF7A8531850
string too long, xrefs: 00007FF7A85317E4

Memory Dump Source

Source File: 00000008.00000002.2237550277.00007FF7A8531000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A8530000, based on PE: true

Associated: 00000008.00000002.2237527134.00007FF7A8530000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237616407.00007FF7A853C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237637092.00007FF7A853D000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a8530000_createdump.jbxd

Similarity

API ID: __acrt_iob_func$StartupXinvalid_argument__stdio_common_vfprintffflushfprintfstd::_
String ID: --name$Pipe syntax in dump name not supported$string too long
API String ID: 1412700758-3183687674
Opcode ID: 937e6b2c28cea08e1eee527b5bf6a7363096d6cc0634c1c423fcc3cad23f2144
Instruction ID: 583bf1d17df8e2daa64098037d0a0f3a87fbb6c23958ba1b1322ace0a9b360b9
Opcode Fuzzy Hash: 937e6b2c28cea08e1eee527b5bf6a7363096d6cc0634c1c423fcc3cad23f2144
Instruction Fuzzy Hash: DA01B122A199C195F769AF22ECA17EAE350FB89798F810036EE4C06661CE3CD486C714

Function 00007FF7A8531CE0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54networkCOMMON

Download Yara Rule

APIs

gethostname.WS2_32 ref: 00007FF7A8531CFA
WSAGetLastError.WS2_32 ref: 00007FF7A8531DA9

Strings

Could not get the host name for dump name: %d, xrefs: 00007FF7A8531DB2
%%%%%%%%, xrefs: 00007FF7A8531D5C

Memory Dump Source

Source File: 00000008.00000002.2237550277.00007FF7A8531000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A8530000, based on PE: true

Associated: 00000008.00000002.2237527134.00007FF7A8530000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237616407.00007FF7A853C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237637092.00007FF7A853D000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a8530000_createdump.jbxd

Similarity

API ID: ErrorLastgethostname
String ID: %%%%%%%%$Could not get the host name for dump name: %d
API String ID: 3782448640-4114407318
Opcode ID: 320cb389b9e396755b8a5578c83a0b73153155c3fa84c5d330cc0819ada1fb95
Instruction ID: 0312ca553da64cc9f6c3830511cbab23d444da6c98c2671162cce7bc8d28a1fd
Opcode Fuzzy Hash: 320cb389b9e396755b8a5578c83a0b73153155c3fa84c5d330cc0819ada1fb95
Instruction Fuzzy Hash: 3B119411E0AA4245E74DBB21E8707BAE250DF867A5FC21535EDAF172F6DE3CD0428368

Function 00007FF7A8534158 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON

Download Yara Rule

APIs

terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7A85341B8

Strings

RCC, xrefs: 00007FF7A8534168
MOC, xrefs: 00007FF7A8534170
csm, xrefs: 00007FF7A8534178

Memory Dump Source

Source File: 00000008.00000002.2237550277.00007FF7A8531000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A8530000, based on PE: true

Associated: 00000008.00000002.2237527134.00007FF7A8530000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237616407.00007FF7A853C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237637092.00007FF7A853D000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a8530000_createdump.jbxd

Similarity

API ID: terminate
String ID: MOC$RCC$csm
API String ID: 1821763600-2671469338
Opcode ID: 2eecf08628838b8288b91de4d166118c23004d29b6453832f1ed38693e8fa958
Instruction ID: 0f960983c8d09ac18c04b9c5942fdd4683bcf80e4c668a3364166fce93b30d10
Opcode Fuzzy Hash: 2eecf08628838b8288b91de4d166118c23004d29b6453832f1ed38693e8fa958
Instruction Fuzzy Hash: 6EF0AF36909646C1E76D7B51E1510ACF374FF68B84F8A5031DF08072A2CF7CE4A0C6AA

Function 00007FF7A85320C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(-3333333333333333,?,00000000,00007FF7A85318EE), ref: 00007FF7A85321E0
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A853221E

Strings

Invalid process id '%d' error %d, xrefs: 00007FF7A8532447

Memory Dump Source

Source File: 00000008.00000002.2237550277.00007FF7A8531000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A8530000, based on PE: true

Associated: 00000008.00000002.2237527134.00007FF7A8530000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237616407.00007FF7A853C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237637092.00007FF7A853D000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a8530000_createdump.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: Invalid process id '%d' error %d
API String ID: 73155330-4244389950
Opcode ID: bba2875ca5ab07f9a8534c7e54732a79a80581b419c8ee845a73c6edf0a3127c
Instruction ID: 8c5c29a21b48e9568f689fd95ef59270167c103c4542895dd51997231c78f354
Opcode Fuzzy Hash: bba2875ca5ab07f9a8534c7e54732a79a80581b419c8ee845a73c6edf0a3127c
Instruction Fuzzy Hash: 5031052270AB8185EF19AF15D6142A9E3A1EB04BD1F990631DF6D07BE5DE7CE0508328

Function 00007FF7A8533F84 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7A853173F), ref: 00007FF7A8533FC8
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7A853173F), ref: 00007FF7A853400E

Strings

csm, xrefs: 00007FF7A8533FFB

Memory Dump Source

Source File: 00000008.00000002.2237550277.00007FF7A8531000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A8530000, based on PE: true

Associated: 00000008.00000002.2237527134.00007FF7A8530000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237572777.00007FF7A8538000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237616407.00007FF7A853C000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2237637092.00007FF7A853D000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a8530000_createdump.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 7531413fd5ba05c8efc2732aab9693bebd0b5d96e62eb0afc70bc4d0601aafd3
Instruction ID: 6f057b40dc4798c2b4d9ddd3063afa68af2e0ba42e2372dee113e81fbf8aa80c
Opcode Fuzzy Hash: 7531413fd5ba05c8efc2732aab9693bebd0b5d96e62eb0afc70bc4d0601aafd3
Instruction Fuzzy Hash: 55115136619B4182EB189F15F450269F7A0FB88B84F995230EF8D07B68DF3DD555C704

Analysis Process: obs-ffmpeg-mux.exePID: 6728, Parent PID: 6556COMMON

Non-executed Functions

Function 00007FF8A7B1B840 Relevance: 372.3, APIs: 121, Strings: 91, Instructions: 1269libraryloaderCOMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 00007FF8A7B1B86D
free.MSVCRT ref: 00007FF8A7B1B876
calloc.MSVCRT ref: 00007FF8A7B1B885
MultiByteToWideChar.KERNEL32 ref: 00007FF8A7B1B8C8
MultiByteToWideChar.KERNEL32 ref: 00007FF8A7B1B90A
GetModuleHandleW.KERNEL32 ref: 00007FF8A7B1B913
GetProcAddress.KERNEL32 ref: 00007FF8A7B1B92A
LoadLibraryExW.KERNEL32 ref: 00007FF8A7B1B940
_aligned_free.MSVCRT ref: 00007FF8A7B1B94C
GetProcAddress.KERNEL32 ref: 00007FF8A7B1B98A
GetProcAddress.KERNEL32 ref: 00007FF8A7B1B9C1
GetProcAddress.KERNEL32 ref: 00007FF8A7B1B9F9
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BA31
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BA69
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BAA1
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BAD9
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BB11
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BB49
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BB81
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BBB9
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BBF1
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BC29
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BC61
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BC99
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BCD1
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BD0C
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BD47
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BD82
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BDBD
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BDF8
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BE33
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BE6E
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BEA9
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BEE4
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BF1F
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BF5A
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BF95
GetProcAddress.KERNEL32 ref: 00007FF8A7B1BFD0
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C00B
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C046
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C081
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C0BC
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C0F7
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C132
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C16D
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C1A8
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C1E3
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C21E
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C259
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C294
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C2CF
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C30A
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C345
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C380
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C3BB
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C3F6
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C431
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C46C
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C4A7
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C4E2
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C51D
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C558
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C593
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C5CE
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C609
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C644
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C67F
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C6BA
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C6F5
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C730
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C76B
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C7A6
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C7DE
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C819
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C854
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C88F
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C8CA
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C905
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C940
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C97B
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C9B6
GetProcAddress.KERNEL32 ref: 00007FF8A7B1C9F1
GetProcAddress.KERNEL32 ref: 00007FF8A7B1CA2C
GetProcAddress.KERNEL32 ref: 00007FF8A7B1CA67
GetProcAddress.KERNEL32 ref: 00007FF8A7B1CAA2
GetProcAddress.KERNEL32 ref: 00007FF8A7B1CADD
GetProcAddress.KERNEL32 ref: 00007FF8A7B1CB18
GetProcAddress.KERNEL32 ref: 00007FF8A7B1CB53
GetProcAddress.KERNEL32 ref: 00007FF8A7B1CB8E
GetProcAddress.KERNEL32 ref: 00007FF8A7B1CBC9
GetProcAddress.KERNEL32 ref: 00007FF8A7B1CC04
GetProcAddress.KERNEL32 ref: 00007FF8A7B1CC3F
GetProcAddress.KERNEL32 ref: 00007FF8A7B1CC7A
_errno.MSVCRT ref: 00007FF8A7B1CCBA
GetModuleHandleW.KERNEL32 ref: 00007FF8A7B1CCD7
GetProcAddress.KERNEL32 ref: 00007FF8A7B1CCEE
LoadLibraryExA.KERNEL32 ref: 00007FF8A7B1CD08
FreeLibrary.KERNEL32 ref: 00007FF8A7B1CD4B
free.MSVCRT ref: 00007FF8A7B1CD54
_aligned_free.MSVCRT ref: 00007FF8A7B1D0AA
_aligned_free.MSVCRT ref: 00007FF8A7B1D0B1

Strings

cuCtxGetDevice, xrefs: 00007FF8A7B1BFC9, 00007FF8A7B1BFD2
cuStreamAddCallback, xrefs: 00007FF8A7B1C217, 00007FF8A7B1C220
cuLinkCreate, xrefs: 00007FF8A7B1C3B4, 00007FF8A7B1C3BD
cuCtxPushCurrent_v2, xrefs: 00007FF8A7B1BB42, 00007FF8A7B1BB4B
cuTexObjectDestroy, xrefs: 00007FF8A7B1C5C7, 00007FF8A7B1C5D0
cuEventSynchronize, xrefs: 00007FF8A7B1C2C8, 00007FF8A7B1C2D1
cuDeviceGetAttribute, xrefs: 00007FF8A7B1BA2A, 00007FF8A7B1BA33
cuEGLStreamProducerConnect, xrefs: 00007FF8A7B1CAD6, 00007FF8A7B1CADF
cuModuleGetFunction, xrefs: 00007FF8A7B1C516, 00007FF8A7B1C51F
cuDeviceGetUuid, xrefs: 00007FF8A7B1C79F, 00007FF8A7B1C7A8
cuExternalMemoryGetMappedBuffer, xrefs: 00007FF8A7B1C84D, 00007FF8A7B1C856
cuGraphicsMapResources, xrefs: 00007FF8A7B1C6B3, 00007FF8A7B1C6BC
cuLinkAddData, xrefs: 00007FF8A7B1C3EF, 00007FF8A7B1C3F8
cuStreamSynchronize, xrefs: 00007FF8A7B1C1A1, 00007FF8A7B1C1AA
cuMemcpyDtoDAsync_v2, xrefs: 00007FF8A7B1BF18, 00007FF8A7B1BF21
cuLinkDestroy, xrefs: 00007FF8A7B1C465, 00007FF8A7B1C46E
cuDevicePrimaryCtxReset, xrefs: 00007FF8A7B1C0F0, 00007FF8A7B1C0F9
cuCtxSetLimit, xrefs: 00007FF8A7B1BB0A, 00007FF8A7B1BB13
SetDefaultDllDirectories, xrefs: 00007FF8A7B1B920, 00007FF8A7B1CCE4
cuDestroyExternalSemaphore, xrefs: 00007FF8A7B1C974, 00007FF8A7B1C97D
cuMemcpy2D_v2, xrefs: 00007FF8A7B1BD7B, 00007FF8A7B1BD84
cuEGLStreamConsumerDisconnect, xrefs: 00007FF8A7B1CB4C, 00007FF8A7B1CB55
cuModuleUnload, xrefs: 00007FF8A7B1C4DB, 00007FF8A7B1C4E4
cuCtxPopCurrent_v2, xrefs: 00007FF8A7B1BB7A, 00007FF8A7B1BB83
Loaded lib: %s, xrefs: 00007FF8A7B1B968
cuLaunchKernel, xrefs: 00007FF8A7B1C379, 00007FF8A7B1C382
cuStreamCreate, xrefs: 00007FF8A7B1C12B, 00007FF8A7B1C134
cuCtxCreate_v2, xrefs: 00007FF8A7B1BAD2, 00007FF8A7B1BADB
cuSignalExternalSemaphoresAsync, xrefs: 00007FF8A7B1C9AF, 00007FF8A7B1C9B8
cuStreamQuery, xrefs: 00007FF8A7B1C166, 00007FF8A7B1C16F
cuMemsetD8Async, xrefs: 00007FF8A7B1BC92, 00007FF8A7B1BC9B
cuGraphicsResourceGetMappedPointer_v2, xrefs: 00007FF8A7B1C764, 00007FF8A7B1C76D
cuGLGetDevices_v2, xrefs: 00007FF8A7B1C602, 00007FF8A7B1C60B
cuGraphicsUnmapResources, xrefs: 00007FF8A7B1C6EE, 00007FF8A7B1C6F7
cuEventDestroy_v2, xrefs: 00007FF8A7B1C28D, 00007FF8A7B1C296
cuGetErrorString, xrefs: 00007FF8A7B1BF8E, 00007FF8A7B1BF97
Loaded sym: %s, xrefs: 00007FF8A7B1B99F, 00007FF8A7B1B9D7, 00007FF8A7B1BA0F, 00007FF8A7B1BA47, 00007FF8A7B1BA7F, 00007FF8A7B1BAB7, 00007FF8A7B1BAEF, 00007FF8A7B1BB27, 00007FF8A7B1BB5F, 00007FF8A7B1BB97, 00007FF8A7B1BBCF, 00007FF8A7B1BC07, 00007FF8A7B1BC3F, 00007FF8A7B1BC77, 00007FF8A7B1BCAF, 00007FF8A7B1BCEA, 00007FF8A7B1BD25, 00007FF8A7B1BD60, 00007FF8A7B1BD9B, 00007FF8A7B1BDD6, 00007FF8A7B1BE11, 00007FF8A7B1BE4C, 00007FF8A7B1BE87, 00007FF8A7B1BEC2, 00007FF8A7B1BEFD, 00007FF8A7B1BF38, 00007FF8A7B1BF73, 00007FF8A7B1BFAE, 00007FF8A7B1BFE9, 00007FF8A7B1C024, 00007FF8A7B1C05F, 00007FF8A7B1C09A, 00007FF8A7B1C0D5, 00007FF8A7B1C110, 00007FF8A7B1C14B, 00007FF8A7B1C186, 00007FF8A7B1C1C1, 00007FF8A7B1C1FC, 00007FF8A7B1C237, 00007FF8A7B1C272, 00007FF8A7B1C2AD, 00007FF8A7B1C2E8, 00007FF8A7B1C323, 00007FF8A7B1C35E, 00007FF8A7B1C399, 00007FF8A7B1C3D4, 00007FF8A7B1C40F, 00007FF8A7B1C44A, 00007FF8A7B1C485, 00007FF8A7B1C4C0, 00007FF8A7B1C4FB, 00007FF8A7B1C536, 00007FF8A7B1C571, 00007FF8A7B1C5AC, 00007FF8A7B1C5E7, 00007FF8A7B1C622, 00007FF8A7B1C65D, 00007FF8A7B1C698, 00007FF8A7B1C6D3, 00007FF8A7B1C70E, 00007FF8A7B1C749, 00007FF8A7B1C784, 00007FF8A7B1C7BC, 00007FF8A7B1C7F7, 00007FF8A7B1C832, 00007FF8A7B1C86D, 00007FF8A7B1C8A8, 00007FF8A7B1C8E3, 00007FF8A7B1C91E, 00007FF8A7B1C959, 00007FF8A7B1C994, 00007FF8A7B1C9CF, 00007FF8A7B1CA0A, 00007FF8A7B1CA45, 00007FF8A7B1CA80, 00007FF8A7B1CABB, 00007FF8A7B1CAF6, 00007FF8A7B1CB31, 00007FF8A7B1CB6C, 00007FF8A7B1CBA7, 00007FF8A7B1CBE2, 00007FF8A7B1CC1D, 00007FF8A7B1CC58, 00007FF8A7B1CC93
cuMemcpy2DAsync_v2, xrefs: 00007FF8A7B1BDB6, 00007FF8A7B1BDBF
cuTexObjectCreate, xrefs: 00007FF8A7B1C58C, 00007FF8A7B1C595
nvcuda.dll, xrefs: 00007FF8A7B1B8C1, 00007FF8A7B1B8F9, 00007FF8A7B1B961, 00007FF8A7B1CD01, 00007FF8A7B1D0C1
cuDevicePrimaryCtxRelease, xrefs: 00007FF8A7B1C03F, 00007FF8A7B1C048
cuCtxDestroy_v2, xrefs: 00007FF8A7B1BBB2, 00007FF8A7B1BBBB
cuEGLStreamProducerReturnFrame, xrefs: 00007FF8A7B1CBC2, 00007FF8A7B1CBCB
cuWaitExternalSemaphoresAsync, xrefs: 00007FF8A7B1C9EA, 00007FF8A7B1C9F3
cuModuleLoadData, xrefs: 00007FF8A7B1C4A0, 00007FF8A7B1C4A9
cuMemcpyHtoD_v2, xrefs: 00007FF8A7B1BDF1, 00007FF8A7B1BDFA
cuGraphicsGLRegisterImage, xrefs: 00007FF8A7B1C63D, 00007FF8A7B1C646
cuMemcpyDtoH_v2, xrefs: 00007FF8A7B1BE67, 00007FF8A7B1BE70
cuModuleGetGlobal, xrefs: 00007FF8A7B1C551, 00007FF8A7B1C55A
cuDeviceGetName, xrefs: 00007FF8A7B1BA62, 00007FF8A7B1BA6B
cuGraphicsSubResourceGetMappedArray, xrefs: 00007FF8A7B1C729, 00007FF8A7B1C732
cuArray3DCreate_v2, xrefs: 00007FF8A7B1CA60, 00007FF8A7B1CA69
cuLinkComplete, xrefs: 00007FF8A7B1C42A, 00007FF8A7B1C433
cuD3D11GetDevice, xrefs: 00007FF8A7B1CBFD, 00007FF8A7B1CC06
cuDevicePrimaryCtxGetState, xrefs: 00007FF8A7B1C0B5, 00007FF8A7B1C0BE
cuEventCreate, xrefs: 00007FF8A7B1C252, 00007FF8A7B1C25B
cuMemAlloc_v2, xrefs: 00007FF8A7B1BBEA, 00007FF8A7B1BBF3
cuImportExternalSemaphore, xrefs: 00007FF8A7B1C939, 00007FF8A7B1C942
cuDevicePrimaryCtxRetain, xrefs: 00007FF8A7B1C004, 00007FF8A7B1C00D
cuEventQuery, xrefs: 00007FF8A7B1C303, 00007FF8A7B1C30C
cuImportExternalMemory, xrefs: 00007FF8A7B1C7D7, 00007FF8A7B1C7E0
cuDeviceComputeCapability, xrefs: 00007FF8A7B1BA9A, 00007FF8A7B1BAA3
cuInit, xrefs: 00007FF8A7B1B983, 00007FF8A7B1B98C
cuMemcpyAsync, xrefs: 00007FF8A7B1BD40, 00007FF8A7B1BD49
cuArrayDestroy, xrefs: 00007FF8A7B1CA9B, 00007FF8A7B1CAA4
cuMipmappedArrayGetLevel, xrefs: 00007FF8A7B1C8C3, 00007FF8A7B1C8CC
Cannot load optional %s, xrefs: 00007FF8A7B1CD70, 00007FF8A7B1CD90, 00007FF8A7B1CDB0, 00007FF8A7B1CDD0, 00007FF8A7B1CDF0, 00007FF8A7B1CE10, 00007FF8A7B1CE30, 00007FF8A7B1CE50, 00007FF8A7B1CE70, 00007FF8A7B1CE90, 00007FF8A7B1CEB0, 00007FF8A7B1CED0, 00007FF8A7B1CEF0, 00007FF8A7B1CF10, 00007FF8A7B1CF30, 00007FF8A7B1CF50
Cannot load %s, xrefs: 00007FF8A7B1CD20, 00007FF8A7B1D0C8
cuArrayCreate_v2, xrefs: 00007FF8A7B1CA25, 00007FF8A7B1CA2E
cuD3D11GetDevices, xrefs: 00007FF8A7B1CC38, 00007FF8A7B1CC41
cuGraphicsUnregisterResource, xrefs: 00007FF8A7B1C678, 00007FF8A7B1C681
cuEventRecord, xrefs: 00007FF8A7B1C33E, 00007FF8A7B1C347
cuMemAllocPitch_v2, xrefs: 00007FF8A7B1BC22, 00007FF8A7B1BC2B
cuDeviceGet, xrefs: 00007FF8A7B1B9F2, 00007FF8A7B1B9FB
cuDestroyExternalMemory, xrefs: 00007FF8A7B1C812, 00007FF8A7B1C81B
cuMemcpyHtoDAsync_v2, xrefs: 00007FF8A7B1BE2C, 00007FF8A7B1BE35
cuEGLStreamProducerDisconnect, xrefs: 00007FF8A7B1CB11, 00007FF8A7B1CB1A
cuMemAllocManaged, xrefs: 00007FF8A7B1BC5A, 00007FF8A7B1BC63
cuGraphicsD3D11RegisterResource, xrefs: 00007FF8A7B1CC73, 00007FF8A7B1CC7C
cuGetErrorName, xrefs: 00007FF8A7B1BF53, 00007FF8A7B1BF5C
cuMemFree_v2, xrefs: 00007FF8A7B1BCCA, 00007FF8A7B1BCD3
cuMemcpyDtoHAsync_v2, xrefs: 00007FF8A7B1BEA2, 00007FF8A7B1BEAB
cuDevicePrimaryCtxSetFlags, xrefs: 00007FF8A7B1C07A, 00007FF8A7B1C083
cuMemcpyDtoD_v2, xrefs: 00007FF8A7B1BEDD, 00007FF8A7B1BEE6
cuEGLStreamProducerPresentFrame, xrefs: 00007FF8A7B1CB87, 00007FF8A7B1CB90
cuDeviceGetCount, xrefs: 00007FF8A7B1B9BA, 00007FF8A7B1B9C3
kernel32.dll, xrefs: 00007FF8A7B1B90C, 00007FF8A7B1CCD0
cuMemcpy, xrefs: 00007FF8A7B1BD05, 00007FF8A7B1BD0E
cuStreamDestroy_v2, xrefs: 00007FF8A7B1C1DC, 00007FF8A7B1C1E5
cuExternalMemoryGetMappedMipmappedArray, xrefs: 00007FF8A7B1C888, 00007FF8A7B1C891
cuMipmappedArrayDestroy, xrefs: 00007FF8A7B1C8FE, 00007FF8A7B1C907

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: AddressProc$Library$_aligned_free$ByteCharFreeHandleLoadModuleMultiWidefree$_errnocalloc
String ID: Cannot load %s$Cannot load optional %s$Loaded lib: %s$Loaded sym: %s$SetDefaultDllDirectories$cuArray3DCreate_v2$cuArrayCreate_v2$cuArrayDestroy$cuCtxCreate_v2$cuCtxDestroy_v2$cuCtxGetDevice$cuCtxPopCurrent_v2$cuCtxPushCurrent_v2$cuCtxSetLimit$cuD3D11GetDevice$cuD3D11GetDevices$cuDestroyExternalMemory$cuDestroyExternalSemaphore$cuDeviceComputeCapability$cuDeviceGet$cuDeviceGetAttribute$cuDeviceGetCount$cuDeviceGetName$cuDeviceGetUuid$cuDevicePrimaryCtxGetState$cuDevicePrimaryCtxRelease$cuDevicePrimaryCtxReset$cuDevicePrimaryCtxRetain$cuDevicePrimaryCtxSetFlags$cuEGLStreamConsumerDisconnect$cuEGLStreamProducerConnect$cuEGLStreamProducerDisconnect$cuEGLStreamProducerPresentFrame$cuEGLStreamProducerReturnFrame$cuEventCreate$cuEventDestroy_v2$cuEventQuery$cuEventRecord$cuEventSynchronize$cuExternalMemoryGetMappedBuffer$cuExternalMemoryGetMappedMipmappedArray$cuGLGetDevices_v2$cuGetErrorName$cuGetErrorString$cuGraphicsD3D11RegisterResource$cuGraphicsGLRegisterImage$cuGraphicsMapResources$cuGraphicsResourceGetMappedPointer_v2$cuGraphicsSubResourceGetMappedArray$cuGraphicsUnmapResources$cuGraphicsUnregisterResource$cuImportExternalMemory$cuImportExternalSemaphore$cuInit$cuLaunchKernel$cuLinkAddData$cuLinkComplete$cuLinkCreate$cuLinkDestroy$cuMemAllocManaged$cuMemAllocPitch_v2$cuMemAlloc_v2$cuMemFree_v2$cuMemcpy$cuMemcpy2DAsync_v2$cuMemcpy2D_v2$cuMemcpyAsync$cuMemcpyDtoDAsync_v2$cuMemcpyDtoD_v2$cuMemcpyDtoHAsync_v2$cuMemcpyDtoH_v2$cuMemcpyHtoDAsync_v2$cuMemcpyHtoD_v2$cuMemsetD8Async$cuMipmappedArrayDestroy$cuMipmappedArrayGetLevel$cuModuleGetFunction$cuModuleGetGlobal$cuModuleLoadData$cuModuleUnload$cuSignalExternalSemaphoresAsync$cuStreamAddCallback$cuStreamCreate$cuStreamDestroy_v2$cuStreamQuery$cuStreamSynchronize$cuTexObjectCreate$cuTexObjectDestroy$cuWaitExternalSemaphoresAsync$kernel32.dll$nvcuda.dll
API String ID: 3405737670-3447704524
Opcode ID: 4af3281c0e25db81b3078cec52e73783fda2d96fdf649ea0d565a5970141e5c3
Instruction ID: 5ca59221680be84f8458404d9ee00b16d8f029b1cbeb1f76a640651f5710287b
Opcode Fuzzy Hash: 4af3281c0e25db81b3078cec52e73783fda2d96fdf649ea0d565a5970141e5c3
Instruction Fuzzy Hash: D3D2E9B5A0BA47A5EA41EF20E4642FD2355EF887C5FC48932DA0D4B295DE3CE507E390

Function 00007FF8A7B1FDF0 Relevance: 140.7, APIs: 62, Strings: 18, Instructions: 667libraryloaderCOMMON

Download Yara Rule

APIs

atoi.MSVCRT ref: 00007FF8A7B1FE1E
MultiByteToWideChar.KERNEL32 ref: 00007FF8A7B1FE84
MultiByteToWideChar.KERNEL32 ref: 00007FF8A7B1FEC6
GetProcAddress.KERNEL32 ref: 00007FF8A7B1FEEE
LoadLibraryExW.KERNEL32 ref: 00007FF8A7B1FF04
_aligned_free.MSVCRT ref: 00007FF8A7B1FF12
MultiByteToWideChar.KERNEL32 ref: 00007FF8A7B1FF50
MultiByteToWideChar.KERNEL32 ref: 00007FF8A7B1FF9A
GetProcAddress.KERNEL32 ref: 00007FF8A7B1FFB4
LoadLibraryExW.KERNEL32 ref: 00007FF8A7B1FFCA
_aligned_free.MSVCRT ref: 00007FF8A7B1FFD6
GetProcAddress.KERNEL32 ref: 00007FF8A7B1FFF2
GetProcAddress.KERNEL32 ref: 00007FF8A7B200D6
GetDesktopWindow.USER32 ref: 00007FF8A7B2014A
_errno.MSVCRT ref: 00007FF8A7B20220
GetProcAddress.KERNEL32 ref: 00007FF8A7B20256
LoadLibraryExA.KERNEL32 ref: 00007FF8A7B20270
_errno.MSVCRT ref: 00007FF8A7B2027B
GetProcAddress.KERNEL32 ref: 00007FF8A7B202A8
_aligned_free.MSVCRT ref: 00007FF8A7B202B5
_aligned_free.MSVCRT ref: 00007FF8A7B202BC
GetProcAddress.KERNEL32 ref: 00007FF8A7B20398
GetDesktopWindow.USER32 ref: 00007FF8A7B203EB

Strings

Failed to create IDirect3D object, xrefs: 00007FF8A7B20A18
Direct3DCreate9Ex, xrefs: 00007FF8A7B20011
Using D3D9Ex device., xrefs: 00007FF8A7B2019A
Failed to locate Direct3DCreate9, xrefs: 00007FF8A7B20A50
Failed to locate DXVA2CreateDirect3DDeviceManager9, xrefs: 00007FF8A7B2094E
Failed to load D3D9 library, xrefs: 00007FF8A7B205C5
DXVA2CreateDirect3DDeviceManager9, xrefs: 00007FF8A7B1FFE8
Failed to bind Direct3D device to device manager, xrefs: 00007FF8A7B2096C
Failed to create Direct3D device, xrefs: 00007FF8A7B20425
Direct3DCreate9, xrefs: 00007FF8A7B2030F
Failed to open device handle, xrefs: 00007FF8A7B209A8
d3d9.dll, xrefs: 00007FF8A7B1FE5A, 00007FF8A7B1FEB5, 00007FF8A7B20269
Failed to load DXVA2 library, xrefs: 00007FF8A7B202C9
dxva2.dll, xrefs: 00007FF8A7B1FF36, 00007FF8A7B1FF89, 00007FF8A7B20598
kernel32.dll, xrefs: 00007FF8A7B1FECF, 00007FF8A7B1FF9C, 00007FF8A7B20237, 00007FF8A7B20290
SetDefaultDllDirectories, xrefs: 00007FF8A7B1FEE4, 00007FF8A7B1FFAA, 00007FF8A7B2024C, 00007FF8A7B2029E
&, xrefs: 00007FF8A7B20408
Failed to create Direct3D device manager, xrefs: 00007FF8A7B2098A

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: AddressProc$ByteCharMultiWide_aligned_free$LibraryLoad$DesktopWindow_errno$atoi
String ID: &$DXVA2CreateDirect3DDeviceManager9$Direct3DCreate9$Direct3DCreate9Ex$Failed to bind Direct3D device to device manager$Failed to create Direct3D device$Failed to create Direct3D device manager$Failed to create IDirect3D object$Failed to load D3D9 library$Failed to load DXVA2 library$Failed to locate DXVA2CreateDirect3DDeviceManager9$Failed to locate Direct3DCreate9$Failed to open device handle$SetDefaultDllDirectories$Using D3D9Ex device.$d3d9.dll$dxva2.dll$kernel32.dll
API String ID: 1760633067-2418308259
Opcode ID: 1b8f3b45278436593ea4620b683ff6dcafb812b761b95205c1ba724c4eb98057
Instruction ID: bf8b3e668797d73dcc6bf2c2fcc38a393060a75c8b923fa74feb86c9d9b08a69
Opcode Fuzzy Hash: 1b8f3b45278436593ea4620b683ff6dcafb812b761b95205c1ba724c4eb98057
Instruction Fuzzy Hash: 9C528EB1A0B78291EB509F15E4443AE6791FF88BC4F804536DA8D47B99EF7CE406E780

Function 00007FF8BFB63AA7 Relevance: 130.3, APIs: 64, Strings: 10, Instructions: 798COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB63940: av_channel_layout_describe.AVUTIL-58 ref: 00007FF8BFB63999
Part of subcall function 00007FF8BFB63940: av_log.AVUTIL-58 ref: 00007FF8BFB639B0

av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB63BBE
av_channel_layout_subset.AVUTIL-58 ref: 00007FF8BFB63BCF
av_channel_layout_uninit.AVUTIL-58 ref: 00007FF8BFB63BDC
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB63C2E
av_channel_layout_subset.AVUTIL-58 ref: 00007FF8BFB63C3F
av_channel_layout_uninit.AVUTIL-58 ref: 00007FF8BFB63C4C
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB63CA3
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB63CD3
av_channel_layout_from_mask.AVUTIL-58 ref: 00007FF8BFB63CE4
av_channel_layout_describe.AVUTIL-58 ref: 00007FF8BFB63CF5
av_log.AVUTIL-58 ref: 00007FF8BFB63D0C
av_channel_layout_check.AVUTIL-58 ref: 00007FF8BFB63D14
av_log.AVUTIL-58 ref: 00007FF8BFB63D32
av_channel_layout_describe.AVUTIL-58 ref: 00007FF8BFB63D5A
av_log.AVUTIL-58 ref: 00007FF8BFB63D71
av_channel_layout_check.AVUTIL-58 ref: 00007FF8BFB63D7E
av_log.AVUTIL-58 ref: 00007FF8BFB63D9C
av_channel_layout_describe.AVUTIL-58 ref: 00007FF8BFB63DCB
av_log.AVUTIL-58 ref: 00007FF8BFB63DE2
av_channel_layout_uninit.AVUTIL-58 ref: 00007FF8BFB64A05
av_channel_layout_uninit.AVUTIL-58 ref: 00007FF8BFB64A0F

Strings

Output channel layout is invalid, xrefs: 00007FF8BFB63D87
Input channel layout is invalid, xrefs: 00007FF8BFB63D1D
Matrix coefficients:, xrefs: 00007FF8BFB64924
%s:%f , xrefs: 00007FF8BFB649C3
src/libswresample/rematrix.c, xrefs: 00007FF8BFB63F3B
Output channel layout '%s' is not supported, xrefs: 00007FF8BFB63DDB
%s: , xrefs: 00007FF8BFB6497A
Input channel layout '%s' is not supported, xrefs: 00007FF8BFB63D6A
Assertion %s failed at %s:%d, xrefs: 00007FF8BFB63F52
Full-on remixing from 22.2 has not yet been implemented! Processing the input as '%s', xrefs: 00007FF8BFB63D05

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_log$av_channel_layout_compareav_channel_layout_describeav_channel_layout_uninit$av_channel_layout_checkav_channel_layout_subset$av_channel_layout_from_mask
String ID: %s: $%s:%f $Assertion %s failed at %s:%d$Full-on remixing from 22.2 has not yet been implemented! Processing the input as '%s'$Input channel layout '%s' is not supported$Input channel layout is invalid$Matrix coefficients:$Output channel layout '%s' is not supported$Output channel layout is invalid$src/libswresample/rematrix.c
API String ID: 2619559304-3174812640
Opcode ID: 5aa9f050ff1bdde174cdacfa5c37e80b8c215c118cb67db339f9d22cf6abd8d3
Instruction ID: dc5867ef09da7cd443d3ffe0a3f7c5cb0d980423bc9d066d8da5a450e350ef9c
Opcode Fuzzy Hash: 5aa9f050ff1bdde174cdacfa5c37e80b8c215c118cb67db339f9d22cf6abd8d3
Instruction Fuzzy Hash: 26827D22D1CF8695F666CEA9A4103BBF365EF963C4F509332DB4E66945DF3DE0818A00

Function 00007FF8BFB87508 Relevance: 90.2, APIs: 36, Strings: 15, Instructions: 913COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB875A4
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8768B
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB876D6
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB876F7
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB87767
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB87779

Strings

}' , xrefs: 00007FF8BFB87726, 00007FF8BFB87C67
[thunk]:, xrefs: 00007FF8BFB882E1
`template static data member destructor helper', xrefs: 00007FF8BFB88017
virtual , xrefs: 00007FF8BFB88199
private: , xrefs: 00007FF8BFB88216
protected: , xrefs: 00007FF8BFB88248
`vtordispex{, xrefs: 00007FF8BFB87B08
`template static data member constructor helper', xrefs: 00007FF8BFB87FD4
`local static destructor helper', xrefs: 00007FF8BFB87F96
static , xrefs: 00007FF8BFB88122
extern "C" , xrefs: 00007FF8BFB88336
/, xrefs: 00007FF8BFB8801E
`adjustor{, xrefs: 00007FF8BFB87C3C
`vtordisp{, xrefs: 00007FF8BFB87BDD
public: , xrefs: 00007FF8BFB8826F

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: /$[thunk]:$`adjustor{$`local static destructor helper'$`template static data member constructor helper'$`template static data member destructor helper'$`vtordispex{$`vtordisp{$extern "C" $private: $protected: $public: $static $virtual $}'
API String ID: 2943138195-2884338863
Opcode ID: dfe3c345cf42f50a30eb54d6b673e306e5f826d7c41941afd65b24be17fee6d5
Instruction ID: a3b6ce949c3797d67e2760f05b50147cdb32243b6c39215a80d81e251aad42f3
Opcode Fuzzy Hash: dfe3c345cf42f50a30eb54d6b673e306e5f826d7c41941afd65b24be17fee6d5
Instruction Fuzzy Hash: B4924372A1C78296EB50DB98E4802AEB7A0FBC4384F505135FB8E47A9ADF7CD544CB40

Function 00007FF8BFB64B4A Relevance: 83.2, APIs: 43, Strings: 4, Instructions: 981COMMON

Download Yara Rule

APIs

av_get_packed_sample_fmt.AVUTIL-58 ref: 00007FF8BFB64BAC
av_get_packed_sample_fmt.AVUTIL-58 ref: 00007FF8BFB64BC5
av_calloc.AVUTIL-58 ref: 00007FF8BFB64C81
av_mallocz.AVUTIL-58 ref: 00007FF8BFB64C93
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB64DAC
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB64DF3
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB64E3C
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB64ED5
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB64F19
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB65047
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB6508E
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB650D7
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB65170
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB651B4
av_calloc.AVUTIL-58 ref: 00007FF8BFB652AA
av_mallocz.AVUTIL-58 ref: 00007FF8BFB652BC
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB65380
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB653C7
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB65410
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB654A9
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB654ED
av_calloc.AVUTIL-58 ref: 00007FF8BFB655E3
av_mallocz.AVUTIL-58 ref: 00007FF8BFB655F5
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB656BD
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB65704
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB6574D
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB657E6
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB6582A
av_mallocz.AVUTIL-58 ref: 00007FF8BFB65918
av_calloc.AVUTIL-58 ref: 00007FF8BFB65937
av_freep.AVUTIL-58 ref: 00007FF8BFB65963
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB65A2C
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB65A73
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB65ABC
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB65B55
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB65B99
av_log.AVUTIL-58 ref: 00007FF8BFB65C71
abort.MSVCRT ref: 00007FF8BFB65C76
av_get_cpu_flags.AVUTIL-58 ref: 00007FF8BFB672E3
av_calloc.AVUTIL-58 ref: 00007FF8BFB67341
av_mallocz.AVUTIL-58 ref: 00007FF8BFB67352

Strings

@, xrefs: 00007FF8BFB64C24
src/libswresample/rematrix.c, xrefs: 00007FF8BFB65C4B
?, xrefs: 00007FF8BFB65AAA
Assertion %s failed at %s:%d, xrefs: 00007FF8BFB65C62

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_channel_layout_compare$av_callocav_mallocz$av_get_packed_sample_fmt$abortav_freepav_get_cpu_flagsav_log
String ID: ?$@$Assertion %s failed at %s:%d$src/libswresample/rematrix.c
API String ID: 589828794-1409810779
Opcode ID: 5188afd4967a419cf0fd434335850466d59e66cd640ed80c7eb5b51fe742ae3d
Instruction ID: 23e286bab471394794b717b5f2a20ba024f57c17da20395f03f1014374bbd326
Opcode Fuzzy Hash: 5188afd4967a419cf0fd434335850466d59e66cd640ed80c7eb5b51fe742ae3d
Instruction Fuzzy Hash: 22A2F77390CA8AA5F7628BA99059FBAB3A8FF053C0F505135CB8D57684DF3DA099C704

Function 00007FF6AB242A10 Relevance: 65.0, APIs: 32, Strings: 5, Instructions: 209stringCOMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6AB242A7F
strerror.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6AB242A87
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6AB242A93
fprintf.MSPDB140-MSVCRT ref: 00007FF6AB242AAA

Part of subcall function 00007FF6AB242320: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,00007FF6AB2429D8,?,?,?,00007FF6AB2412F1), ref: 00007FF6AB242357

brealloc.OBS ref: 00007FF6AB242AD2
memmove.VCRUNTIME140 ref: 00007FF6AB242B16
pthread_mutex_init.W32-PTHREADS ref: 00007FF6AB242B36
os_event_init.OBS ref: 00007FF6AB242B44
os_event_init.OBS ref: 00007FF6AB242B52
pthread_create.W32-PTHREADS ref: 00007FF6AB242B6A
av_malloc.AVUTIL-58 ref: 00007FF6AB242B74
avio_alloc_context.AVFORMAT-60 ref: 00007FF6AB242BA7
av_dict_parse_string.AVUTIL-58 ref: 00007FF6AB242BDE
av_strerror.AVUTIL-58 ref: 00007FF6AB242C06
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6AB242C10
fprintf.MSPDB140-MSVCRT ref: 00007FF6AB242C2B
av_dict_free.AVUTIL-58 ref: 00007FF6AB242C34
av_dict_count.AVUTIL-58 ref: 00007FF6AB242C3D
printf.MSPDB140-MSVCRT ref: 00007FF6AB242C4D
av_dict_get.AVUTIL-58 ref: 00007FF6AB242C66
printf.MSPDB140-MSVCRT ref: 00007FF6AB242C8E
av_dict_get.AVUTIL-58 ref: 00007FF6AB242CA7
printf.MSPDB140-MSVCRT ref: 00007FF6AB242CBB
avformat_write_header.AVFORMAT-60 ref: 00007FF6AB242CC7
av_strerror.AVUTIL-58 ref: 00007FF6AB242CF5
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6AB242CFF
fprintf.MSPDB140-MSVCRT ref: 00007FF6AB242D17
av_dict_free.AVUTIL-58 ref: 00007FF6AB242D20

Part of subcall function 00007FF6AB242030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6AB2423A2), ref: 00007FF6AB24204A
Part of subcall function 00007FF6AB242030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6AB2423A2), ref: 00007FF6AB242065
Part of subcall function 00007FF6AB242030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6AB2423A2), ref: 00007FF6AB242080
Part of subcall function 00007FF6AB242030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6AB2423A2), ref: 00007FF6AB24209B
Part of subcall function 00007FF6AB242030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6AB2423A2), ref: 00007FF6AB2420B6

avio_open.AVFORMAT-60 ref: 00007FF6AB242D41
av_strerror.AVUTIL-58 ref: 00007FF6AB242D6D
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6AB242D77
av_dict_free.AVUTIL-58 ref: 00007FF6AB242D8A

Strings

Error opening '%s': %s, xrefs: 00007FF6AB242D10
Couldn't open '%s', %s, xrefs: 00007FF6AB242AA0
Failed to parse muxer settings: %s%s, xrefs: 00007FF6AB242C24
%s=%s, xrefs: 00007FF6AB242C84
Using muxer settings:, xrefs: 00007FF6AB242C46

Memory Dump Source

Source File: 0000000B.00000002.2238921075.00007FF6AB241000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6AB240000, based on PE: true

Associated: 0000000B.00000002.2238894813.00007FF6AB240000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238957985.00007FF6AB245000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238984071.00007FF6AB246000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2239020574.00007FF6AB249000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6ab240000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strncmp$__acrt_iob_func$av_dict_freeav_strerrorfprintfprintf$av_dict_getos_event_init$__stdio_common_vfprintf_errnoav_dict_countav_dict_parse_stringav_mallocavformat_write_headeravio_alloc_contextavio_openbreallocmemmovepthread_createpthread_mutex_initstrerror
String ID: %s=%s$Couldn't open '%s', %s$Error opening '%s': %s$Failed to parse muxer settings: %s%s$Using muxer settings:
API String ID: 2783795328-2826353358
Opcode ID: 0ced714b6d2bafb841ab697dc7cb68e417ab27a254e86fbca716fd3c82a395c5
Instruction ID: fad8d43d5831a4aef4e2d042c491476fc1ea1e01839ef1fb0666a6e6965a98d8
Opcode Fuzzy Hash: 0ced714b6d2bafb841ab697dc7cb68e417ab27a254e86fbca716fd3c82a395c5
Instruction Fuzzy Hash: 85A18036B19A8291EB14DF21D6513F86360FB5C788F405137EE4D87AAAEF7CE2948340

Function 00007FF6AB242EE0 Relevance: 54.6, APIs: 29, Strings: 2, Instructions: 313COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF6AB242F39
SetErrorMode.KERNEL32 ref: 00007FF6AB242F5D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6AB242F6B
WideCharToMultiByte.KERNEL32 ref: 00007FF6AB242FD8
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6AB242FE7
WideCharToMultiByte.KERNEL32 ref: 00007FF6AB243016
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6AB243044
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6AB24304D
_setmode.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6AB24305A
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6AB243065
setvbuf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6AB243077
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6AB243098
fprintf.MSPDB140-MSVCRT ref: 00007FF6AB2430A8
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6AB2430F8
realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6AB24311C
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6AB243167
fprintf.MSPDB140-MSVCRT ref: 00007FF6AB243177
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6AB24319A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6AB2431A3
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6AB2431C5
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6AB2431D6
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6AB243215
realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6AB243239
av_rescale_q_rnd.AVUTIL-58 ref: 00007FF6AB24330C
av_rescale_q_rnd.AVUTIL-58 ref: 00007FF6AB243344
av_interleaved_write_frame.AVFORMAT-60 ref: 00007FF6AB24336D
av_strerror.AVUTIL-58 ref: 00007FF6AB2433BA
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6AB2433C4
fprintf.MSPDB140-MSVCRT ref: 00007FF6AB2433DE

Part of subcall function 00007FF6AB242320: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,00007FF6AB2429D8,?,?,?,00007FF6AB2412F1), ref: 00007FF6AB242357

Strings

Couldn't initialize muxer, xrefs: 00007FF6AB2430A1, 00007FF6AB243170
av_interleaved_write_frame failed: %d: %s, xrefs: 00007FF6AB2433D7

Memory Dump Source

Source File: 0000000B.00000002.2238921075.00007FF6AB241000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6AB240000, based on PE: true

Associated: 0000000B.00000002.2238894813.00007FF6AB240000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238957985.00007FF6AB245000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238984071.00007FF6AB246000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2239020574.00007FF6AB249000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6ab240000_obs-ffmpeg-mux.jbxd

Similarity

API ID: __acrt_iob_func$freemalloc$fprintf$ByteCharMultiWideav_rescale_q_rndrealloc$ErrorMode__stdio_common_vfprintf_fileno_setmodeav_interleaved_write_frameav_strerrormemsetsetvbuf
String ID: Couldn't initialize muxer$av_interleaved_write_frame failed: %d: %s
API String ID: 4192084208-164389310
Opcode ID: 90e4d641eae2122b72088982d14054dbbcc6ef952270b6c02c8a2abd6878b3b9
Instruction ID: 98690a36e810ab72d54973a7d94d913d0743054f593fce90d86eb12894437a2d
Opcode Fuzzy Hash: 90e4d641eae2122b72088982d14054dbbcc6ef952270b6c02c8a2abd6878b3b9
Instruction Fuzzy Hash: 54E19032A1AA8286EB20DF61D9503BD77A0FB8DB84F505136DE4E97B68DF3CE5458700

Function 00007FF8A7B0C2F0 Relevance: 51.3, APIs: 25, Strings: 4, Instructions: 582stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7B0C347
strtol.MSVCRT ref: 00007FF8A7B0C3ED
strchr.MSVCRT ref: 00007FF8A7B0C462
strcmp.MSVCRT ref: 00007FF8A7B0C564
_aligned_free.MSVCRT ref: 00007FF8A7B0C594
_aligned_free.MSVCRT ref: 00007FF8A7B0C59E
_aligned_free.MSVCRT ref: 00007FF8A7B0C5D5

Strings

mono, xrefs: 00007FF8A7B0C317
ambisonic , xrefs: 00007FF8A7B0C3A0
channels, xrefs: 00007FF8A7B0CB80
%d channels (%[^)], xrefs: 00007FF8A7B0C44B

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free$strcmp$strchrstrtol
String ID: channels$%d channels (%[^)]$ambisonic $mono
API String ID: 6235670-221731140
Opcode ID: 9a9eb1e0a00dde1935faf8ff688298a0d262cbf1e4cfcb0e70de2c1dca8238e4
Instruction ID: 858595fbaa4b507ad73275df87ff4a7692b1b0f5aa521371f960bf7c87ba2051
Opcode Fuzzy Hash: 9a9eb1e0a00dde1935faf8ff688298a0d262cbf1e4cfcb0e70de2c1dca8238e4
Instruction Fuzzy Hash: B24280B3A0A682A5EB609F15E4503BE67A1FB84BC0F548031DA8D57B95DF3CE447EB40

Function 00007FF8BFB58DB0 Relevance: 42.1, APIs: 12, Strings: 12, Instructions: 108COMMON

Download Yara Rule

APIs

av_opt_set_chlayout.AVUTIL-58 ref: 00007FF8BFB58DFE
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58E1B
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58E38
av_opt_set_chlayout.AVUTIL-58 ref: 00007FF8BFB58E5A
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58E7C
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58E9E
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58EBB
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58ED0
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58EE5
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58EFA
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58F0F
av_log.AVUTIL-58 ref: 00007FF8BFB58F53

Strings

isf, xrefs: 00007FF8BFB58E72
ich, xrefs: 00007FF8BFB58EF3
ochl, xrefs: 00007FF8BFB58DE7
isr, xrefs: 00007FF8BFB58E94
icl, xrefs: 00007FF8BFB58EC9
osr, xrefs: 00007FF8BFB58E2E
Failed to set option, xrefs: 00007FF8BFB58F40
uch, xrefs: 00007FF8BFB58EB1
ocl, xrefs: 00007FF8BFB58EDE
och, xrefs: 00007FF8BFB58F08
ichl, xrefs: 00007FF8BFB58E50
osf, xrefs: 00007FF8BFB58E11

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_opt_set_int$av_opt_set_chlayout$av_log
String ID: Failed to set option$ich$ichl$icl$isf$isr$och$ochl$ocl$osf$osr$uch
API String ID: 4144258317-3247528414
Opcode ID: 10ab7c08c9e10468c087a0fc18b47031af3b6046317781463100eb67561eeeb0
Instruction ID: d73a74d02a417476c71cdee5adff2657d8965f814a9c05578b1518452dfbfec0
Opcode Fuzzy Hash: 10ab7c08c9e10468c087a0fc18b47031af3b6046317781463100eb67561eeeb0
Instruction Fuzzy Hash: 92417CA5B0825361FB60A7E9A962BB7B751EF983C8F805432EF4C47A55EE3CE0048700

Function 00007FF8A7B32D90 Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 203COMMON

Download Yara Rule

APIs

_read.MSVCRT ref: 00007FF8A7B32E0D
_close.MSVCRT ref: 00007FF8A7B32E17
_read.MSVCRT ref: 00007FF8A7B32E48
_close.MSVCRT ref: 00007FF8A7B32E52
clock.MSVCRT ref: 00007FF8A7B32EF9

Strings

Assertion %s failed at %s:%d, xrefs: 00007FF8A7B33080
sizeof(tmp) >= av_sha_size, xrefs: 00007FF8A7B33070
/dev/random, xrefs: 00007FF8A7B32E27
N, xrefs: 00007FF8A7B33087
Microsoft Primitive Provider, xrefs: 00007FF8A7B32DA0
src/libavutil/random_seed.c, xrefs: 00007FF8A7B33069
/dev/urandom, xrefs: 00007FF8A7B32DEC
RNG, xrefs: 00007FF8A7B32DA7

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _close_read$clock
String ID: /dev/random$/dev/urandom$Assertion %s failed at %s:%d$Microsoft Primitive Provider$N$RNG$sizeof(tmp) >= av_sha_size$src/libavutil/random_seed.c
API String ID: 3077350862-4220122895
Opcode ID: 42a263d787bb1900c231adad2bae4144787def7db549a8d8b5a27e8b710399cc
Instruction ID: c822da2a4808f073d81bca7506f0578649d38f4c09f7567fb7618592c0ef5585
Opcode Fuzzy Hash: 42a263d787bb1900c231adad2bae4144787def7db549a8d8b5a27e8b710399cc
Instruction Fuzzy Hash: EC7145B2B0B642B6FB189F24E4516BD3691EB883C4F404136DA0F87A95EE7CE487D740

Function 00007FF8A7B2F2C0 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 461COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF8A7B2F94F
_errno.MSVCRT ref: 00007FF8A7B2F977

Strings

%H%M%S, xrefs: 00007FF8A7B2F6A9
+, xrefs: 00007FF8A7B2F5A4
AliceBlue, xrefs: 00007FF8A7B2F5CD
%H:%M, xrefs: 00007FF8A7B2F57A
%H:%M:%S, xrefs: 00007FF8A7B2F68E
%Y%m%d, xrefs: 00007FF8A7B2F64D
%J:%M:%S, xrefs: 00007FF8A7B2F331
%M:%S, xrefs: 00007FF8A7B2F923
%Y - %m - %d, xrefs: 00007FF8A7B2F62C
now, xrefs: 00007FF8A7B2F613

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: %H%M%S$%H:%M$%H:%M:%S$%J:%M:%S$%M:%S$%Y - %m - %d$%Y%m%d$+$AliceBlue$now
API String ID: 2918714741-785088730
Opcode ID: 8cc4219109180221a37125365c6cb82e6481bf229ae85591e8e1ba171042397c
Instruction ID: 021eedfc51ed146d46646e33bec2e241f3389597d094710fb89d6fa4e29dc39b
Opcode Fuzzy Hash: 8cc4219109180221a37125365c6cb82e6481bf229ae85591e8e1ba171042397c
Instruction Fuzzy Hash: 560228B2B1F2965AFB208F25A44473EAB91EB407C4F948131DA4D17BE4DE3DE506AF40

Function 00007FF8A7B0D9B0 Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 272COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7B0D9FF

Strings

av_crc_init(av_crc_table[AV_CRC_32_IEEE], 0, 32, 0x04C11DB7, sizeof(av_crc_table[AV_CRC_32_IEEE])) >= 0, xrefs: 00007FF8A7B0DBBB
av_crc_init(av_crc_table[AV_CRC_24_IEEE], 0, 24, 0x864CFB, sizeof(av_crc_table[AV_CRC_24_IEEE])) >= 0, xrefs: 00007FF8A7B0DB5B
src/libavutil/crc.c, xrefs: 00007FF8A7B0D9D4, 00007FF8A7B0DA34, 00007FF8A7B0DA94, 00007FF8A7B0DAF4, 00007FF8A7B0DB54, 00007FF8A7B0DBB4
Assertion %s failed at %s:%d, xrefs: 00007FF8A7B0D9EB, 00007FF8A7B0DA4B, 00007FF8A7B0DAAB, 00007FF8A7B0DB0B, 00007FF8A7B0DB6B, 00007FF8A7B0DBCB
av_crc_init(av_crc_table[AV_CRC_8_ATM], 0, 8, 0x07, sizeof(av_crc_table[AV_CRC_8_ATM])) >= 0, xrefs: 00007FF8A7B0D9DB, 00007FF8A7B0DA3B, 00007FF8A7B0DA9B
av_crc_init(av_crc_table[AV_CRC_16_CCITT], 0, 16, 0x1021, sizeof(av_crc_table[AV_CRC_16_CCITT])) >= 0, xrefs: 00007FF8A7B0DAFB

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$av_crc_init(av_crc_table[AV_CRC_16_CCITT], 0, 16, 0x1021, sizeof(av_crc_table[AV_CRC_16_CCITT])) >= 0$av_crc_init(av_crc_table[AV_CRC_24_IEEE], 0, 24, 0x864CFB, sizeof(av_crc_table[AV_CRC_24_IEEE])) >= 0$av_crc_init(av_crc_table[AV_CRC_32_IEEE], 0, 32, 0x04C11DB7, sizeof(av_crc_table[AV_CRC_32_IEEE])) >= 0$av_crc_init(av_crc_table[AV_CRC_8_ATM], 0, 8, 0x07, sizeof(av_crc_table[AV_CRC_8_ATM])) >= 0$src/libavutil/crc.c
API String ID: 4206212132-2611614167
Opcode ID: 92c9e43b5e3701d523069e98b3d843c3635d7b65042acc036af35ff1e6a13f27
Instruction ID: 8c4a5d73850d80bf472d3fe4c26f39b62cccb39335ae718d8f8f411e9b013b94
Opcode Fuzzy Hash: 92c9e43b5e3701d523069e98b3d843c3635d7b65042acc036af35ff1e6a13f27
Instruction Fuzzy Hash: A1A1A1B2F1AA46A2E7009F65DC853ED3691EB88384F848635D74DC66D1DE7CE107E700

Function 00007FF8A7B1ED32 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 176libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FF8A7B1ED8A

Strings

Failed to load D3D11 library or its functions, xrefs: 00007FF8A7B1F00B
d3d11_1sdklayers.dll, xrefs: 00007FF8A7B1ED80
Failed to create Direct3D device (%lx), xrefs: 00007FF8A7B1F02D
debug, xrefs: 00007FF8A7B1ED66
DXGIGetDebugInterface, xrefs: 00007FF8A7B1EF65
Using device %04x:%04x (%ls)., xrefs: 00007FF8A7B1EEEF
dxgidebug.dll, xrefs: 00007FF8A7B1EF50

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: LibraryLoad
String ID: DXGIGetDebugInterface$Failed to create Direct3D device (%lx)$Failed to load D3D11 library or its functions$Using device %04x:%04x (%ls).$d3d11_1sdklayers.dll$debug$dxgidebug.dll
API String ID: 1029625771-4247103231
Opcode ID: 5e2a214d2a33974e5b6e87ebf4458333bd18d13c46bc31c7c438c065be5d4816
Instruction ID: bb9e74af1d180c4dbd4eaa4a928b34ce17eeea0bdedd523f26b565973571b538
Opcode Fuzzy Hash: 5e2a214d2a33974e5b6e87ebf4458333bd18d13c46bc31c7c438c065be5d4816
Instruction Fuzzy Hash: 71712B72B0AA42A2EB508F25E45476E6760FF88BC9F544132DE4D477A4DF3DE406E740

Function 00007FF8A7B2C650 Relevance: 16.8, APIs: 1, Strings: 10, Instructions: 299COMMON

Download Yara Rule

Strings

-, xrefs: 00007FF8A7B2CA63
default, xrefs: 00007FF8A7B2C784
none, xrefs: 00007FF8A7B2C7EF
all, xrefs: 00007FF8A7B2C7FE
The "%s" option is deprecated: %s, xrefs: 00007FF8A7B2CABE
const_values array too small for %s, xrefs: 00007FF8A7B2CB8A
%d%*1[:/]%d%c, xrefs: 00007FF8A7B2CB60
min, xrefs: 00007FF8A7B2C7E0
Unable to parse option value "%s", xrefs: 00007FF8A7B2CBAE
max, xrefs: 00007FF8A7B2C7C9

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: %d%*1[:/]%d%c$-$The "%s" option is deprecated: %s$Unable to parse option value "%s"$all$const_values array too small for %s$default$max$min$none
API String ID: 0-679463259
Opcode ID: 9d9d9a3b7a0190a60b3e1d7de4052083c20cc3d048e1b11ee78faf5db607be51
Instruction ID: b3bd7ac23d113d1ccf2fb0df459cd966f46d0e8dcbe3c34bc47a6deb450c9356
Opcode Fuzzy Hash: 9d9d9a3b7a0190a60b3e1d7de4052083c20cc3d048e1b11ee78faf5db607be51
Instruction Fuzzy Hash: 46E1D3B3A0AB8596D761CF14E4447AFB3A0FB85788F544232EA8D57694DF3CD006EB80

Function 00007FF8BFB568B0 Relevance: 16.3, APIs: 6, Strings: 3, Instructions: 567COMMON

Download Yara Rule

APIs

av_malloc_array.AVUTIL-58 ref: 00007FF8BFB56976
av_malloc_array.AVUTIL-58 ref: 00007FF8BFB5698B

Strings

tap_count == 1 || tap_count % 2 == 0, xrefs: 00007FF8BFB573E1
src/libswresample/resample.c, xrefs: 00007FF8BFB56CEA, 00007FF8BFB573D2
Assertion %s failed at %s:%d, xrefs: 00007FF8BFB56D05

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_malloc_array
String ID: Assertion %s failed at %s:%d$src/libswresample/resample.c$tap_count == 1 || tap_count % 2 == 0
API String ID: 1862890220-3187375394
Opcode ID: 821feb5264397491c723a34886a4805e0f008ad312c9caf0883d02201ff3be8e
Instruction ID: f13741d8450be293af949bc2605954e4a0c26aa1dba8a58a84938fd3e7cbd5e7
Opcode Fuzzy Hash: 821feb5264397491c723a34886a4805e0f008ad312c9caf0883d02201ff3be8e
Instruction Fuzzy Hash: B4427472D28F8549D6238B78986127AB725FF963C4F51D337EA4E36A55DF2CF0828600

Function 00007FF8A7B24C80 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 398COMMON

Download Yara Rule

Strings

[%s @ %p] , xrefs: 00007FF8A7B24DCB, 00007FF8A7B24E42
Last message repeated %d times, xrefs: 00007FF8A7B252F6
Last message repeated %d times, xrefs: 00007FF8A7B24FA2
[%s] , xrefs: 00007FF8A7B25316
%s%s%s%s, xrefs: 00007FF8A7B24F2A
8, xrefs: 00007FF8A7B2529D
?, xrefs: 00007FF8A7B250A8

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: Last message repeated %d times$ Last message repeated %d times$%s%s%s%s$8$?$[%s @ %p] $[%s]
API String ID: 0-179686365
Opcode ID: ce54885c60954f378c52401b716c70c516f3c7c7a1fae476ce4e39e9d3599150
Instruction ID: c5df6c09e84b7474f4fb8b49486617564f34635c3e5b03c0038e29dd9d3023ce
Opcode Fuzzy Hash: ce54885c60954f378c52401b716c70c516f3c7c7a1fae476ce4e39e9d3599150
Instruction Fuzzy Hash: 23F1CEB2A0B68665FB24DF11A4103BE6791FF867C4F844036DE8D17786DE3DE846A780

Function 00007FF8A7B224D0 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 442COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF8A7B2262A
abort.MSVCRT ref: 00007FF8A7B226EF
memcpy.MSVCRT ref: 00007FF8A7B22A6B

Strings

Assertion %s failed at %s:%d, xrefs: 00007FF8A7B226DB
src/libavutil/imgutils.c, xrefs: 00007FF8A7B226C4
ret >= 0, xrefs: 00007FF8A7B226CB

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpy$abort
String ID: Assertion %s failed at %s:%d$ret >= 0$src/libavutil/imgutils.c
API String ID: 3629556515-2504023021
Opcode ID: 2312a6da2723e7e0594906141bd6e79322ef9e88a15247b0ee1471fd6e159ad7
Instruction ID: 5c86ad271ec462e6506e6a3df0e73ef7d9b1c11ad702bf812a177ef28b81708d
Opcode Fuzzy Hash: 2312a6da2723e7e0594906141bd6e79322ef9e88a15247b0ee1471fd6e159ad7
Instruction Fuzzy Hash: CA02F0B2A0A68196E760CF15E4443AEB7A0FB897C4F954135DE8D87B98DF3CE442DB40

Function 00007FF6AB243C5C Relevance: 13.6, APIs: 9, Instructions: 72COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF6AB243C78
memset.VCRUNTIME140 ref: 00007FF6AB243C9C
RtlCaptureContext.KERNEL32 ref: 00007FF6AB243CA5
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6AB243CBF
RtlVirtualUnwind.KERNEL32 ref: 00007FF6AB243D00
memset.VCRUNTIME140 ref: 00007FF6AB243D33
IsDebuggerPresent.KERNEL32 ref: 00007FF6AB243D54
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6AB243D75
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6AB243D80

Memory Dump Source

Source File: 0000000B.00000002.2238921075.00007FF6AB241000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6AB240000, based on PE: true

Associated: 0000000B.00000002.2238894813.00007FF6AB240000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238957985.00007FF6AB245000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238984071.00007FF6AB246000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2239020574.00007FF6AB249000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6ab240000_obs-ffmpeg-mux.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 313767242-0
Opcode ID: 8e29f9cfb3282d508510f87b074f2afb23630758b427b43b81c2847ae2e7d6a0
Instruction ID: 084f29adcd4ca85c460cbfec0a1269c693d122d8c81213163ba59337f473fea6
Opcode Fuzzy Hash: 8e29f9cfb3282d508510f87b074f2afb23630758b427b43b81c2847ae2e7d6a0
Instruction Fuzzy Hash: A3313D7661AB8186EB609F60E9503FE7360FB88744F44443ADA8E87BA8DF38D548C710

Function 00007FF8BFBA6CBC Relevance: 13.6, APIs: 9, Instructions: 72COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF8BFBA6CD8
memset.VCRUNTIME140 ref: 00007FF8BFBA6CFC
RtlCaptureContext.KERNEL32 ref: 00007FF8BFBA6D05
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF8BFBA6D1F
RtlVirtualUnwind.KERNEL32 ref: 00007FF8BFBA6D60
memset.VCRUNTIME140 ref: 00007FF8BFBA6D93
IsDebuggerPresent.KERNEL32 ref: 00007FF8BFBA6DB4
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF8BFBA6DD5
UnhandledExceptionFilter.KERNEL32 ref: 00007FF8BFBA6DE0

Memory Dump Source

Source File: 0000000B.00000002.2248249108.00007FF8BFBA1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2248160576.00007FF8BFBA0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2248326454.00007FF8BFBA8000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2248408100.00007FF8BFBAC000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 313767242-0
Opcode ID: 13250969f5b2de30470bf22d6d750f243ba906d20c34ed2405166bb0a67cfad5
Instruction ID: 917ab1229e92aac6c67d73f9844038c5f1eecc0bcd7001cc73b1debfb2aaaab9
Opcode Fuzzy Hash: 13250969f5b2de30470bf22d6d750f243ba906d20c34ed2405166bb0a67cfad5
Instruction Fuzzy Hash: FC313E72609B8186EB609FA4E8507ED7361FB88784F44443ADB8E47B98EF3CD558C710

Function 00007FF8A7B25980 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 408COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7B259AF

Strings

cnt >= 0, xrefs: 00007FF8A7B2598F
src/libavutil/lzo.c, xrefs: 00007FF8A7B25984
Assertion %s failed at %s:%d, xrefs: 00007FF8A7B25996
?, xrefs: 00007FF8A7B25A39
[, xrefs: 00007FF8A7B259A2

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: ?$Assertion %s failed at %s:%d$[$cnt >= 0$src/libavutil/lzo.c
API String ID: 4206212132-2884727783
Opcode ID: 7011ca950fc2a7db3eb286879491971854b83ca07a450eddb1490616219303e7
Instruction ID: 15eb1af8e19c759599083de08eb484d52b5b2e200ad7f7e63fd9c52f147f7837
Opcode Fuzzy Hash: 7011ca950fc2a7db3eb286879491971854b83ca07a450eddb1490616219303e7
Instruction Fuzzy Hash: EAE104B2B1F662A2EB60CE11858977D6A92FF457C0FD58171CE0D07780EA7DE606E780

Function 00007FF8A7B0BE20 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 216COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7B0C141

Strings

ambisonic %d, xrefs: 00007FF8A7B0BF01
channel_layout->order == AV_CHANNEL_ORDER_CUSTOM, xrefs: 00007FF8A7B0C11D
Assertion %s failed at %s:%d, xrefs: 00007FF8A7B0C12D
src/libavutil/channel_layout.c, xrefs: 00007FF8A7B0C116

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$ambisonic %d$channel_layout->order == AV_CHANNEL_ORDER_CUSTOM$src/libavutil/channel_layout.c
API String ID: 4206212132-610793534
Opcode ID: 4154b1103f2502a80824f1cfea4b5c08add524b0e9befcb9efd5374d9646e1ef
Instruction ID: f73c40859f23439044d1ca70747d59357e130eb069d3f8358e601b1fd9170818
Opcode Fuzzy Hash: 4154b1103f2502a80824f1cfea4b5c08add524b0e9befcb9efd5374d9646e1ef
Instruction Fuzzy Hash: 0C7129F3F2994687E7154B34DC0136D5182EB957E0F4CD235EA0AD6B85EE2CE5839B01

Function 00007FF8A7B846C0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 85COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7B84707

Strings

Assertion %s failed at %s:%d, xrefs: 00007FF8A7B846F3
src/libavutil/utils.c, xrefs: 00007FF8A7B846DC
n, xrefs: 00007FF8A7B846FA
(state[4] & 3) == 3, xrefs: 00007FF8A7B846E3

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: (state[4] & 3) == 3$Assertion %s failed at %s:%d$n$src/libavutil/utils.c
API String ID: 4206212132-3394967418
Opcode ID: f745146a8868629358c2eef4edc24f02b811a2bcba902581bbe48fb0424e79ec
Instruction ID: 130192bf7381ae5e6e98134f1194f6aeca5cfc9f1aed97df74b3e1d711834803
Opcode Fuzzy Hash: f745146a8868629358c2eef4edc24f02b811a2bcba902581bbe48fb0424e79ec
Instruction Fuzzy Hash: B9217EF791F58655F7119E3C98402FE7292EB42BE5F950332E529C25D4DE3CD5879100

Function 00007FF8A7B0BA70 Relevance: 7.8, Strings: 6, Instructions: 250COMMON

Download Yara Rule

Strings

AMBI%d, xrefs: 00007FF8A7B0BDD8
@%s, xrefs: 00007FF8A7B0BC1D
NONE, xrefs: 00007FF8A7B0BB96
USR%d, xrefs: 00007FF8A7B0BCE0
%d channels (, xrefs: 00007FF8A7B0BB71
%d channels, xrefs: 00007FF8A7B0BB5E

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: %d channels$%d channels ($@%s$AMBI%d$NONE$USR%d
API String ID: 0-1306170362
Opcode ID: b58385b35ee8c0576a5674ace7b060eb4fb2608f8c8b053f2f6c87950b102242
Instruction ID: 01a4906017f4ed23f28b7fca577a7c47bc3457d661d596809b6e7e715d249da8
Opcode Fuzzy Hash: b58385b35ee8c0576a5674ace7b060eb4fb2608f8c8b053f2f6c87950b102242
Instruction Fuzzy Hash: 2291E1F2F1A157A6FA398E159C40B7E6751EF44BD0F48C431DE0E67A89CE2CA943A740

Function 00007FF8A7BADAA0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 331COMMON

Download Yara Rule

Strings

pow, xrefs: 00007FF8A7BADBCF, 00007FF8A7BADCFE, 00007FF8A7BAE0AC

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: pow
API String ID: 0-2276729525
Opcode ID: 4e4d1c9717f4655b5bbf70594396bdc5da546f85907a2c9caf3bda01d7e980ea
Instruction ID: eceb197aeb767903e896341b07dfc2bcd4ea958cc7591dfd103d2f4d71bfe0eb
Opcode Fuzzy Hash: 4e4d1c9717f4655b5bbf70594396bdc5da546f85907a2c9caf3bda01d7e980ea
Instruction Fuzzy Hash: FFD1C9B2D0EA5276E6627E24545027E6615EF953C0F508332EA8E362DDEF6DB483F180

Function 00007FF8A7B45B00 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 253COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7B45E9A

Strings

', xrefs: 00007FF8A7B45E8D
src/libavutil/tx.c, xrefs: 00007FF8A7B45E6F
Assertion %s failed at %s:%d, xrefs: 00007FF8A7B45E86

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: '$Assertion %s failed at %s:%d$src/libavutil/tx.c
API String ID: 4206212132-3565471776
Opcode ID: ec47289fc772912451eea82ccb2b1043ae62ca5012e7b26885c9d820250d193f
Instruction ID: 9d34bd4dcacaa5fe30b0e9416e9f83994b0109d70319bc5e2c132661902244bd
Opcode Fuzzy Hash: ec47289fc772912451eea82ccb2b1043ae62ca5012e7b26885c9d820250d193f
Instruction Fuzzy Hash: 5CA1F6B2A0AA8596DB60CF18E4407AEB7A1FF887C4F545135EA4E43B54DF3DE846DB00

Function 00007FF8A7B0D5C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF8A7B0D5CD
GetProcessAffinityMask.KERNEL32 ref: 00007FF8A7B0D5E0

Strings

detected %d logical cores, xrefs: 00007FF8A7B0D6C3
overriding to %d logical cores, xrefs: 00007FF8A7B0D69D

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Process$AffinityCurrentMask
String ID: detected %d logical cores$overriding to %d logical cores
API String ID: 1231390398-3421371979
Opcode ID: 2e9904b101b569c18024893eab007079966040748388d549111c530203c0def7
Instruction ID: d4e3653927ea3658b91c810768a0b8d5807df142329be9f81a87f79af3ea14d7
Opcode Fuzzy Hash: 2e9904b101b569c18024893eab007079966040748388d549111c530203c0def7
Instruction Fuzzy Hash: 8121C4F3B2A90613E7148E29EC013691291FB987A4B8DD136DA4ED7B95ED3CE603D241

Function 00007FF8A7B01C30 Relevance: 4.2, APIs: 3, Instructions: 497COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF8A7B01EA6
memcpy.MSVCRT ref: 00007FF8A7B01EBB

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 403baa3e1a488a5a0e7543da01e81e3aaffd6a2fe1ed6e15f3cbc0658172d83e
Instruction ID: afa13e2dcd1b44c24445e6c50af0b967ff9bc429437638f6c243b1a4cda04893
Opcode Fuzzy Hash: 403baa3e1a488a5a0e7543da01e81e3aaffd6a2fe1ed6e15f3cbc0658172d83e
Instruction Fuzzy Hash: 6A32F1B3A0DBC096E7698F29E4403EEBBA1F795384F058125EBC953A56CB3CE165D700

Function 00007FF8A7BB0640 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 155COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF8A7BB0754

Strings

__powi, xrefs: 00007FF8A7BB0761

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: __powi
API String ID: 2918714741-2331859415
Opcode ID: 1ed4b1acd7149e56c63c0e5b63662fa1acdc3d18d69be49f294a8596855a1eb9
Instruction ID: 13e069cac524072d4228e9f3ac1bfff72f9ac46fd59330ff57028358383a81a1
Opcode Fuzzy Hash: 1ed4b1acd7149e56c63c0e5b63662fa1acdc3d18d69be49f294a8596855a1eb9
Instruction Fuzzy Hash: 3E518CB0E1FA0694FA564E26586033E6355EFE63C8F14D336DE0E2A5C0EF1DAC83A540

Function 00007FF8A7B03B87 Relevance: 3.5, APIs: 2, Instructions: 484COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 238db13e466d98e71d78f61cae172d4804caeca104bc3b3bb4d467ddbb97d8ec
Instruction ID: 31087e6a524a8aaaf96a2c47398f4c68f2b17a4045442ffa9451016af6ae14a0
Opcode Fuzzy Hash: 238db13e466d98e71d78f61cae172d4804caeca104bc3b3bb4d467ddbb97d8ec
Instruction Fuzzy Hash: 6822BCB2A0EAD5A4D6208E15A0443FEB7A1FB86BC0F444136DA9D63789DF3CE543E701

Function 00007FF8A7B0B030 Relevance: 3.1, APIs: 2, Instructions: 87stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8A7B0AE10: strlen.MSVCRT ref: 00007FF8A7B0AE26
Part of subcall function 00007FF8A7B0AE10: memcmp.MSVCRT ref: 00007FF8A7B0AEA5

strtol.MSVCRT ref: 00007FF8A7B0B0F6
_errno.MSVCRT ref: 00007FF8A7B0B0FE

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errnomemcmpstrlenstrtol
String ID:
API String ID: 1078869015-0
Opcode ID: 4e62ed5a4916453a6424c7a293e756ef9a25259ab9570582f9bd8a4894d05afe
Instruction ID: c1a7008ab17f3a0bb7ca8f9f2cf4d8cfc1e725108c2782e40465de5c30fa34b5
Opcode Fuzzy Hash: 4e62ed5a4916453a6424c7a293e756ef9a25259ab9570582f9bd8a4894d05afe
Instruction Fuzzy Hash: 772192F3F2A50653EB1C8925DC2233D52C3A7987B0F4CC139DE1AD6789E93C99968705

Function 00007FF8A7BA9720 Relevance: 3.0, APIs: 2, Instructions: 39timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32 ref: 00007FF8A7BA9739
GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF8A7BA9760

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Time$FileInformationSystemZone
String ID:
API String ID: 2921752741-0
Opcode ID: a6735fc188ae2be04b6747e7321527e39212664d39bbfa2ed8a26b191bdbbc72
Instruction ID: 0421b098cc433c003fad210e4a688416250fc14c9cb6cefe8461e2ece8c7cf11
Opcode Fuzzy Hash: a6735fc188ae2be04b6747e7321527e39212664d39bbfa2ed8a26b191bdbbc72
Instruction Fuzzy Hash: 3101B1F2B1864687DF689F21F41037DA291EB547D4F48C131DAAE86798EF2CD486E700

Function 00007FF8A7B46350 Relevance: 1.7, Strings: 1, Instructions: 449COMMON

Download Yara Rule

Strings

%i: , xrefs: 00007FF8A7B4696A

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: %i:
API String ID: 0-3112360579
Opcode ID: 56225696255aec5cf75f5aaaa0dab9d34a63c7dc86180539428f912345232fc3
Instruction ID: 18105b0f4c0d37ce77dd94518aba3362fbbd063a230c42635962dd1b5e242b23
Opcode Fuzzy Hash: 56225696255aec5cf75f5aaaa0dab9d34a63c7dc86180539428f912345232fc3
Instruction Fuzzy Hash: D802EFB2A0AB92A6EB248F28C46067C73A0FB44B8CF554136CB5D43790DF79E992D740

Function 00007FF8A7B45350 Relevance: 1.6, Strings: 1, Instructions: 329COMMON

Download Yara Rule

Strings

, xrefs: 00007FF8A7B45365, 00007FF8A7B4542D, 00007FF8A7B454AB, 00007FF8A7B45522, 00007FF8A7B4559D, 00007FF8A7B4561F, 00007FF8A7B45689, 00007FF8A7B456D4

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID: 0-399585960
Opcode ID: 32d18d1ae2b9536030ec3fb165465a0a39662cd1298dc4829aec3954e2195451
Instruction ID: e295d6882674f119f76e3f3dace4ef82e47a4436ac0bc3fd32d2489482b33960
Opcode Fuzzy Hash: 32d18d1ae2b9536030ec3fb165465a0a39662cd1298dc4829aec3954e2195451
Instruction Fuzzy Hash: 77E18CB2A09A8697E720CF26E484BAE7760FB847C4F514136DF8D43B59DE39E442DB40

Function 00007FF8A7B84840 Relevance: 1.4, Strings: 1, Instructions: 151COMMON

Download Yara Rule

Strings

0123456789abcdef, xrefs: 00007FF8A7B84840

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: 0123456789abcdef
API String ID: 0-1757737011
Opcode ID: 067b04213758aebbec89ab64825b0ea9af463173314dc67680d0fe0a86fcad37
Instruction ID: 4db6ed6dccb60a9313a568841a86bd78a9c428268a9880c6d4334a1caa51be73
Opcode Fuzzy Hash: 067b04213758aebbec89ab64825b0ea9af463173314dc67680d0fe0a86fcad37
Instruction Fuzzy Hash: 5B61C9977292F19DD72247A9A810F9CBE52D266B45F1D4289D7C10BF93C212C0B2FB21

Function 00007FF8A7B0B150 Relevance: 1.4, Strings: 1, Instructions: 147COMMON

Download Yara Rule

Strings

%d channels, xrefs: 00007FF8A7B0B273

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: %d channels
API String ID: 0-1351059727
Opcode ID: fb37549d1e1a87d1845128c91bcf027e9804e02a172115fddd54d2ad187c1367
Instruction ID: 849a48a1b16da77ad52294add0190019fb29ca25b16befce697ff7b857887645
Opcode Fuzzy Hash: fb37549d1e1a87d1845128c91bcf027e9804e02a172115fddd54d2ad187c1367
Instruction Fuzzy Hash: E24105F3F1644662FB298E15BC0167E5642EB98BF6F48D031DE0956B49ED3C9587D300

Function 00007FF8A7B42B60 Relevance: 1.4, Strings: 1, Instructions: 118COMMON

Download Yara Rule

Strings

%02u:%02u:%02u%c%02u, xrefs: 00007FF8A7B42C47

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: %02u:%02u:%02u%c%02u
API String ID: 0-3773705257
Opcode ID: 05e44b18eb7a4dcf895f83e0c2975131c3305643ef67c3862a7710349e35a628
Instruction ID: 42e0e49d906d2e20c6812e15354de97c4bc22229f93cbc4432d22daf0f98b0dd
Opcode Fuzzy Hash: 05e44b18eb7a4dcf895f83e0c2975131c3305643ef67c3862a7710349e35a628
Instruction Fuzzy Hash: B4317BFBF2A5555AE735CE1598407EE2242F7447C9F888230ED0A4B749E93CE94AF300

Function 00007FF8A7B0E9A0 Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

9%lld, xrefs: 00007FF8A7B0EADF

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: 9%lld
API String ID: 0-1067827528
Opcode ID: 4bf4b89b430cf95bf7994c152801e5258dcff788620b942f10691eac737950a8
Instruction ID: e95dfcf8044802e39fe17f170ac762e79cac82527a117d44f589ed87fb7d3287
Opcode Fuzzy Hash: 4bf4b89b430cf95bf7994c152801e5258dcff788620b942f10691eac737950a8
Instruction Fuzzy Hash: 3F3125A373594043E647DEA6A8552ED2352F38D7CAF84A032FE0B97308E67DDD06E100

Function 00007FF8A7B0E820 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

9%lld, xrefs: 00007FF8A7B0E95C

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: 9%lld
API String ID: 0-1067827528
Opcode ID: b7dcea320b78e429be7da6e3a51ac97eece9d04196250d78cf97526035406e98
Instruction ID: 6ee62a38d14dd975717092792951ea95129ba1b463159a2a4588840cb3859cae
Opcode Fuzzy Hash: b7dcea320b78e429be7da6e3a51ac97eece9d04196250d78cf97526035406e98
Instruction Fuzzy Hash: E131E4A373195153E642DEA6A4556ED2751F38D7CAFC4A032FE0AD7304EA7CCD0AE200

Function 00007FF8A7B42CC0 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

%02u:%02u:%02u%c%02u, xrefs: 00007FF8A7B42D5D

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: %02u:%02u:%02u%c%02u
API String ID: 0-3773705257
Opcode ID: fdd9d13a151395552cd65e209512f394c3a647e9cf21eb926f75bca4cb5d8e29
Instruction ID: 62abf31204d306b7ece8e6c4942c09bf00de2984541c00fb7108dd762b78ad3d
Opcode Fuzzy Hash: fdd9d13a151395552cd65e209512f394c3a647e9cf21eb926f75bca4cb5d8e29
Instruction Fuzzy Hash: D81127B3528445569B4DDF1A88116ED7691F390BC8BC84235E95BCB344DD3CD74AE704

Function 00007FF8A7B0B6A0 Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

front left, xrefs: 00007FF8A7B0B743

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: front left
API String ID: 0-959785498
Opcode ID: 23cad181ecbb07febb14ec29e22a05d1089456614179c0b502e2ad97e0cb5eae
Instruction ID: 7075b46b59bd6680dfb8a350cefd5db58eff9a803b22558458a2580cb383da50
Opcode Fuzzy Hash: 23cad181ecbb07febb14ec29e22a05d1089456614179c0b502e2ad97e0cb5eae
Instruction Fuzzy Hash: 0911E3E7F3556A43EB204A2DCC0575901C2E3A97A0B4CE131E849C2B48EC3DE6839A42

Function 00007FF8A7B287F0 Relevance: 1.3, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FF8A7B28819

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 30d0097c098d0a2c9e6ec4e870c0f712385f61fe009233d20c93c0c5dbd3fad9
Instruction ID: 6360e65ecd7bff0a8d9295d633107908da13a0381195449fea1539a171be0d21
Opcode Fuzzy Hash: 30d0097c098d0a2c9e6ec4e870c0f712385f61fe009233d20c93c0c5dbd3fad9
Instruction Fuzzy Hash: 5711B2A2711B4C52AD08D7AAA8B68B9925AA3ADFD4718F032CF0D4B354DD3CE092C340

Function 00007FF8A7B34920 Relevance: 1.0, Instructions: 994COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e651fe4c88c82812c6238caf3bdcde6ab459b46390ea8f8b4a9699f07545262f
Instruction ID: 1bda1fb4674d5b31257bf7ffee1b08a0ed086879fa134946f1178f46d8c42b44
Opcode Fuzzy Hash: e651fe4c88c82812c6238caf3bdcde6ab459b46390ea8f8b4a9699f07545262f
Instruction Fuzzy Hash: 6572EAB7B251204BE354CF2AE844E46BB92F7D8748B56A114EE56E7F04D23DEA06CF40

Function 00007FF8A7B33C00 Relevance: 1.0, Instructions: 989COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1d4f91dbcd3920678f56ce2ea7d672d73a39a89e5afe551f032633b1d0d58bd
Instruction ID: 964c822f9f187339aa42b2d0479b64a4cd5d221fa53f8ffe4ad9e35da9718a6b
Opcode Fuzzy Hash: f1d4f91dbcd3920678f56ce2ea7d672d73a39a89e5afe551f032633b1d0d58bd
Instruction Fuzzy Hash: A0720977B282244B9318CF26E809D4AB796F7D4704B469128EF16D7F08E67DEA058F84

Function 00007FF8A7B23580 Relevance: .7, Instructions: 727COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a118a507555301ea384540139cf8e1fb3b65300ff54bfeb7e4b20e0f2e86e279
Instruction ID: eed9353e40031dba018bc47a9e266f0836213c7eb39866f8367cc9c4a70c3ddd
Opcode Fuzzy Hash: a118a507555301ea384540139cf8e1fb3b65300ff54bfeb7e4b20e0f2e86e279
Instruction Fuzzy Hash: 355207A361D2A186E3648F69A400B7FF6E1FB94781F50A125EAC987FD8E73CD440DB50

Function 00007FF8A7B26820 Relevance: .6, Instructions: 593COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36dddfe8cf3ff9be88c3b72cff50abe549f3a298be1906c93472ea6cf2cfdb2f
Instruction ID: ab99a49f5068e0e34af93936bb41db1d7b5111a5bf18663f79e8a89e88ea40c6
Opcode Fuzzy Hash: 36dddfe8cf3ff9be88c3b72cff50abe549f3a298be1906c93472ea6cf2cfdb2f
Instruction Fuzzy Hash: 9512A377B6016047D76CCF36E816F993796E399758389E12C9A02D7F08DA3DD90ACB80

Function 00007FF8A7B43560 Relevance: .5, Instructions: 518COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8160ea691a23e1b632a407eca822979379531e44aeec8686b9d2442b5e3ae57d
Instruction ID: 64a664f3dc9c40dec499b2d3098ffe31a25bfffc1fad661deb89277695a621d1
Opcode Fuzzy Hash: 8160ea691a23e1b632a407eca822979379531e44aeec8686b9d2442b5e3ae57d
Instruction Fuzzy Hash: C222A2B272AA4592DA60DF16E44496E7368FB84FC4F598035DF5EAB784DF39D402E300

Function 00007FF8A7B4CBE0 Relevance: .5, Instructions: 505COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff40ba625cf61736bb64c8bdf5840a366f4253e3d55665abfb5f43b414cbf64c
Instruction ID: 3e0944550c0025046ee189df3abe1888f1f661241c28db67fce17767bc6854aa
Opcode Fuzzy Hash: ff40ba625cf61736bb64c8bdf5840a366f4253e3d55665abfb5f43b414cbf64c
Instruction Fuzzy Hash: 2122C662E29F904ED253CE75945123E6B68FFA67C4B41D323EE4B76B12DB34E1878200

Function 00007FF8A7B309B0 Relevance: .5, Instructions: 497COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d0debf0142da6a9273804bc82d00e17f960341957d4bf9a7368440b236c8168
Instruction ID: f7b1ea2a9fb5f4df7ac57e39c8ea3ff66c2fe363fa7fb0c706c2542e0d324133
Opcode Fuzzy Hash: 5d0debf0142da6a9273804bc82d00e17f960341957d4bf9a7368440b236c8168
Instruction Fuzzy Hash: 8C02E3B3F1AA95A6EB754F14A101E7C7FA1FF50B85F459039C74E13F80DA38A996A300

Function 00007FF8A7B62B80 Relevance: .5, Instructions: 495COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5050afa32f6ddfb6a114996f9f218715255f7c7b544984919c9caa6235c0bb16
Instruction ID: 998d9efad587e1bf8397a306107281cf2afd93e18dfb1cb711049750912213aa
Opcode Fuzzy Hash: 5050afa32f6ddfb6a114996f9f218715255f7c7b544984919c9caa6235c0bb16
Instruction Fuzzy Hash: 4E222572E29ACC57D212CE77948117D7B10FBAE7C4B59EB16EE05726A2DB34F0889700

Function 00007FF8A7B07260 Relevance: .5, Instructions: 471COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81a7950f2253a1c48c8c137fbc100e25f2fe9e5a0653b74c0b8ed70f9fb77fc6
Instruction ID: fab65d156465216de22c95b441cf828349011f81182ea2c682bce0ca1b49cae6
Opcode Fuzzy Hash: 81a7950f2253a1c48c8c137fbc100e25f2fe9e5a0653b74c0b8ed70f9fb77fc6
Instruction Fuzzy Hash: 1D1284732108148BD391CF5EE8C0E5DB7D1F798B4EB629324EB4693B61D632A863D790

Function 00007FF8A7B31160 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f7b787218cfe6dc98328e18f40f484bb36194aafcb0adaf6dc1dee95f7ee729
Instruction ID: 8260378edc6253656f87a36fba6eb5c4c3dc23a273c1cca8877c2ee4173ad91d
Opcode Fuzzy Hash: 6f7b787218cfe6dc98328e18f40f484bb36194aafcb0adaf6dc1dee95f7ee729
Instruction Fuzzy Hash: 8DB1E6B7F1AA88A6DB704F54E442EBDBBB4FF50784F459035CB0A53F90E6286596A300

Function 00007FF8A7B09D50 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b431d04f8cfd326d065826c0ea4a07768d4831b2dc7686569c959b8d95ae5da
Instruction ID: 49bf5287740c587347de887e777204639b8b727b6b64fab9040c3727faabb559
Opcode Fuzzy Hash: 1b431d04f8cfd326d065826c0ea4a07768d4831b2dc7686569c959b8d95ae5da
Instruction Fuzzy Hash: 56B1C1A26095C16EEB198F7698206EF6BA0EB1DBC4F44E022DFDD5B746CD2CD642D300

Function 00007FF8A7B0A520 Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd04e1f6e5b77fd235431d6daf680498f867f8c369b5541b7e47b1bcb3da3638
Instruction ID: 3021b319d71139038507e3d38d037563139e4476ea119d6911c4804673a50531
Opcode Fuzzy Hash: bd04e1f6e5b77fd235431d6daf680498f867f8c369b5541b7e47b1bcb3da3638
Instruction Fuzzy Hash: E0B1BC735006588FD348DF6AD95843E3BA2F7D8B59B9B0229DB4317780EB706826DB90

Function 00007FF8A7B0A1B0 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c26bc9e0afa6a36dad590029bfac38e6475024b67d277dcd255fc33b8d7af121
Instruction ID: edfecd9a16bbdc166376368d553447f4dc66d6a519180dbd7b1e1a8ed690c896
Opcode Fuzzy Hash: c26bc9e0afa6a36dad590029bfac38e6475024b67d277dcd255fc33b8d7af121
Instruction Fuzzy Hash: 47B15E33A005A48FD788DF6AD89887D37A3E7C871179BC32AD74553389DA74680ADBD0

Function 00007FF8A7B22F20 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99f169184c6d2b13734529f87c174bec29b0316c2a188a1d7a05902af3d816c2
Instruction ID: 1917f942887feb167ae8a6cfb015cc46d4abb0bc6d9c4778bcd72a415451c5b2
Opcode Fuzzy Hash: 99f169184c6d2b13734529f87c174bec29b0316c2a188a1d7a05902af3d816c2
Instruction Fuzzy Hash: 029138F1B2F16662F7698E499401B3FA595EB10BC0FC4A135DD4A477C0D63EE5829B80

Function 00007FF8A7B06E70 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8a701fd31c154d2dc192229eb25d8d25638208f0de1ecaa09b169f4e8a8f8eb
Instruction ID: 5ecff00a341bd34dbe8412c3541c4df4444f7e048cbc0b7a87d7250357c9fd73
Opcode Fuzzy Hash: c8a701fd31c154d2dc192229eb25d8d25638208f0de1ecaa09b169f4e8a8f8eb
Instruction Fuzzy Hash: 45A130720198148BE34BCF5E948021EB3E1FB48A9FB616710EF4F87661D636AE63D750

Function 00007FF8A7B444D0 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90b32cb7f7fc63c6fb00127071f37436bbba4780064a9dd077ecd279716693df
Instruction ID: 36d0879407202900267087064b3643200ef0da285e6f78458687609b00d15dcf
Opcode Fuzzy Hash: 90b32cb7f7fc63c6fb00127071f37436bbba4780064a9dd077ecd279716693df
Instruction Fuzzy Hash: 8C91C1731092E0AED306CF3A96449AE7FE0F71A788B9AD151DB954BB47C238E613D710

Function 00007FF8A7B09A50 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76ca8846758f7279c89c706cb55d4a6c794990205b94bc84ef3eb9dab7f83264
Instruction ID: 2685330310168cf931ce93a8233a7c850119f94f75912ac80ac8a1d569be9119
Opcode Fuzzy Hash: 76ca8846758f7279c89c706cb55d4a6c794990205b94bc84ef3eb9dab7f83264
Instruction Fuzzy Hash: 40616DE27064659AEE989F368D612AE1395BB4CBC1F81B832DD4DA7385DD2CD842C341

Function 00007FF8A7B330A0 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a01a8d336d240b66a520b8f76eca36f64ac119a91bb538f3d36a02399c46787c
Instruction ID: d47aecff3846e02d10a2ac368fca382a416381bfe2144208b5fc2011500d6586
Opcode Fuzzy Hash: a01a8d336d240b66a520b8f76eca36f64ac119a91bb538f3d36a02399c46787c
Instruction Fuzzy Hash: A051F772B1A7E551DA348E2A7D00BABA6C9EB58FC4F49A0359D0D5BF84DE7CE4825300

Function 00007FF8A7B0E4C0 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d77631254022a2564090f98b8bfa30d20299f2ed0b727a65807a914737ba4ae
Instruction ID: a15d5da4133fccabe7f557516de404bc5c50208011ebb0634a9257ffc8d3a2b2
Opcode Fuzzy Hash: 5d77631254022a2564090f98b8bfa30d20299f2ed0b727a65807a914737ba4ae
Instruction Fuzzy Hash: 634163B6F0650213FF19EE76A85506F5296BB887D4704A139EE0F87BC9ED7CE482D240

Function 00007FF8A7B41E10 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afccfe9f3e014e08196aad724a937f91ef825408217a78f00344b29ce58b4f81
Instruction ID: b698bba6f93dfe7679fd8e266cf5d3d54dac722a5c1d5b110bc78f386a84da95
Opcode Fuzzy Hash: afccfe9f3e014e08196aad724a937f91ef825408217a78f00344b29ce58b4f81
Instruction Fuzzy Hash: 975104B7F4A2C46AD71A8F21A9046ADBFE0F719788B488035DF8943B45D63CE552D710

Function 00007FF8A7B0D210 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 925e7221762b452499bd5f1cd8d4647ae936fd8bfb8d6f0e8219c8ca6ea31777
Instruction ID: 4e4f69bbd28c37c03573fcfdad6f9323ca4f09fc90f9136dcfdb4469a75735a2
Opcode Fuzzy Hash: 925e7221762b452499bd5f1cd8d4647ae936fd8bfb8d6f0e8219c8ca6ea31777
Instruction Fuzzy Hash: 1741D3F3F1A40657FB684D79E841B3D5680EB64BE8B08D135ED0AE77C0D92CE9839241

Function 00007FF8A7B32B40 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1da0fa7538a61e1ec26d81ef3ee2e77181907d7570b22cc55868e0e260c2f721
Instruction ID: deded656bca54fcb41aa28a91495fb6f2b8ee12cfe2ad86d062cd528f8b336e0
Opcode Fuzzy Hash: 1da0fa7538a61e1ec26d81ef3ee2e77181907d7570b22cc55868e0e260c2f721
Instruction Fuzzy Hash: 2A413502F1A2E10BC7924EBF4DD922DADD2158E44638CC77AA7D4C52DFD86CE20E6614

Function 00007FF8A7B0CCE0 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bbb289327d116bb0d3926814ce134dcf89bf85936bb88c31896ce7583001f71
Instruction ID: 22c05cf761a459ca684e0e93b95ea2ce889f01a1414544755c89399e10388a50
Opcode Fuzzy Hash: 1bbb289327d116bb0d3926814ce134dcf89bf85936bb88c31896ce7583001f71
Instruction Fuzzy Hash: AB41D5F3F3A84503EB6C8A29CC057285183A7E47B175CD235D91ADAFD8E93CEA079542

Function 00007FF8A7B328B0 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8289133b11807aa708dee106fcce6d7ef6ccc2dac79a51c200281d0fae8d85f5
Instruction ID: 0a24dedc9a0a57ffe617537608a8400275a41b98e14bb4ea312f375e18c72059
Opcode Fuzzy Hash: 8289133b11807aa708dee106fcce6d7ef6ccc2dac79a51c200281d0fae8d85f5
Instruction Fuzzy Hash: 8741A2522380F00AC76E1F3D293AA39BE92725664774EE36EFE8342AC7D41D8910A714

Function 00007FF8A7B013A0 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e751435a9f45e6580fe7b108adce3f96b0c8069535fb2d3307a909beff15caba
Instruction ID: d895bf509cdc5ed048530322e5a5b737fb73cc571ea4556594ad50e15b1d8de6
Opcode Fuzzy Hash: e751435a9f45e6580fe7b108adce3f96b0c8069535fb2d3307a909beff15caba
Instruction Fuzzy Hash: FB3168A3F6126A13EF1D8A596C02BBC9441AF447D8F449231ED1E6BBD9E43CD947E200

Function 00007FF8A7B0D030 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66cb80125cf637f8d0b0a114fc56422192b4e9792f88120ada6a7116402668c2
Instruction ID: 1c078fb69e07669e041fa191fae9e3dee138d68a07eab1021c2b843c990ea2a1
Opcode Fuzzy Hash: 66cb80125cf637f8d0b0a114fc56422192b4e9792f88120ada6a7116402668c2
Instruction Fuzzy Hash: EB3191E7B354B943EB7C4639C852B280591D7657B0B8CE439DD4AC2FC1E81EE6428F42

Function 00007FF8A7B01990 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f50bf9d45b07f9fed7a8078693abee7f23351cad672a747608ffeb063cebe12d
Instruction ID: d0ef07d6e278a7003460a810eabec1f90c1e3faf96bcace153913f7f8b61937d
Opcode Fuzzy Hash: f50bf9d45b07f9fed7a8078693abee7f23351cad672a747608ffeb063cebe12d
Instruction Fuzzy Hash: 3A519E73108AE58AD796CB64D448BED3BA8F71C384F964471DBAC83712DBB5D890D700

Function 00007FF8A7B01730 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 860bab9d395cf43ed3b1cf56782110bfed2c0c3dddb8109515e6473b81413bd7
Instruction ID: 73e8ee1c3e4a43fc7d4f586f63718ddcf7f6d5c332cae9cedc9314a85886e009
Opcode Fuzzy Hash: 860bab9d395cf43ed3b1cf56782110bfed2c0c3dddb8109515e6473b81413bd7
Instruction Fuzzy Hash: 90519E73108AE186E796DB64D448BEE3BA4F718384FA68071CBEC83702DBA5C991C700

Function 00007FF8A7B233E0 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf754ad211c098a8f34c6fa0d70b3b75da22e1392d81fac143d3245663dd1af9
Instruction ID: 68b3c353370610f829c0f810af7bc75273a2aafbeff44e1e954b7d831ebac9ec
Opcode Fuzzy Hash: bf754ad211c098a8f34c6fa0d70b3b75da22e1392d81fac143d3245663dd1af9
Instruction Fuzzy Hash: C141A0E673D0B263F3354B08A001D2EF7A1EB52BC1B94A210DBA413E94C67AD659EF50

Function 00007FF8A7B44330 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51b6c65e6f8fbbfa1a7d368a2725116908e408c53695cc2cda4a45b28fc02054
Instruction ID: a3110788c5d456d8911bf434321212693c6c3259c371233dbd7edd9d4699dac3
Opcode Fuzzy Hash: 51b6c65e6f8fbbfa1a7d368a2725116908e408c53695cc2cda4a45b28fc02054
Instruction Fuzzy Hash: 274170731046648BD301CF2AE980A9AB7E1F398B4CFA5D225DF4257356D739A907C780

Function 00007FF8A7B0B460 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b83fdb0131200dfce48832797b5ce1ee65e01df28847898595a6ba08a50e8d6
Instruction ID: 47cb1b6241ad56cf92aced333706cb4e5444492aa0ffb8009294f2981a06198d
Opcode Fuzzy Hash: 1b83fdb0131200dfce48832797b5ce1ee65e01df28847898595a6ba08a50e8d6
Instruction Fuzzy Hash: E02150E7F3186A07EB78427DEC16F1404C255B977434CE135E906D6F85F42EEA524A83

Function 00007FF8A7B22D20 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9accf3f83477c77ce7ab5b6679156a875be267288f965f0b915796913070d0d7
Instruction ID: 7eed5754b1834e89ad7b281dee9995115732208a055216060500222a49c2bc36
Opcode Fuzzy Hash: 9accf3f83477c77ce7ab5b6679156a875be267288f965f0b915796913070d0d7
Instruction Fuzzy Hash: 1121299B7315F903FB010ABE6D056759982A188BF73499732ECA8E77CDC478DC519290

Function 00007FF8A7B22BF0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a414ea0c491aecb8e1acee4f50acb857c601688e8d49eddf1fb7be55f6bcb7eb
Instruction ID: 7a5d0e89ee220409aea0cd3b8462f96d225d0e593cd00c887ba69c6791ff7a16
Opcode Fuzzy Hash: a414ea0c491aecb8e1acee4f50acb857c601688e8d49eddf1fb7be55f6bcb7eb
Instruction Fuzzy Hash: 7F213E9FF656BA03FB1846AF6C412786280E648BF63489732DDDDE77CAD47C890291D0

Function 00007FF8A7B0C1A0 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13f149c23a356f76f238516a0c29d6d6da4b78dcaf03ebe63ea6bb4be2698659
Instruction ID: b91998fd4cdeeed29716ef9bafd7368579d0615a39b5ecc6e429fbab5f7d88ef
Opcode Fuzzy Hash: 13f149c23a356f76f238516a0c29d6d6da4b78dcaf03ebe63ea6bb4be2698659
Instruction Fuzzy Hash: BA21A4FBF390A553EB794B6DE500F681541A365BF469CE130C90E93E80DA1BDA43AF02

Function 00007FF8A7B0D700 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6e375ad6e9128b21d2b8073199f54bc1e05150e57f45dacb5095166fe167bd8
Instruction ID: ce97230630f65ef6444f3ab4a04bc6edd2cdb0f643c82cd50ca37f9e70b150c4
Opcode Fuzzy Hash: b6e375ad6e9128b21d2b8073199f54bc1e05150e57f45dacb5095166fe167bd8
Instruction Fuzzy Hash: 0A212473B708AA46D7508779E846F956990E3A1B48F98E631E715D3EC0D13EE093D740

Function 00007FF8A7B0D8D0 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 333bc48ed0cd00a2d1b15b774f25581d7625ddc281499ec81eb7566562b50259
Instruction ID: 788f61add8dff9441e82555ddc4a0b8df0320484612e0561949615bd80d8c8d0
Opcode Fuzzy Hash: 333bc48ed0cd00a2d1b15b774f25581d7625ddc281499ec81eb7566562b50259
Instruction Fuzzy Hash: 901160F3B324B20BD7489AB8CC0A3A932C3D3C8746F9CC534E745DAA85D53CE2529604

Function 00007FF8A7B0B790 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 921da5e6bee8a79c60022e540b3013bc24987b6f10c9384b169f9994f4f13c7f
Instruction ID: cac79e09ddd8fd7632f097151ef1af369c8e212010f8347631e580e25c5b6476
Opcode Fuzzy Hash: 921da5e6bee8a79c60022e540b3013bc24987b6f10c9384b169f9994f4f13c7f
Instruction Fuzzy Hash: 341161F7F3516A43EB7C055AE826F7905419371BB888CE03DDE0B22F81E81E56425F42

Function 00007FF8A7B0B5C0 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48c7e682ef6fe0021f165804b69b7812e3084bd1803e36f36abadd25f99cf90a
Instruction ID: c16f08e3fb59b0405f6cf3a99db5fb7b7b2358d3ae8bc18bc58c4ae78d11a546
Opcode Fuzzy Hash: 48c7e682ef6fe0021f165804b69b7812e3084bd1803e36f36abadd25f99cf90a
Instruction Fuzzy Hash: 9211E5D7F3696A43EB60453DCC027194182D7E97B078CE431EC09D6F49E83DE6429A42

Function 00007FF8A7B0DEF0 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b8c63fbc3d1884eef626a7aef42dd066a5768f9b76b144cbd0180c709170efd
Instruction ID: 1b0b6ed8b5fea6e4a2ce83dc01f50c7f373ea30453630d110daaacbe2b80adff
Opcode Fuzzy Hash: 5b8c63fbc3d1884eef626a7aef42dd066a5768f9b76b144cbd0180c709170efd
Instruction Fuzzy Hash: F41106F2A050915FEA95CA29D458ABC33D1E784384F85C136DA05A65CCDB2CA943E750

Function 00007FF8A7B0B8D0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87362e0b0484954b111388de62736d52838e743fda6cb01bb5a4730a87f793d9
Instruction ID: 246cf67e7f3d41e87be049dbb13163113bca35ffe714ee74896f8234519bd4a3
Opcode Fuzzy Hash: 87362e0b0484954b111388de62736d52838e743fda6cb01bb5a4730a87f793d9
Instruction Fuzzy Hash: D1017CE3F3286943DB64867DCC0670400C396F877178CD031A904C6F89F83EE6428A42

Function 00007FF8A7B0B380 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b36b57bc46747f380974be252968c61105f93df6c2abcd15431a709e92770c1
Instruction ID: 14bd2cacf1174b1c4f3da44626b05ac20a3ec18444f4115fae820648a13c1207
Opcode Fuzzy Hash: 7b36b57bc46747f380974be252968c61105f93df6c2abcd15431a709e92770c1
Instruction Fuzzy Hash: 43F0B7D7F3685A03EB5C456DDC1631401C391E823238DD13ABA47C6B8AF839EA968643

Function 00007FF8A7B099C0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dde2236b060dd472fafee045e56aa39d7b712360777964fc0ed02c3a9815e90
Instruction ID: 6d600232e7ba1f3b57e93d1c8cedb035777c0954ae2486b464820fb4eb59c1fc
Opcode Fuzzy Hash: 3dde2236b060dd472fafee045e56aa39d7b712360777964fc0ed02c3a9815e90
Instruction Fuzzy Hash: 37F0AFD9231BB64BF911A69990D07D69721F30CBC6B70A622DE4D27735CA53A10BCA00

Function 00007FF8BFB88C24 Relevance: 54.6, APIs: 3, Strings: 28, Instructions: 352COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8913D
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB89175
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB891AF

Strings

long , xrefs: 00007FF8BFB88D31
__w64 , xrefs: 00007FF8BFB88E3A
char, xrefs: 00007FF8BFB88CF2
<unknown>, xrefs: 00007FF8BFB88F1B
UNKNOWN, xrefs: 00007FF8BFB8908D
__int8, xrefs: 00007FF8BFB88E2E
signed , xrefs: 00007FF8BFB8910A
wchar_t, xrefs: 00007FF8BFB890A8
int, xrefs: 00007FF8BFB88CCE
void, xrefs: 00007FF8BFB88D86
double, xrefs: 00007FF8BFB88D48
__int128, xrefs: 00007FF8BFB88EB7
long, xrefs: 00007FF8BFB88CBC
__int32, xrefs: 00007FF8BFB88EDB
__int16, xrefs: 00007FF8BFB88E1C
unsigned , xrefs: 00007FF8BFB890FA
__int64, xrefs: 00007FF8BFB88EC9
volatile, xrefs: 00007FF8BFB88FF8
auto, xrefs: 00007FF8BFB88F3F
bool, xrefs: 00007FF8BFB89056
volatile, xrefs: 00007FF8BFB89025
char16_t, xrefs: 00007FF8BFB89065
char8_t, xrefs: 00007FF8BFB88F2D
float, xrefs: 00007FF8BFB88D74
short, xrefs: 00007FF8BFB88CE0
const, xrefs: 00007FF8BFB88FDD
char32_t, xrefs: 00007FF8BFB890B7
decltype(auto), xrefs: 00007FF8BFB890C6

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $unsigned $void$volatile$wchar_t
API String ID: 2943138195-1388207849
Opcode ID: 34b20832b4d5a9c82cdd9a34609b0a596913eac70dfc3082442192f721d64891
Instruction ID: a3d4887396f8425792d121d257e1f93e13fe2aeb42bf9fec96c1bd4b8e7ecf0c
Opcode Fuzzy Hash: 34b20832b4d5a9c82cdd9a34609b0a596913eac70dfc3082442192f721d64891
Instruction Fuzzy Hash: 37F17072F1861695FB249BACC8942BC27B1BB857C8F408539DB1D16EAADF3DE644C340

Function 00007FF6AB2425C0 Relevance: 51.0, APIs: 6, Strings: 23, Instructions: 206COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6AB242570: printf.MSPDB140-MSVCRT ref: 00007FF6AB242587

Part of subcall function 00007FF6AB242530: atoi.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,?,?,00000000,00007FF6AB242617,?,?,?,00007FF6AB241BD6,?,?,?,00007FF6AB241A02), ref: 00007FF6AB242552

puts.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,00007FF6AB241BD6,?,?,?,00007FF6AB241A02), ref: 00007FF6AB2428DF

Strings

video color range, xrefs: 00007FF6AB24274F
video codec, xrefs: 00007FF6AB24267D
video track count, xrefs: 00007FF6AB242601
video colorspace, xrefs: 00007FF6AB242731
Must have at least 1 audio track or 1 video track, xrefs: 00007FF6AB24266A
file name, xrefs: 00007FF6AB2425E1
video color trc, xrefs: 00007FF6AB242713
video fps num, xrefs: 00007FF6AB2427A9
{stream_key}, xrefs: 00007FF6AB242897
muxer settings, xrefs: 00007FF6AB2428BA
video max luminance, xrefs: 00007FF6AB24278B
video codec tag, xrefs: 00007FF6AB2427DE
Invalid number of video tracks, xrefs: 00007FF6AB2428D8
stream key, xrefs: 00007FF6AB242872
Invalid number of audio tracks, xrefs: 00007FF6AB242652
video bitrate, xrefs: 00007FF6AB24269B
video height, xrefs: 00007FF6AB2426D7
video chroma sample location, xrefs: 00007FF6AB24276D
video color primaries, xrefs: 00007FF6AB2426F5
video fps den, xrefs: 00007FF6AB2427C7
video width, xrefs: 00007FF6AB2426B9
audio track count, xrefs: 00007FF6AB24261F
audio codec, xrefs: 00007FF6AB242809

Memory Dump Source

Source File: 0000000B.00000002.2238921075.00007FF6AB241000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6AB240000, based on PE: true

Associated: 0000000B.00000002.2238894813.00007FF6AB240000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238957985.00007FF6AB245000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238984071.00007FF6AB246000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2239020574.00007FF6AB249000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6ab240000_obs-ffmpeg-mux.jbxd

Similarity

API ID: atoiprintfputs
String ID: Invalid number of audio tracks$Invalid number of video tracks$Must have at least 1 audio track or 1 video track$audio codec$audio track count$file name$muxer settings$stream key$video bitrate$video chroma sample location$video codec$video codec tag$video color primaries$video color range$video color trc$video colorspace$video fps den$video fps num$video height$video max luminance$video track count$video width${stream_key}
API String ID: 3402752964-4246942696
Opcode ID: bbb72588bee9787a683502761444138c14bf0f1375247d53f9cdc5c5b4da8170
Instruction ID: f22a0f30408ad73fd68f0c5a212d9fb638ab521f2bbf1bf1abefd8fd5911fa3f
Opcode Fuzzy Hash: bbb72588bee9787a683502761444138c14bf0f1375247d53f9cdc5c5b4da8170
Instruction Fuzzy Hash: 86812A6992A65691FA24DF52A7145F823A2AF4DBD0F814033DD4DD7EAE9F3CE10AC300

Function 00007FF6AB241C50 Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 215COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6AB241C70
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6AB241C8E
fprintf.MSPDB140-MSVCRT ref: 00007FF6AB241C9E

Part of subcall function 00007FF6AB242320: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,00007FF6AB2429D8,?,?,?,00007FF6AB2412F1), ref: 00007FF6AB242357

os_event_wait.OBS ref: 00007FF6AB241CEF
pthread_mutex_lock.W32-PTHREADS ref: 00007FF6AB241D0F
memcpy.VCRUNTIME140 ref: 00007FF6AB241D5D
memcpy.VCRUNTIME140 ref: 00007FF6AB241D76
memcpy.VCRUNTIME140 ref: 00007FF6AB241E2D
memcpy.VCRUNTIME140 ref: 00007FF6AB241E48
os_event_signal.OBS ref: 00007FF6AB241EB8
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6AB24200F

Strings

Error writing to '%s', %s, xrefs: 00007FF6AB241FC3
Error allocating memory for output, xrefs: 00007FF6AB241C97

Memory Dump Source

Source File: 0000000B.00000002.2238921075.00007FF6AB241000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6AB240000, based on PE: true

Associated: 0000000B.00000002.2238894813.00007FF6AB240000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238957985.00007FF6AB245000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238984071.00007FF6AB246000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2239020574.00007FF6AB249000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6ab240000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpy$__acrt_iob_func__stdio_common_vfprintffclosefprintfmallocos_event_signalos_event_waitpthread_mutex_lock
String ID: Error allocating memory for output$Error writing to '%s', %s
API String ID: 2637689336-4070097938
Opcode ID: a31c7b85b8c0d82d0157cb35a6e72543ed071c06804e902690462ed57beb3fc0
Instruction ID: 2f43f9cfb68a673457b1b53201413264d53d242516ef53f4107638f4947518ea
Opcode Fuzzy Hash: a31c7b85b8c0d82d0157cb35a6e72543ed071c06804e902690462ed57beb3fc0
Instruction Fuzzy Hash: 4CA17D32A1AB8285E7219F21E6003F97760FB8DB88F440032DE8E87B6DDF78D5459710

Function 00007FF8BFB58C00 Relevance: 38.6, APIs: 12, Strings: 10, Instructions: 105COMMON

Download Yara Rule

APIs

av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58C44
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58C63
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58C82
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58CA3
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58CC4
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58CE5
av_get_channel_layout_nb_channels.AVUTIL-58 ref: 00007FF8BFB58CFE
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58D15
av_get_channel_layout_nb_channels.AVUTIL-58 ref: 00007FF8BFB58D2A
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58D41
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58D5C
av_log.AVUTIL-58 ref: 00007FF8BFB58D9C

Strings

isf, xrefs: 00007FF8BFB58CBD
ich, xrefs: 00007FF8BFB58D0B
isr, xrefs: 00007FF8BFB58CDE
Failed to set option, xrefs: 00007FF8BFB58D90
icl, xrefs: 00007FF8BFB58C9C
osr, xrefs: 00007FF8BFB58C7B
uch, xrefs: 00007FF8BFB58D55
ocl, xrefs: 00007FF8BFB58C2B
och, xrefs: 00007FF8BFB58D37
osf, xrefs: 00007FF8BFB58C5C

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_opt_set_int$av_get_channel_layout_nb_channels$av_log
String ID: Failed to set option$ich$icl$isf$isr$och$ocl$osf$osr$uch
API String ID: 2637049493-2814753009
Opcode ID: 0f1e360016396a0d2e4be37984f8ca9eacfdb0712dded5c64320b3a02cc610f5
Instruction ID: 0e689b8d55b0c7b49d82f27d39ea8c1a0840d56860de8a25cda274833b01f6fe
Opcode Fuzzy Hash: 0f1e360016396a0d2e4be37984f8ca9eacfdb0712dded5c64320b3a02cc610f5
Instruction Fuzzy Hash: F0413F62B0CA4251FA10ABD9F4906BAB7A1EF997C4F401031DF4D87A99EF3DE405C700

Function 00007FF8A7B10410 Relevance: 36.1, APIs: 24, Instructions: 131COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FF8A7B1043E
_aligned_free.MSVCRT ref: 00007FF8A7B10475
_aligned_free.MSVCRT ref: 00007FF8A7B104AD
_aligned_free.MSVCRT ref: 00007FF8A7B104DD
_aligned_free.MSVCRT ref: 00007FF8A7B1050D
_aligned_free.MSVCRT ref: 00007FF8A7B10528
_aligned_free.MSVCRT ref: 00007FF8A7B10531
_aligned_free.MSVCRT ref: 00007FF8A7B1053A
_aligned_free.MSVCRT ref: 00007FF8A7B10542
_aligned_free.MSVCRT ref: 00007FF8A7B1054A
_aligned_free.MSVCRT ref: 00007FF8A7B10553
_aligned_free.MSVCRT ref: 00007FF8A7B1055C
_aligned_free.MSVCRT ref: 00007FF8A7B10564
_aligned_free.MSVCRT ref: 00007FF8A7B1056C
_aligned_free.MSVCRT ref: 00007FF8A7B10575
_aligned_free.MSVCRT ref: 00007FF8A7B1057E
_aligned_free.MSVCRT ref: 00007FF8A7B10586
_aligned_free.MSVCRT ref: 00007FF8A7B1058F
_aligned_free.MSVCRT ref: 00007FF8A7B10598
_aligned_free.MSVCRT ref: 00007FF8A7B105A1
_aligned_free.MSVCRT ref: 00007FF8A7B105A9
_aligned_free.MSVCRT ref: 00007FF8A7B105B2
_aligned_free.MSVCRT ref: 00007FF8A7B105BC
_aligned_free.MSVCRT ref: 00007FF8A7B105C6

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free
String ID:
API String ID: 2229574080-0
Opcode ID: b1b7e4f8b11abefead583c2dde418006ab1f199e84be47299285f48100eacfdc
Instruction ID: c72b20e3f1c6d5207094638c93dc27dc14583ced7f75bddb583c8e9e6880d3b6
Opcode Fuzzy Hash: b1b7e4f8b11abefead583c2dde418006ab1f199e84be47299285f48100eacfdc
Instruction Fuzzy Hash: D8510DB6B57501A2EB50FE12D8D99BE2725FF84FC4B454539DE0D473A2CE28E402E384

Function 00007FF8BFB5B2B0 Relevance: 35.1, APIs: 13, Strings: 7, Instructions: 120COMMON

Download Yara Rule

APIs

av_channel_layout_from_mask.AVUTIL-58 ref: 00007FF8BFB5B314
av_channel_layout_copy.AVUTIL-58 ref: 00007FF8BFB5B32F
av_opt_set_chlayout.AVUTIL-58 ref: 00007FF8BFB5B34F
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB5B370
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB5B394
av_channel_layout_uninit.AVUTIL-58 ref: 00007FF8BFB5B3D2
av_channel_layout_from_mask.AVUTIL-58 ref: 00007FF8BFB5B3E1
av_opt_set_chlayout.AVUTIL-58 ref: 00007FF8BFB5B3F6
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB5B413
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB5B433
av_channel_layout_uninit.AVUTIL-58 ref: 00007FF8BFB5B477

Strings

Failed to set option, xrefs: 00007FF8BFB5B460
isr, xrefs: 00007FF8BFB5B38A
osr, xrefs: 00007FF8BFB5B429
isf, xrefs: 00007FF8BFB5B366
ichl, xrefs: 00007FF8BFB5B345
ochl, xrefs: 00007FF8BFB5B3EC
osf, xrefs: 00007FF8BFB5B409

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_opt_set_int$av_channel_layout_from_maskav_channel_layout_uninitav_opt_set_chlayout$av_channel_layout_copy
String ID: Failed to set option$ichl$isf$isr$ochl$osf$osr
API String ID: 389780152-1201144049
Opcode ID: c1b362974a6b1451826b30618634720778a4b9fcb98fd731a30a779224ad2209
Instruction ID: f5a66effd7f69c02099ef65bc504f482e5f802d6e7f70058ce57615fc64b7b69
Opcode Fuzzy Hash: c1b362974a6b1451826b30618634720778a4b9fcb98fd731a30a779224ad2209
Instruction Fuzzy Hash: 93417C61B08643A1FE659AA9A4607B6B391FF45BC8F809432DF0D6B685EF7DF108C350

Function 00007FF8A7B38800 Relevance: 34.6, APIs: 12, Strings: 11, Instructions: 88stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7B38813
strcmp.MSVCRT ref: 00007FF8A7B3882A
strcmp.MSVCRT ref: 00007FF8A7B38841
strcmp.MSVCRT ref: 00007FF8A7B38858
strcmp.MSVCRT ref: 00007FF8A7B3886F
strcmp.MSVCRT ref: 00007FF8A7B38886
strcmp.MSVCRT ref: 00007FF8A7B3889D
strcmp.MSVCRT ref: 00007FF8A7B388B4
strcmp.MSVCRT ref: 00007FF8A7B388CB
strcmp.MSVCRT ref: 00007FF8A7B388DE
strcmp.MSVCRT ref: 00007FF8A7B388F1
strcmp.MSVCRT ref: 00007FF8A7B38904

Strings

s64, xrefs: 00007FF8A7B388EA
s64p, xrefs: 00007FF8A7B388FD
dblp, xrefs: 00007FF8A7B388D7
flt, xrefs: 00007FF8A7B38851
s32p, xrefs: 00007FF8A7B388AD
s16, xrefs: 00007FF8A7B38823
u8p, xrefs: 00007FF8A7B3887F
fltp, xrefs: 00007FF8A7B388C4
s32, xrefs: 00007FF8A7B3883A
s16p, xrefs: 00007FF8A7B38896
dbl, xrefs: 00007FF8A7B38868

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmp
String ID: dbl$dblp$flt$fltp$s16$s16p$s32$s32p$s64$s64p$u8p
API String ID: 1004003707-1774405992
Opcode ID: c5f0c382e97445bf1fdad9ea523356781cb8596a76fcd8cb5a790a5f3faa4372
Instruction ID: cc0faa8b3bbedaa0d19191acd8e5a289e162cd4e971feb6701e161a2f9797368
Opcode Fuzzy Hash: c5f0c382e97445bf1fdad9ea523356781cb8596a76fcd8cb5a790a5f3faa4372
Instruction Fuzzy Hash: 5231ADB4B0E003A0FE50AF22D96527E1241EF817C4F805532DD4DCA5D6ED5CFA82E322

Function 00007FF8BFB57650 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 309COMMON

Download Yara Rule

APIs

av_freep.AVUTIL-58 ref: 00007FF8BFB57784
av_freep.AVUTIL-58 ref: 00007FF8BFB57791
av_mallocz.AVUTIL-58 ref: 00007FF8BFB5779B
av_get_bytes_per_sample.AVUTIL-58 ref: 00007FF8BFB577BB
av_calloc.AVUTIL-58 ref: 00007FF8BFB5782F
memcpy.MSVCRT ref: 00007FF8BFB578D1
memcpy.MSVCRT ref: 00007FF8BFB57905
av_reduce.AVUTIL-58 ref: 00007FF8BFB57934

Strings

Unsupported sample format, xrefs: 00007FF8BFB57AF0
Filter length too large, xrefs: 00007FF8BFB579E2
src/libswresample/resample.c, xrefs: 00007FF8BFB57B03
Assertion %s failed at %s:%d, xrefs: 00007FF8BFB57B1A

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_freepmemcpy$av_callocav_get_bytes_per_sampleav_malloczav_reduce
String ID: Assertion %s failed at %s:%d$Filter length too large$Unsupported sample format$src/libswresample/resample.c
API String ID: 2174235161-2726094951
Opcode ID: c5a204f5f4996df374bfc84a6a3db035d48d9563b93a9ca167c4fa16f58e0cf6
Instruction ID: e0dd103ba28cb486cd3c03c71b6880c8b0ca7b84325065ce94b7f3b558fed5f1
Opcode Fuzzy Hash: c5a204f5f4996df374bfc84a6a3db035d48d9563b93a9ca167c4fa16f58e0cf6
Instruction Fuzzy Hash: CDD1E372A08A858AD765DBA8E4513BEB7A4FB857C4F108337DB4A67690DF3CE445CB00

Function 00007FF8A7B16890 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 201COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF8A7B16903
MultiByteToWideChar.KERNEL32 ref: 00007FF8A7B16945
GetFullPathNameW.KERNEL32 ref: 00007FF8A7B1696E
GetFullPathNameW.KERNEL32 ref: 00007FF8A7B169A2
wcslen.MSVCRT ref: 00007FF8A7B169C1
_wsopen.MSVCRT ref: 00007FF8A7B169EB
_sopen.MSVCRT ref: 00007FF8A7B16A15
wcslen.MSVCRT ref: 00007FF8A7B16A98
wcscpy.MSVCRT ref: 00007FF8A7B16AE5
wcscat.MSVCRT ref: 00007FF8A7B16AF0
_errno.MSVCRT ref: 00007FF8A7B16B77
wcscpy.MSVCRT ref: 00007FF8A7B16BB8
wcscat.MSVCRT ref: 00007FF8A7B16BC4
_errno.MSVCRT ref: 00007FF8A7B16BCE
_errno.MSVCRT ref: 00007FF8A7B16BE3

Strings

\\?\UNC\, xrefs: 00007FF8A7B16BAE
\\?\, xrefs: 00007FF8A7B16ADB

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno$ByteCharFullMultiNamePathWidewcscatwcscpywcslen$_sopen_wsopen
String ID: \\?\$\\?\UNC\
API String ID: 2611099503-3019864461
Opcode ID: 8b58886237893d285495af4019e8dee8374e10659ea7d6d5ad0572367657074e
Instruction ID: 80f469feea91d20e633d7779ee84e59c054702f5b50bd7bc98b581f887f69223
Opcode Fuzzy Hash: 8b58886237893d285495af4019e8dee8374e10659ea7d6d5ad0572367657074e
Instruction Fuzzy Hash: BD719FB1A1A642A0EB64AF12A42577E26D0FF847D8F849135EF5E077D4EE7CE442E304

Function 00007FF8A7B1E100 Relevance: 30.1, APIs: 2, Strings: 15, Instructions: 302stringCOMMON

Download Yara Rule

APIs

strtol.MSVCRT ref: 00007FF8A7B1E144
strtol.MSVCRT ref: 00007FF8A7B1E178

Strings

Using CUDA primary device context, xrefs: 00007FF8A7B1E430
cu->cuInit(0), xrefs: 00007FF8A7B1E1A7, 00007FF8A7B1E555
cu->cuDevicePrimaryCtxSetFlags(hwctx->internal->cuda_device, desired_flags), xrefs: 00007FF8A7B1E4CB, 00007FF8A7B1E514
cu->cuCtxCreate(&hwctx->cuda_ctx, desired_flags, hwctx->internal->cuda_device), xrefs: 00007FF8A7B1E258, 00007FF8A7B1E59C
Could not dynamically load CUDA, xrefs: 00007FF8A7B1E48E
Primary context already active with incompatible flags., xrefs: 00007FF8A7B1E520
-> %s: %s, xrefs: 00007FF8A7B1E3ED, 00007FF8A7B1E610
primary_ctx, xrefs: 00007FF8A7B1E127
cu->cuDevicePrimaryCtxRetain(&hwctx->cuda_ctx, hwctx->internal->cuda_device), xrefs: 00007FF8A7B1E366, 00007FF8A7B1E3AF
Disabling use of CUDA primary device context, xrefs: 00007FF8A7B1E151
%s failed, xrefs: 00007FF8A7B1E3C0, 00007FF8A7B1E5E3
cu->cuDevicePrimaryCtxGetState(hwctx->internal->cuda_device, &dev_flags, &dev_active), xrefs: 00007FF8A7B1E308, 00007FF8A7B1E5BC
cu->cuDeviceGet(&hwctx->internal->cuda_device, device_idx), xrefs: 00007FF8A7B1E1EA, 00007FF8A7B1E57C
cu->cuCtxPopCurrent(&dummy), xrefs: 00007FF8A7B1E295, 00007FF8A7B1E5DC
Calling %s, xrefs: 00007FF8A7B1E1AE, 00007FF8A7B1E1F1, 00007FF8A7B1E25F, 00007FF8A7B1E29C, 00007FF8A7B1E30F, 00007FF8A7B1E36D, 00007FF8A7B1E4D2

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strtol
String ID: -> %s: %s$%s failed$Calling %s$Could not dynamically load CUDA$Disabling use of CUDA primary device context$Primary context already active with incompatible flags.$Using CUDA primary device context$cu->cuCtxCreate(&hwctx->cuda_ctx, desired_flags, hwctx->internal->cuda_device)$cu->cuCtxPopCurrent(&dummy)$cu->cuDeviceGet(&hwctx->internal->cuda_device, device_idx)$cu->cuDevicePrimaryCtxGetState(hwctx->internal->cuda_device, &dev_flags, &dev_active)$cu->cuDevicePrimaryCtxRetain(&hwctx->cuda_ctx, hwctx->internal->cuda_device)$cu->cuDevicePrimaryCtxSetFlags(hwctx->internal->cuda_device, desired_flags)$cu->cuInit(0)$primary_ctx
API String ID: 76114499-3193254869
Opcode ID: b1d8503496d87b39853df48a8e21de1adfc12c32e64f3833a9af2b5287376059
Instruction ID: 92df5e42dd7e115d68351d20bfe477caf42ea2ed88dd3af06fe728afde66227e
Opcode Fuzzy Hash: b1d8503496d87b39853df48a8e21de1adfc12c32e64f3833a9af2b5287376059
Instruction Fuzzy Hash: 8FD16EB660AA42A6EA54DF21E4106BE6361FF887C8F808472DF0E57794DF3DE506E340

Function 00007FF8A7B08700 Relevance: 28.9, APIs: 12, Strings: 7, Instructions: 414stringCOMMON

Download Yara Rule

APIs

strchr.MSVCRT ref: 00007FF8A7B087CB

Strings

'\'', xrefs: 00007FF8A7B088BB
>, xrefs: 00007FF8A7B08753
<, xrefs: 00007FF8A7B08742
', xrefs: 00007FF8A7B08C16
&, xrefs: 00007FF8A7B08926, 00007FF8A7B08C88, 00007FF8A7B08CA0
", xrefs: 00007FF8A7B08771, 00007FF8A7B08DC8
, xrefs: 00007FF8A7B089A7, 00007FF8A7B089C5, 00007FF8A7B08AB7, 00007FF8A7B08AD6

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strchr
String ID: $&$'$>$<$"$'\''
API String ID: 2830005266-2908976646
Opcode ID: 58878a93e8017a577d70043575bf448a998ddca24cee1ed7eb6ac7db7c468040
Instruction ID: 10e9bcfeeac2e48a5adc904b6af0907123823ca7f62d9dfdae29dbac601daaa3
Opcode Fuzzy Hash: 58878a93e8017a577d70043575bf448a998ddca24cee1ed7eb6ac7db7c468040
Instruction Fuzzy Hash: 80E1C1B0F0F69224FE64AE1254553BE1792EF42BC9F444035DE0D2ABC6CD2EBA43A341

Function 00007FF8A7B10BA0 Relevance: 28.6, APIs: 19, Instructions: 115COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FF8A7B10BD6
_aligned_free.MSVCRT ref: 00007FF8A7B10C0D
_aligned_free.MSVCRT ref: 00007FF8A7B10C3D
_aligned_free.MSVCRT ref: 00007FF8A7B10C6D
_aligned_free.MSVCRT ref: 00007FF8A7B10C89
_aligned_free.MSVCRT ref: 00007FF8A7B10C92
_aligned_free.MSVCRT ref: 00007FF8A7B10C9B
_aligned_free.MSVCRT ref: 00007FF8A7B10CA3
_aligned_free.MSVCRT ref: 00007FF8A7B10CAB
_aligned_free.MSVCRT ref: 00007FF8A7B10CB4
_aligned_free.MSVCRT ref: 00007FF8A7B10CBD
_aligned_free.MSVCRT ref: 00007FF8A7B10CC5
_aligned_free.MSVCRT ref: 00007FF8A7B10CCE
_aligned_free.MSVCRT ref: 00007FF8A7B10CD7
_aligned_free.MSVCRT ref: 00007FF8A7B10CE0
_aligned_free.MSVCRT ref: 00007FF8A7B10CE8
_aligned_free.MSVCRT ref: 00007FF8A7B10CF1
_aligned_free.MSVCRT ref: 00007FF8A7B10CFB
_aligned_free.MSVCRT ref: 00007FF8A7B10D05

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free
String ID:
API String ID: 2229574080-0
Opcode ID: d09f3d952e3eb66ce5eccd33bd3b0168fb06931170680be69507253bbd36f74d
Instruction ID: 48be2418e7fa8c49e199fa789fd6f8f1074effe7c3036e206f457e850f9f7d4f
Opcode Fuzzy Hash: d09f3d952e3eb66ce5eccd33bd3b0168fb06931170680be69507253bbd36f74d
Instruction Fuzzy Hash: F9413DB6B1B501A2EB40FE12D89997E2715FF84FC4B424579DE0D473A1CE38E442E784

Function 00007FF8BFB8C3C8 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 288COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C459
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C492
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C566
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C577
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C5DA
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C5EA
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C636
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C648
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C7BB
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C83B
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C84A

Strings

`anonymous namespace', xrefs: 00007FF8BFB8C71B

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: `anonymous namespace'
API String ID: 2943138195-3062148218
Opcode ID: c36001f134547c1fc12f70ffa9b86d35a9d04869d0c52a2f257cd9dd74f3dfc9
Instruction ID: dde3d7a2b8de9ab356e5bc7fb4413c5e16eedcbb21dd9f617ad8e7eb71174fef
Opcode Fuzzy Hash: c36001f134547c1fc12f70ffa9b86d35a9d04869d0c52a2f257cd9dd74f3dfc9
Instruction Fuzzy Hash: AFE170B2A08B8695EB10DFA8E8811ED7BA0FB957C8F548035EB4D17B96DF38D554C700

Function 00007FF8A7B16650 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 111fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8A7B16890: MultiByteToWideChar.KERNEL32 ref: 00007FF8A7B16903
Part of subcall function 00007FF8A7B16890: MultiByteToWideChar.KERNEL32 ref: 00007FF8A7B16945
Part of subcall function 00007FF8A7B16890: GetFullPathNameW.KERNEL32 ref: 00007FF8A7B1696E
Part of subcall function 00007FF8A7B16890: GetFullPathNameW.KERNEL32 ref: 00007FF8A7B169A2
Part of subcall function 00007FF8A7B16890: wcslen.MSVCRT ref: 00007FF8A7B169C1
Part of subcall function 00007FF8A7B16890: _wsopen.MSVCRT ref: 00007FF8A7B169EB
Part of subcall function 00007FF8A7B16890: _sopen.MSVCRT ref: 00007FF8A7B16A15

_fstat64.MSVCRT ref: 00007FF8A7B166AE
_close.MSVCRT ref: 00007FF8A7B166D7
_get_osfhandle.MSVCRT ref: 00007FF8A7B166F3
CreateFileMappingA.KERNEL32 ref: 00007FF8A7B16718
MapViewOfFile.KERNEL32 ref: 00007FF8A7B16741
CloseHandle.KERNEL32 ref: 00007FF8A7B1674D
_errno.MSVCRT ref: 00007FF8A7B16768
_errno.MSVCRT ref: 00007FF8A7B167B0
_close.MSVCRT ref: 00007FF8A7B167F1

Strings

Error occurred in fstat(): %s, xrefs: 00007FF8A7B167DD
Error occurred in MapViewOfFile(), xrefs: 00007FF8A7B16831
Error occurred in CreateFileMapping(), xrefs: 00007FF8A7B16800
Cannot read file '%s': %s, xrefs: 00007FF8A7B1679A

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: ByteCharFileFullMultiNamePathWide_close_errno$CloseCreateHandleMappingView_fstat64_get_osfhandle_sopen_wsopenwcslen
String ID: Cannot read file '%s': %s$Error occurred in CreateFileMapping()$Error occurred in MapViewOfFile()$Error occurred in fstat(): %s
API String ID: 741575255-3109280323
Opcode ID: 7267cfeadb9c871bf9fb2dec6a57e72c4003b2fad726f8657ee3e356bb816377
Instruction ID: 9dc0e65b66b64790431200fa90e5ca5de152e15dbabb7c622f8d6033bb5a40cb
Opcode Fuzzy Hash: 7267cfeadb9c871bf9fb2dec6a57e72c4003b2fad726f8657ee3e356bb816377
Instruction Fuzzy Hash: C74161B1A0AB86A2F7549F11E4147AE62A4FF887C8F448535DE8E47B94DF3CD406E740

Function 00007FF6AB241A40 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 87stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6AB241A6D

Part of subcall function 00007FF6AB242030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6AB2423A2), ref: 00007FF6AB24204A
Part of subcall function 00007FF6AB242030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6AB2423A2), ref: 00007FF6AB242065
Part of subcall function 00007FF6AB242030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6AB2423A2), ref: 00007FF6AB242080
Part of subcall function 00007FF6AB242030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6AB2423A2), ref: 00007FF6AB24209B
Part of subcall function 00007FF6AB242030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6AB2423A2), ref: 00007FF6AB2420B6

avformat_network_init.AVFORMAT-60 ref: 00007FF6AB241A85
av_guess_format.AVFORMAT-60 ref: 00007FF6AB241AAF
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6AB241ABC
fprintf.MSPDB140-MSVCRT ref: 00007FF6AB241AD0
avformat_alloc_output_context2.AVFORMAT-60 ref: 00007FF6AB241AEC
av_strerror.AVUTIL-58 ref: 00007FF6AB241B19
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6AB241B23
fprintf.MSPDB140-MSVCRT ref: 00007FF6AB241B38

Part of subcall function 00007FF6AB242910: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF6AB241B4C), ref: 00007FF6AB242939

Part of subcall function 00007FF6AB242370: avcodec_free_context.AVCODEC-60 ref: 00007FF6AB242388
Part of subcall function 00007FF6AB242370: av_free.AVUTIL-58 ref: 00007FF6AB2423B1
Part of subcall function 00007FF6AB242370: avio_context_free.AVFORMAT-60 ref: 00007FF6AB2423BD
Part of subcall function 00007FF6AB242370: avformat_free_context.AVFORMAT-60 ref: 00007FF6AB2423CC
Part of subcall function 00007FF6AB242370: avcodec_free_context.AVCODEC-60 ref: 00007FF6AB242402
Part of subcall function 00007FF6AB242370: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6AB242415

Strings

video/M2PT, xrefs: 00007FF6AB241A9C
Couldn't find an appropriate muxer for '%s', xrefs: 00007FF6AB241AC6
http, xrefs: 00007FF6AB241A5C
mpegts, xrefs: 00007FF6AB241A92
Couldn't initialize output context: %s, xrefs: 00007FF6AB241B31

Memory Dump Source

Source File: 0000000B.00000002.2238921075.00007FF6AB241000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6AB240000, based on PE: true

Associated: 0000000B.00000002.2238894813.00007FF6AB240000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238957985.00007FF6AB245000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238984071.00007FF6AB246000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2239020574.00007FF6AB249000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6ab240000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strncmp$__acrt_iob_funcavcodec_free_contextfprintf$av_freeav_guess_formatav_strerroravformat_alloc_output_context2avformat_free_contextavformat_network_initavio_context_freecallocfree
String ID: Couldn't find an appropriate muxer for '%s'$Couldn't initialize output context: %s$http$mpegts$video/M2PT
API String ID: 3777911973-2524251934
Opcode ID: 078559d49e555ef7517477361438487f95b7fa6d5945ffa6822e70d97715306d
Instruction ID: 94a90a9cdebf78f2ffec0c9ccae1a2b034c91983a5f2bdd52f7897e022cea122
Opcode Fuzzy Hash: 078559d49e555ef7517477361438487f95b7fa6d5945ffa6822e70d97715306d
Instruction Fuzzy Hash: 5F31E721E5EA8242FB209B25A6112BA7750AF8DB94F505237ED5DC7EFDEF2CE4448700

Function 00007FF8BFB5B4A0 Relevance: 24.2, APIs: 16, Instructions: 234COMMON

Download Yara Rule

APIs

av_channel_layout_from_mask.AVUTIL-58 ref: 00007FF8BFB5B5AA
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB5B5B6
av_channel_layout_uninit.AVUTIL-58 ref: 00007FF8BFB5B606
av_channel_layout_from_mask.AVUTIL-58 ref: 00007FF8BFB5B615
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB5B621
av_channel_layout_uninit.AVUTIL-58 ref: 00007FF8BFB5B649

Part of subcall function 00007FF8BFB5B2B0: av_channel_layout_from_mask.AVUTIL-58 ref: 00007FF8BFB5B314
Part of subcall function 00007FF8BFB5B2B0: av_opt_set_chlayout.AVUTIL-58 ref: 00007FF8BFB5B34F
Part of subcall function 00007FF8BFB5B2B0: av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB5B370
Part of subcall function 00007FF8BFB5B2B0: av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB5B394
Part of subcall function 00007FF8BFB5B2B0: av_channel_layout_uninit.AVUTIL-58 ref: 00007FF8BFB5B3D2
Part of subcall function 00007FF8BFB5B2B0: av_channel_layout_from_mask.AVUTIL-58 ref: 00007FF8BFB5B3E1
Part of subcall function 00007FF8BFB5B2B0: av_opt_set_chlayout.AVUTIL-58 ref: 00007FF8BFB5B3F6
Part of subcall function 00007FF8BFB5B2B0: av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB5B413
Part of subcall function 00007FF8BFB5B2B0: av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB5B433
Part of subcall function 00007FF8BFB5B2B0: av_channel_layout_uninit.AVUTIL-58 ref: 00007FF8BFB5B477

Part of subcall function 00007FF8BFB65F8E: av_log.AVUTIL-58 ref: 00007FF8BFB65FC9

av_frame_get_buffer.AVUTIL-58 ref: 00007FF8BFB5B706
av_get_bytes_per_sample.AVUTIL-58 ref: 00007FF8BFB5B74B
av_sample_fmt_is_planar.AVUTIL-58 ref: 00007FF8BFB5B763

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_channel_layout_from_maskav_channel_layout_uninitav_opt_set_int$av_channel_layout_compareav_opt_set_chlayout$av_frame_get_bufferav_get_bytes_per_sampleav_logav_sample_fmt_is_planar
String ID:
API String ID: 1741793059-0
Opcode ID: 5f9c736c55c51c0448996e1834cac8009cd8094c6cea8c5c45183c0897257ebe
Instruction ID: 71b595b2e284fa34c75912097706aa9c33bd1ed9d1a68dcca8679db0e8838c6e
Opcode Fuzzy Hash: 5f9c736c55c51c0448996e1834cac8009cd8094c6cea8c5c45183c0897257ebe
Instruction Fuzzy Hash: DD916E22B0824686FA699EBDA46177AB7D5BF40BC4F448431DF0A9B696EF3DF4018700

Function 00007FF8BFB8A83C Relevance: 22.9, APIs: 15, Instructions: 358COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8A88D
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8A969
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8A9B2
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8A9C3

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID:
API String ID: 2943138195-0
Opcode ID: 63ad456de8db332c0b347e2e514b887ab112aaee213ccda8367cb7f767930e9c
Instruction ID: c7c05f362f43044eb9b904760e8aada016086ddeab4c1e12e35c09589849d93a
Opcode Fuzzy Hash: 63ad456de8db332c0b347e2e514b887ab112aaee213ccda8367cb7f767930e9c
Instruction Fuzzy Hash: F0F17E76B08682AAE710DFA8D4901FC77B5EB8478CB448136EB4D67A9ADF38D519C340

Function 00007FF8BFB8D20C Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 349COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8D712

Strings

`generic-method-parameter-, xrefs: 00007FF8BFB8D6B7
nullptr, xrefs: 00007FF8BFB8D3FA
`generic-class-parameter-, xrefs: 00007FF8BFB8D6C7
NULL, xrefs: 00007FF8BFB8D2D7
`template-type-parameter-, xrefs: 00007FF8BFB8D6D0

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$nullptr
API String ID: 2943138195-2309034085
Opcode ID: 767f6b35ed257beddb1ea2fff1390adae3ecab9bc22a75a6672164d643aa4b64
Instruction ID: 0b22f75e484b1d7b71b28f3155ea2b8771ac3c3b6fcc9244c0b640348df37b54
Opcode Fuzzy Hash: 767f6b35ed257beddb1ea2fff1390adae3ecab9bc22a75a6672164d643aa4b64
Instruction Fuzzy Hash: 9FE14F62E0865294FB15ABECD9951FC27A1AF897C8F544137CF0D27A9BDE3CA904C360

Function 00007FF8A7B2EA60 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 176stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF8A7B2EAAA
strchr.MSVCRT ref: 00007FF8A7B2EAE4
strlen.MSVCRT ref: 00007FF8A7B2EB01
strtoul.MSVCRT ref: 00007FF8A7B2EB65

Strings

Invalid 0xRRGGBB[AA] color string: '%s', xrefs: 00007FF8A7B2ED09
Cannot find color '%s', xrefs: 00007FF8A7B2ED2A
bikeshed, xrefs: 00007FF8A7B2EB20
random, xrefs: 00007FF8A7B2EB0A
0123456789ABCDEFabcdef, xrefs: 00007FF8A7B2EC1C
Invalid alpha value specifier '%s' in '%s', xrefs: 00007FF8A7B2ECF0

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strlen$strchrstrtoul
String ID: 0123456789ABCDEFabcdef$Cannot find color '%s'$Invalid 0xRRGGBB[AA] color string: '%s'$Invalid alpha value specifier '%s' in '%s'$bikeshed$random
API String ID: 643661298-1323625105
Opcode ID: 05b314dcd31ff43a5f327d01538bb3f4bf05cbc92719439464dceff93f7a60bd
Instruction ID: 4ddb11fecafb4880e5b581e67483c7137810963dce58d6801fc976e63ab3d179
Opcode Fuzzy Hash: 05b314dcd31ff43a5f327d01538bb3f4bf05cbc92719439464dceff93f7a60bd
Instruction Fuzzy Hash: C37129B2A1F68264FB519F22941937D6698EF817C0F888231ED4E477D6DE2CE443E380

Function 00007FF6AB2414B0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 164COMMON

Download Yara Rule

APIs

avcodec_descriptor_get_by_name.AVCODEC-60 ref: 00007FF6AB2414C9
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6AB2414D9
av_memdup.AVUTIL-58 ref: 00007FF6AB24152F
avcodec_alloc_context3.AVCODEC-60 ref: 00007FF6AB241539
av_content_light_metadata_alloc.AVUTIL-58 ref: 00007FF6AB241610
av_stream_add_side_data.AVFORMAT-60 ref: 00007FF6AB24162B
av_mastering_display_metadata_alloc.AVUTIL-58 ref: 00007FF6AB241630

Strings

E, xrefs: 00007FF6AB24168B
Couldn't find codec '%s', xrefs: 00007FF6AB2414E2
2, xrefs: 00007FF6AB2416C5

Memory Dump Source

Source File: 0000000B.00000002.2238921075.00007FF6AB241000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6AB240000, based on PE: true

Associated: 0000000B.00000002.2238894813.00007FF6AB240000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238957985.00007FF6AB245000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238984071.00007FF6AB246000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2239020574.00007FF6AB249000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6ab240000_obs-ffmpeg-mux.jbxd

Similarity

API ID: __acrt_iob_funcav_content_light_metadata_allocav_mastering_display_metadata_allocav_memdupav_stream_add_side_dataavcodec_alloc_context3avcodec_descriptor_get_by_name
String ID: 2$Couldn't find codec '%s'$E
API String ID: 3726879996-2734579634
Opcode ID: 984bf621481a9a25f05ee9f8f0874bf5fd16c3df77fd558344dbfddc274f0f6a
Instruction ID: ab1308cfff98fecfe261b4c9de6d7e4c0d0bb58dd542de5195e3ae776ab80e58
Opcode Fuzzy Hash: 984bf621481a9a25f05ee9f8f0874bf5fd16c3df77fd558344dbfddc274f0f6a
Instruction Fuzzy Hash: B881D3766097848BD754CF25E64036DBBB0F789B88F10412AEB8C87B69DF7AD854CB00

Function 00007FF6AB241250 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 144COMMON

Download Yara Rule

APIs

avcodec_descriptor_get_by_name.AVCODEC-60 ref: 00007FF6AB24126F
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6AB24127F
avcodec_find_encoder.AVCODEC-60 ref: 00007FF6AB2412A9
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6AB2412B9

Strings

Couldn't find codec '%s', xrefs: 00007FF6AB2412C2
title, xrefs: 00007FF6AB24131D
Couldn't find codec descriptor '%s', xrefs: 00007FF6AB241288

Memory Dump Source

Source File: 0000000B.00000002.2238921075.00007FF6AB241000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6AB240000, based on PE: true

Associated: 0000000B.00000002.2238894813.00007FF6AB240000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238957985.00007FF6AB245000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238984071.00007FF6AB246000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2239020574.00007FF6AB249000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6ab240000_obs-ffmpeg-mux.jbxd

Similarity

API ID: __acrt_iob_func$avcodec_descriptor_get_by_nameavcodec_find_encoder
String ID: Couldn't find codec '%s'$Couldn't find codec descriptor '%s'$title
API String ID: 3715327632-3279048111
Opcode ID: c9720edbb9d548ebec2452977bce4eb4d803eed367fb80ba86fd3ea18017a218
Instruction ID: 718f7b1fdf23b7e97024645fc576daf05f0bb513fe7969abc52e4cdfea7a78f0
Opcode Fuzzy Hash: c9720edbb9d548ebec2452977bce4eb4d803eed367fb80ba86fd3ea18017a218
Instruction Fuzzy Hash: 6D616B72606B8586DB14CF16E6903B97BA0FB88B99F054036DF4E87BA8DF38E055C700

Function 00007FF8A7B43CB0 Relevance: 21.1, APIs: 14, Instructions: 123COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FF8A7B43D1B
_aligned_free.MSVCRT ref: 00007FF8A7B43D23

Part of subcall function 00007FF8A7B43CB0: _aligned_free.MSVCRT ref: 00007FF8A7B43CF9

_aligned_free.MSVCRT ref: 00007FF8A7B43D4D
_aligned_free.MSVCRT ref: 00007FF8A7B43D6F
_aligned_free.MSVCRT ref: 00007FF8A7B43D77
_aligned_free.MSVCRT ref: 00007FF8A7B43D7F
_aligned_free.MSVCRT ref: 00007FF8A7B43DB7
_aligned_free.MSVCRT ref: 00007FF8A7B43DD9
_aligned_free.MSVCRT ref: 00007FF8A7B43DE1
_aligned_free.MSVCRT ref: 00007FF8A7B43E0B
_aligned_free.MSVCRT ref: 00007FF8A7B43E2D
_aligned_free.MSVCRT ref: 00007FF8A7B43E35
_aligned_free.MSVCRT ref: 00007FF8A7B43E3D

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free
String ID:
API String ID: 2229574080-0
Opcode ID: 9507d53f166a1d0254cdadf622783abd4b684d210657e614246861b7e6ebef3c
Instruction ID: bbb25a83ac8b211fc6b567f65bd30147393985d1684d4a5bcfbb5684cb6726b7
Opcode Fuzzy Hash: 9507d53f166a1d0254cdadf622783abd4b684d210657e614246861b7e6ebef3c
Instruction Fuzzy Hash: FB412AA1B2B56260EA15FE12D45647E1758EF81FC0B4A8835DE1D5B3D3CE3CE486A3C4

Function 00007FF6AB2417A0 Relevance: 19.6, APIs: 13, Instructions: 72COMMON

Download Yara Rule

APIs

av_write_trailer.AVFORMAT-60 ref: 00007FF6AB2417B5
pthread_mutex_lock.W32-PTHREADS ref: 00007FF6AB2417DE
os_event_signal.OBS ref: 00007FF6AB2417EA
pthread_mutex_unlock.W32-PTHREADS ref: 00007FF6AB2417F6
pthread_join.W32-PTHREADS ref: 00007FF6AB24180E
os_event_destroy.OBS ref: 00007FF6AB24181A
os_event_destroy.OBS ref: 00007FF6AB241826
pthread_mutex_destroy.W32-PTHREADS ref: 00007FF6AB241832
bfree.OBS ref: 00007FF6AB24183E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6AB2418A3
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6AB2418BA
bfree.OBS ref: 00007FF6AB2418C4
av_packet_free.AVCODEC-60 ref: 00007FF6AB2418E5

Memory Dump Source

Source File: 0000000B.00000002.2238921075.00007FF6AB241000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6AB240000, based on PE: true

Associated: 0000000B.00000002.2238894813.00007FF6AB240000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238957985.00007FF6AB245000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238984071.00007FF6AB246000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2239020574.00007FF6AB249000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6ab240000_obs-ffmpeg-mux.jbxd

Similarity

API ID: bfreefreeos_event_destroy$av_packet_freeav_write_traileros_event_signalpthread_joinpthread_mutex_destroypthread_mutex_lockpthread_mutex_unlock
String ID:
API String ID: 3736584056-0
Opcode ID: 8bdf6fd2e92e54ef71616242ce810bf52dd6c25259264d2bdbef31b8de60417c
Instruction ID: 81ffd75f6140fc68594a9ec6c335f49b8cc0ede83eb1444a6a7302e0930e412f
Opcode Fuzzy Hash: 8bdf6fd2e92e54ef71616242ce810bf52dd6c25259264d2bdbef31b8de60417c
Instruction Fuzzy Hash: 4E311C22A2AA8281E751DF31C5613F83760FF99B48F484532DE4E8A9AEDF3895858351

Function 00007FF8BFB82CE4 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 309COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF8BFB82D40

Part of subcall function 00007FF8BFB85010: _GetEstablisherFrame.LIBVCRUNTIME ref: 00007FF8BFB85045
Part of subcall function 00007FF8BFB85010: __GetUnwindTryBlock.LIBCMT ref: 00007FF8BFB85053
Part of subcall function 00007FF8BFB85010: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF8BFB85078

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF8BFB82E18
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB82E25
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF8BFB83060
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB8308E
_GetEstablisherFrame.LIBVCRUNTIME ref: 00007FF8BFB830CC

Part of subcall function 00007FF8BFB86710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8BFB8239E), ref: 00007FF8BFB8671E

abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB83154
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF8BFB83189

Strings

csm, xrefs: 00007FF8BFB82D5A
csm, xrefs: 00007FF8BFB82DC1
csm, xrefs: 00007FF8BFB82E3D

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Frame$BlockEstablisherHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 3436797354-393685449
Opcode ID: d5e0e3ab29c15918133307a59fdea49d8ed4f7431b693d67295d57de9f2acebd
Instruction ID: 86a37aeaf06eb04e483cf3f8d3469abdb3fc568c131735268a09658bf7ad04cb
Opcode Fuzzy Hash: d5e0e3ab29c15918133307a59fdea49d8ed4f7431b693d67295d57de9f2acebd
Instruction Fuzzy Hash: 2BD16036A087418AEB609FA9D4802AD7BA1FB85BD8F144135EF8D57B5ADF38E494C700

Function 00007FF8BFB57400 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 161COMMON

Download Yara Rule

APIs

av_calloc.AVUTIL-58 ref: 00007FF8BFB57470
memcpy.MSVCRT ref: 00007FF8BFB574F2
memcpy.MSVCRT ref: 00007FF8BFB5751E
av_freep.AVUTIL-58(?,?), ref: 00007FF8BFB575A9

Strings

src/libswresample/resample.c, xrefs: 00007FF8BFB5760B
Assertion %s failed at %s:%d, xrefs: 00007FF8BFB57622
!c->frac && !c->dst_incr_mod, xrefs: 00007FF8BFB57612

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpy$av_callocav_freep
String ID: !c->frac && !c->dst_incr_mod$Assertion %s failed at %s:%d$src/libswresample/resample.c
API String ID: 1182148616-608564573
Opcode ID: ae225f1ac773ac5f9c1fe2fea1a141108402761e9a2d6cdf13e09e92a9034940
Instruction ID: 9cd4781f33bf87c42924a952460eea35e35c2782d53753ebc21ca507654105f6
Opcode Fuzzy Hash: ae225f1ac773ac5f9c1fe2fea1a141108402761e9a2d6cdf13e09e92a9034940
Instruction Fuzzy Hash: BC6172B2A087068BD758CF7DD59157DB7A5EB44B98B204136EB0D87798DB3CE441CB80

Function 00007FF8A7B0AE10 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 151stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF8A7B0AE26
memcmp.MSVCRT ref: 00007FF8A7B0AEA5

Strings

mono, xrefs: 00007FF8A7B0AE70

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcmpstrlen
String ID: mono
API String ID: 3108337309-2381334079
Opcode ID: 4442f9bb683f4af6272261eaf8af414874aa53633c76ffc30400c404e096c1e0
Instruction ID: f0a79c8c70ae46ab1b56128eda222e055d93423d47f1508738f156096789c549
Opcode Fuzzy Hash: 4442f9bb683f4af6272261eaf8af414874aa53633c76ffc30400c404e096c1e0
Instruction Fuzzy Hash: 7B5183F1B0B543AAFE659F1594502BE6790EB45BC4F594832DE0EA7784DE3CE447A300

Function 00007FF8BFB58F70 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139COMMON

Download Yara Rule

APIs

av_freep.AVUTIL-58 ref: 00007FF8BFB5909C
av_log.AVUTIL-58 ref: 00007FF8BFB59187
abort.MSVCRT ref: 00007FF8BFB5918C
av_log.AVUTIL-58 ref: 00007FF8BFB591B5
abort.MSVCRT ref: 00007FF8BFB591BA

Strings

a->ch_count, xrefs: 00007FF8BFB59168
a->bps, xrefs: 00007FF8BFB59198
Assertion %s failed at %s:%d, xrefs: 00007FF8BFB59178, 00007FF8BFB591AE
src/libswresample/swresample.c, xrefs: 00007FF8BFB59161, 00007FF8BFB59191

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortav_log$av_freep
String ID: Assertion %s failed at %s:%d$a->bps$a->ch_count$src/libswresample/swresample.c
API String ID: 2329147549-2798989596
Opcode ID: 8a6bc04a2563c4ca64b9d2f166cec7721cca9d96160b8b29e1ad9d54915bbd6c
Instruction ID: 3912c6949bd3892ae2d3b167be24ca124e2f635c2228e23530c43ed2c7041db4
Opcode Fuzzy Hash: 8a6bc04a2563c4ca64b9d2f166cec7721cca9d96160b8b29e1ad9d54915bbd6c
Instruction Fuzzy Hash: 91510072B0968295EB308FADA898BF97360EF547C8F044235DF1D4AA95DF3CE505C600

Function 00007FF8A7B0F360 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 170stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8A7B278F0: strlen.MSVCRT ref: 00007FF8A7B278FF
Part of subcall function 00007FF8A7B278F0: _aligned_realloc.MSVCRT ref: 00007FF8A7B2791F
Part of subcall function 00007FF8A7B278F0: memcpy.MSVCRT ref: 00007FF8A7B27936

_aligned_free.MSVCRT ref: 00007FF8A7B0F410
_aligned_free.MSVCRT ref: 00007FF8A7B0F418
_aligned_free.MSVCRT ref: 00007FF8A7B0F49B
_aligned_free.MSVCRT ref: 00007FF8A7B0F4A5
_aligned_free.MSVCRT ref: 00007FF8A7B0F51E
_aligned_free.MSVCRT ref: 00007FF8A7B0F528
strlen.MSVCRT ref: 00007FF8A7B0F5C0
strlen.MSVCRT ref: 00007FF8A7B0F5CB
memcpy.MSVCRT ref: 00007FF8A7B0F5F9

Strings

%lld, xrefs: 00007FF8A7B0F386

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free$strlen$memcpy$_aligned_realloc
String ID: %lld
API String ID: 3853940031-1962030014
Opcode ID: 8ef0d90d922d738ed908a9e8d1ebc5c3fb02acdd9b45e12231443154cef6d25c
Instruction ID: 0d470ea42bcb471f931457dcf5c7802897b89b799e14e4d6539db1772f58cb3a
Opcode Fuzzy Hash: 8ef0d90d922d738ed908a9e8d1ebc5c3fb02acdd9b45e12231443154cef6d25c
Instruction Fuzzy Hash: A361CAB2B0BA4264EA20EE12A51067E6290FF88BD4F444535EF4E57795EF3CE543E380

Function 00007FF8A7BBAF60 Relevance: 16.7, APIs: 11, Instructions: 159sleepCOMMON

Download Yara Rule

APIs

CreateEventA.KERNEL32 ref: 00007FF8A7BBAFE2
Sleep.KERNEL32 ref: 00007FF8A7BBAFF7

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CreateEventSleep
String ID:
API String ID: 3100162736-0
Opcode ID: e5aaf2775736aee3134771c4ec912a0918e928d2149e6c1679b1ab5e8eb6a53e
Instruction ID: e0aaab4c9e368373482a5f559e9032801a1de348d282e4e92e9d313881d91f1e
Opcode Fuzzy Hash: e5aaf2775736aee3134771c4ec912a0918e928d2149e6c1679b1ab5e8eb6a53e
Instruction Fuzzy Hash: 1B518EB2A0A602D6E7658F11A848BBF3295EB857E4F414335DF2A467D4DF3CA446E300

Function 00007FF8BFB59B80 Relevance: 16.2, APIs: 2, Strings: 7, Instructions: 426COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB58F70: av_freep.AVUTIL-58 ref: 00007FF8BFB5909C

av_log.AVUTIL-58 ref: 00007FF8BFB5A2CE
abort.MSVCRT ref: 00007FF8BFB5A2D3

Strings

?, xrefs: 00007FF8BFB59ED2
s->in.planar, xrefs: 00007FF8BFB5A321
Assertion %s failed at %s:%d, xrefs: 00007FF8BFB5A2C3
s->midbuf.ch_count == s->out.ch_count, xrefs: 00007FF8BFB5A2E7
src/libswresample/swresample.c, xrefs: 00007FF8BFB5A2A8, 00007FF8BFB5A2D8, 00007FF8BFB5A2F5, 00007FF8BFB5A312
s->dither.noise.ch_count == preout->ch_count, xrefs: 00007FF8BFB5A304
s->midbuf.ch_count == s->used_ch_layout.nb_channels, xrefs: 00007FF8BFB5A2B7

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortav_freepav_log
String ID: ?$Assertion %s failed at %s:%d$s->dither.noise.ch_count == preout->ch_count$s->in.planar$s->midbuf.ch_count == s->out.ch_count$s->midbuf.ch_count == s->used_ch_layout.nb_channels$src/libswresample/swresample.c
API String ID: 3736396223-3190629393
Opcode ID: d26e443fe19845a36fdde429c2a9a759add677dece32294348b5e2c239672df1
Instruction ID: 537e43ed3cddf1cb8e176ae39bd36429b02257f097ab387260e42451b7cd357a
Opcode Fuzzy Hash: d26e443fe19845a36fdde429c2a9a759add677dece32294348b5e2c239672df1
Instruction Fuzzy Hash: 1E02E072A0869686E7209FAA94607BAB7A5FB45BC8F580036DF4D5B788DF3CF444C710

Function 00007FF8BFB8E350 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 196COMMON

Download Yara Rule

Strings

`template-parameter-, xrefs: 00007FF8BFB8E44A
generic-type-, xrefs: 00007FF8BFB8E45E
template-parameter-, xrefs: 00007FF8BFB8E417
`generic-type-, xrefs: 00007FF8BFB8E491

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
API String ID: 0-3207858774
Opcode ID: 6f458657f8fae6e2f2557f40169539ea56a3e6fb73d2116d9b83691f1491e61c
Instruction ID: 3eda163644d6c9d6704849bba501ec1a87a5471fbedaa3212919024432804a1b
Opcode Fuzzy Hash: 6f458657f8fae6e2f2557f40169539ea56a3e6fb73d2116d9b83691f1491e61c
Instruction Fuzzy Hash: F1916B22A08A4699FB11DBE9D4502FC37A1AB95BC8F88813ADB4D037A6DF3CE505C740

Function 00007FF8A7BA9990 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 155COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF8A7BA9AF8

Strings

-, xrefs: 00007FF8A7BA9A98

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: -
API String ID: 2918714741-2547889144
Opcode ID: f978b8ec28ce8a6f9b5e47dd2052fece94246ae97b2b9cc28d4a0647f4bf6175
Instruction ID: e927e6fa15d32b7607859ea6423d10bf55dc168a74224cb9e0bf4dc290cd21da
Opcode Fuzzy Hash: f978b8ec28ce8a6f9b5e47dd2052fece94246ae97b2b9cc28d4a0647f4bf6175
Instruction Fuzzy Hash: FE51E1B2E0F2566BFB64AE25985437D2681EF417EAF850531ED6E0A2C1DD3CE842F300

Function 00007FF8A7BA9BF0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 147COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF8A7BA9D38

Strings

ambisonic , xrefs: 00007FF8A7BA9BF9
-, xrefs: 00007FF8A7BA9CFA

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: -$ambisonic
API String ID: 2918714741-2876420257
Opcode ID: c1d0ba877cb9a5e33fb598b34b3d9939bb9d6dbd7a5e029ec6c2859871519c45
Instruction ID: dfa386ff6428006df73972b9ba21f4654fc1d161b53fb356985c526fdf2befc9
Opcode Fuzzy Hash: c1d0ba877cb9a5e33fb598b34b3d9939bb9d6dbd7a5e029ec6c2859871519c45
Instruction Fuzzy Hash: EA4105F2E0A5526BFB606E2558593BD25C1EF417E6F454931DE6A4A2C0ED3CE883F700

Function 00007FF8BFB8A13C Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 120COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8A198

Part of subcall function 00007FF8BFB8722C: DName::operator+=.LIBVCRUNTIME ref: 00007FF8BFB87247

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8A2C5

Strings

enum , xrefs: 00007FF8BFB8A287
`unknown ecsu', xrefs: 00007FF8BFB8A164
struct , xrefs: 00007FF8BFB8A2E9
coclass , xrefs: 00007FF8BFB8A27E
union , xrefs: 00007FF8BFB8A2F2
cointerface , xrefs: 00007FF8BFB8A26C
class , xrefs: 00007FF8BFB8A2DA

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+$Name::operator+=
String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
API String ID: 179159573-1464470183
Opcode ID: 2fc61dd6c602e97fa3c1e55ca06bd20aebc659b0b394667bc2b1a0081ee2f141
Instruction ID: 57412be7b3d0433f7e5144368553e0a347e99db1b0a9cdd8ac94c1dc0354bfd9
Opcode Fuzzy Hash: 2fc61dd6c602e97fa3c1e55ca06bd20aebc659b0b394667bc2b1a0081ee2f141
Instruction Fuzzy Hash: AF516B71F18A16A9FB24DBA8E8805FC77B5BB543C4F504239EF0D12A5ADF29E541C700

Function 00007FF8A7B2D3D0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 110stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8A7B05FB0: strlen.MSVCRT ref: 00007FF8A7B05FC9

strspn.MSVCRT ref: 00007FF8A7B2D44B
_aligned_free.MSVCRT ref: 00007FF8A7B2D4BB
_aligned_free.MSVCRT ref: 00007FF8A7B2D4C3
_aligned_free.MSVCRT ref: 00007FF8A7B2D544
_aligned_free.MSVCRT ref: 00007FF8A7B2D54C
_aligned_free.MSVCRT ref: 00007FF8A7B2D57A

Strings

Key '%s' not found., xrefs: 00007FF8A7B2D525
Missing key or no key/value separator found after key '%s', xrefs: 00007FF8A7B2D55B
Setting entry with key '%s' to value '%s', xrefs: 00007FF8A7B2D40E

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free$strlenstrspn
String ID: Key '%s' not found.$Missing key or no key/value separator found after key '%s'$Setting entry with key '%s' to value '%s'
API String ID: 1832283230-2858522012
Opcode ID: 6858625f83de9048fadb2900624906809c4cd63edab14c6c68f5989beb2d347c
Instruction ID: 7381860da65470c3b0278bed0198c9588577dd3d5065f159ccdf6c46db6a2a57
Opcode Fuzzy Hash: 6858625f83de9048fadb2900624906809c4cd63edab14c6c68f5989beb2d347c
Instruction Fuzzy Hash: 8E4192F1A0B68160FB619E12A8006BE5650EF85BC4F948435EE4E077A6CD3CE587E380

Function 00007FF8A7B29900 Relevance: 15.3, APIs: 1, Strings: 9, Instructions: 317stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7B299A4

Strings

(default , xrefs: 00007FF8A7B29D46
%s, xrefs: 00007FF8A7B29B9A
%s%-17s , xrefs: 00007FF8A7B29A3D
%-15s , xrefs: 00007FF8A7B299B0
%-12s , xrefs: 00007FF8A7B29A5D
%c%c%c%c%c%c%c%c%c%c%c, xrefs: 00007FF8A7B29B55
I, xrefs: 00007FF8A7B29D30
to , xrefs: 00007FF8A7B29C59
(from , xrefs: 00007FF8A7B29C1B

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmp
String ID: %-15s $ %s%-17s $ %s$ (default $ (from $ I$ to $%-12s $%c%c%c%c%c%c%c%c%c%c%c
API String ID: 1004003707-1704579004
Opcode ID: 2ea16860b3427611d439ee252ee5f1f96aacb857c5cfc9ddd7f0c0fe524bede6
Instruction ID: 1c5a5bc8c59c4f5caf0de119c5ee023e38baf6eec751ded9552362e2b1756d63
Opcode Fuzzy Hash: 2ea16860b3427611d439ee252ee5f1f96aacb857c5cfc9ddd7f0c0fe524bede6
Instruction Fuzzy Hash: EEC1E0B2B0BA42AAEB149F21E4407BE2361FB847D5F948135DA0D57B95DF3CE442E780

Function 00007FF8A7B0F640 Relevance: 15.2, APIs: 10, Instructions: 244stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8A7B05FB0: strlen.MSVCRT ref: 00007FF8A7B05FC9

strspn.MSVCRT ref: 00007FF8A7B0F71E
_aligned_free.MSVCRT ref: 00007FF8A7B0F7E5
_aligned_free.MSVCRT ref: 00007FF8A7B0F7ED

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free$strlenstrspn
String ID:
API String ID: 1832283230-0
Opcode ID: 26bc88a9fd69d679ea30a0b0f13b4c0f719b999fe5c0e19c8c29863e318b563f
Instruction ID: b0e1263dd73eb1cdaf880d314e29d2a698dccd7b908ca20ba8307c1c2558ea38
Opcode Fuzzy Hash: 26bc88a9fd69d679ea30a0b0f13b4c0f719b999fe5c0e19c8c29863e318b563f
Instruction Fuzzy Hash: D9A14EB2A0BB82A5EB10EF11E4547BEA790EF94BC0F444135EA8D577A5DE2CE442D780

Function 00007FF8BFB888E4 Relevance: 15.2, APIs: 10, Instructions: 150COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB889AE
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB889BE
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB88A0A
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB88A1A
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB88A2A
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB88A9D
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB88AAE
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB88AC0
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB88AEC
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB88AFB

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID:
API String ID: 2943138195-0
Opcode ID: 28d39e64d2900046752fe00e0d170ae61e4b908a297697eb59c3c366de5be272
Instruction ID: ca57e452659b303addd90072ce14749a0d8f0947a53c3af6a316747859f549fc
Opcode Fuzzy Hash: 28d39e64d2900046752fe00e0d170ae61e4b908a297697eb59c3c366de5be272
Instruction Fuzzy Hash: 67614962B14B6699FB00DBE8D8801EC37B2BB84788F505436EF4D6BA9ADF78D545C340

Function 00007FF8A7B109B0 Relevance: 15.1, APIs: 10, Instructions: 135COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FF8A7B10AA6
_aligned_free.MSVCRT ref: 00007FF8A7B10ADD
_aligned_free.MSVCRT ref: 00007FF8A7B10AFA
_aligned_free.MSVCRT ref: 00007FF8A7B10B03
_aligned_free.MSVCRT ref: 00007FF8A7B10B0C
_aligned_free.MSVCRT ref: 00007FF8A7B10B14
_aligned_free.MSVCRT ref: 00007FF8A7B10B1D
_aligned_free.MSVCRT ref: 00007FF8A7B10B27
_aligned_free.MSVCRT ref: 00007FF8A7B10B31
_aligned_free.MSVCRT ref: 00007FF8A7B10B3C

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free
String ID:
API String ID: 2229574080-0
Opcode ID: 5319d01e5d1025e7fc0068ae3d94082f79af11993daff4612deb7ef89ba06dda
Instruction ID: d44ec6e3897425cec8d03197c3532fd494a44be37fa96f7f3faea403331b841a
Opcode Fuzzy Hash: 5319d01e5d1025e7fc0068ae3d94082f79af11993daff4612deb7ef89ba06dda
Instruction Fuzzy Hash: 8D41D2B2B5B60661EA51EF15C48977F2399EF84BC4F450539EE0D07391DE38E842E384

Function 00007FF8A7BB9840 Relevance: 15.1, APIs: 10, Instructions: 100COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 00007FF8A7BB985D

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: de550876fdf94b650e17a9c6284cbc8fe7517bb1ab88a7b2ec8df1b363e153e6
Instruction ID: f7ef2d93b18e044990b645144b635917f31f993d9f98df1db12f2c3f7383e30f
Opcode Fuzzy Hash: de550876fdf94b650e17a9c6284cbc8fe7517bb1ab88a7b2ec8df1b363e153e6
Instruction Fuzzy Hash: 61316DB1A0A702AAEB509F21E80836D36A0FF48BD9F445235DE5D067E8DF3CE446D704

Function 00007FF6AB242030 Relevance: 15.0, APIs: 5, Strings: 5, Instructions: 41stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6AB2423A2), ref: 00007FF6AB24204A
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6AB2423A2), ref: 00007FF6AB242065
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6AB2423A2), ref: 00007FF6AB242080
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6AB2423A2), ref: 00007FF6AB24209B
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6AB2423A2), ref: 00007FF6AB2420B6

Strings

rist, xrefs: 00007FF6AB2420A9
udp, xrefs: 00007FF6AB242058
tcp, xrefs: 00007FF6AB242073
http, xrefs: 00007FF6AB24208E
srt, xrefs: 00007FF6AB242039

Memory Dump Source

Source File: 0000000B.00000002.2238921075.00007FF6AB241000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6AB240000, based on PE: true

Associated: 0000000B.00000002.2238894813.00007FF6AB240000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238957985.00007FF6AB245000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238984071.00007FF6AB246000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2239020574.00007FF6AB249000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6ab240000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strncmp
String ID: http$rist$srt$tcp$udp
API String ID: 1114863663-504309389
Opcode ID: d2521f5543573ed7a9b47c763349208ce3ea302e6d5c14a99d4cb2250db2cd2e
Instruction ID: c70e5a487a469dc915847ad961312d782295d4056cfe9ae73c919358a26d216f
Opcode Fuzzy Hash: d2521f5543573ed7a9b47c763349208ce3ea302e6d5c14a99d4cb2250db2cd2e
Instruction Fuzzy Hash: 54010CA4B2550380FB218F23E64163413A4EF5DB95F846037C94DCBA78DF6DE549C720

Function 00007FF8BFB55C20 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 341COMMON

Download Yara Rule

Strings

s-> in_ch_layout.order == AV_CHANNEL_ORDER_UNSPEC || in ->ch_count == s->in_ch_layout.nb_channels, xrefs: 00007FF8BFB5620F
src/libswresample/rematrix.c, xrefs: 00007FF8BFB561D0, 00007FF8BFB56200
Assertion %s failed at %s:%d, xrefs: 00007FF8BFB561EB
s->out_ch_layout.order == AV_CHANNEL_ORDER_UNSPEC || out->ch_count == s->out_ch_layout.nb_channels, xrefs: 00007FF8BFB561DF

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: Assertion %s failed at %s:%d$s-> in_ch_layout.order == AV_CHANNEL_ORDER_UNSPEC || in ->ch_count == s->in_ch_layout.nb_channels$s->out_ch_layout.order == AV_CHANNEL_ORDER_UNSPEC || out->ch_count == s->out_ch_layout.nb_channels$src/libswresample/rematrix.c
API String ID: 0-729179064
Opcode ID: 497491d05170ef8247b869581e7d03bb9a59682df4ab4db83a46a576b33f8865
Instruction ID: c6424993d13fb7ba8091519f3204d5ac6c8a1cad813ceaab799424074bf417b1
Opcode Fuzzy Hash: 497491d05170ef8247b869581e7d03bb9a59682df4ab4db83a46a576b33f8865
Instruction Fuzzy Hash: 7CE1DC73A08A8286DB208F99D054ABE7765FB447C9F465236DB4D17B98DF3CE146CB00

Function 00007FF8BFB831A0 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 314COMMON

Download Yara Rule

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF8BFB8333E
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB8334B

Part of subcall function 00007FF8BFB86710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8BFB8239E), ref: 00007FF8BFB8671E

terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB835F9
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB83644
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF8BFB83679

Strings

csm, xrefs: 00007FF8BFB832E7
csm, xrefs: 00007FF8BFB83367
csm, xrefs: 00007FF8BFB83285

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 211107550-393685449
Opcode ID: 1f2c6e9c8ad6c1917ecaa8d6efe9c468c91fc9baef10e6d9588306a72b9f3ebc
Instruction ID: 1542959659a5663cec8aa175234af273442f924243d733fe0a82547a0b794548
Opcode Fuzzy Hash: 1f2c6e9c8ad6c1917ecaa8d6efe9c468c91fc9baef10e6d9588306a72b9f3ebc
Instruction Fuzzy Hash: 8BE19F73A086828AE7109FACD4902AD7BA1FB84BC8F184136DF9D57796DF38E495C740

Function 00007FF8A7B21E20 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 248COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF8A7B22154

Strings

Assertion %s failed at %s:%d, xrefs: 00007FF8A7B22182
src/libavutil/imgutils.c, xrefs: 00007FF8A7B22167, 00007FF8A7B22197
((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth, xrefs: 00007FF8A7B221A6
av_image_get_linesize failed, xrefs: 00007FF8A7B220D0
((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth, xrefs: 00007FF8A7B22176

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpy
String ID: ((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth$((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth$Assertion %s failed at %s:%d$av_image_get_linesize failed$src/libavutil/imgutils.c
API String ID: 3510742995-882259572
Opcode ID: 0f20995bfb48e77148fec557d5fbaa226202661854b0129ced2db76bb94dc692
Instruction ID: 34672b6f22a0a2e74271cfb38c2d96e7f2674d9d62c375c62c058cc4ab965e56
Opcode Fuzzy Hash: 0f20995bfb48e77148fec557d5fbaa226202661854b0129ced2db76bb94dc692
Instruction Fuzzy Hash: 69A180B2A0B78596EB148F15A9401AEB7A1EB88BD0F484135EF4D47BA4DF3CE442E740

Function 00007FF8A7B21A70 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 243COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF8A7B21B99
memcpy.MSVCRT ref: 00007FF8A7B21D31
abort.MSVCRT ref: 00007FF8A7B21DF2

Strings

Assertion %s failed at %s:%d, xrefs: 00007FF8A7B21DE2
src/libavutil/imgutils.c, xrefs: 00007FF8A7B21DC7, 00007FF8A7B21DF7
((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth, xrefs: 00007FF8A7B21DD6
av_image_get_linesize failed, xrefs: 00007FF8A7B21D93
((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth, xrefs: 00007FF8A7B21E06

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpy$abort
String ID: ((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth$((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth$Assertion %s failed at %s:%d$av_image_get_linesize failed$src/libavutil/imgutils.c
API String ID: 3629556515-882259572
Opcode ID: 720129b710e5ed98a497ce0c61193de95d3f52df19d8a310f2021f8bda355e19
Instruction ID: 873666eb33173cc0b5830ca2937afbdc884a5ca3da2644cc459d97b94c237d59
Opcode Fuzzy Hash: 720129b710e5ed98a497ce0c61193de95d3f52df19d8a310f2021f8bda355e19
Instruction Fuzzy Hash: 8BA1A1B6A0BB8996DB648F15E44026EB7A0FB88BD0F548135DE8D47BA4DF3CE442D740

Function 00007FF8A7B2D5B0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 145COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8A7B2C1D0: strspn.MSVCRT ref: 00007FF8A7B2C1FC
Part of subcall function 00007FF8A7B2C1D0: strspn.MSVCRT ref: 00007FF8A7B2C245
Part of subcall function 00007FF8A7B2C1D0: strchr.MSVCRT ref: 00007FF8A7B2C25D
Part of subcall function 00007FF8A7B2C1D0: memcpy.MSVCRT ref: 00007FF8A7B2C28C

_aligned_free.MSVCRT ref: 00007FF8A7B2D678
_aligned_free.MSVCRT ref: 00007FF8A7B2D682
_aligned_free.MSVCRT ref: 00007FF8A7B2D72C
_aligned_free.MSVCRT ref: 00007FF8A7B2D736

Strings

Setting '%s' to value '%s', xrefs: 00007FF8A7B2D620
Unable to parse '%s': %s, xrefs: 00007FF8A7B2D7E3
No option name near '%s', xrefs: 00007FF8A7B2D7FC
Option '%s' not found, xrefs: 00007FF8A7B2D832

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free$strspn$memcpystrchr
String ID: No option name near '%s'$Option '%s' not found$Setting '%s' to value '%s'$Unable to parse '%s': %s
API String ID: 2931229598-2003673103
Opcode ID: 5496a8e94afb4b653dcbea0521884cd186c85a6990d9a2e756bf1473de833a0d
Instruction ID: 046ae908bb8662d5f7533cdc54e6a20b6c9bdeab0c25746601bb8cda6e1f076e
Opcode Fuzzy Hash: 5496a8e94afb4b653dcbea0521884cd186c85a6990d9a2e756bf1473de833a0d
Instruction Fuzzy Hash: 2151B3B260AB86A1E7619F11E8147AEA7A0FB847C4F804135EE8D47BA5DF3CD045E780

Function 00007FF8A7B844C0 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 142COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7B845DA

Strings

Assertion %s failed at %s:%d, xrefs: 00007FF8A7B845C6
!"valid element size", xrefs: 00007FF8A7B845B6
. -_, xrefs: 00007FF8A7B8468B
src/libavutil/utils.c, xrefs: 00007FF8A7B845AF
D, xrefs: 00007FF8A7B845CD
[%d], xrefs: 00007FF8A7B84603

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: !"valid element size"$. -_$Assertion %s failed at %s:%d$D$[%d]$src/libavutil/utils.c
API String ID: 4206212132-1952739643
Opcode ID: 8dda062a40ab2f67f05643896e4bd6b922d436051c7bb03a64cbc94b01d14da1
Instruction ID: f16454e1c0ebbe20cd1b1fb73ea480ed75cbab3c231a63122a5b5079d339399b
Opcode Fuzzy Hash: 8dda062a40ab2f67f05643896e4bd6b922d436051c7bb03a64cbc94b01d14da1
Instruction Fuzzy Hash: 1C51C0F2E1A25AA5FB209F31A5009FD7B90FB55BC4F894631DE0D43790EE3CA596D600

Function 00007FF8BFB8BE24 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8BFD8

Part of subcall function 00007FF8BFB88C24: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8913D
Part of subcall function 00007FF8BFB88C24: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB89175

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8BF8A

Strings

cli::pin_ptr<, xrefs: 00007FF8BFB8BFA1
std::nullptr_t, xrefs: 00007FF8BFB8BF03
void , xrefs: 00007FF8BFB8BE96
cli::array<, xrefs: 00007FF8BFB8BF57
void, xrefs: 00007FF8BFB8BE6E
std::nullptr_t , xrefs: 00007FF8BFB8BF16

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
API String ID: 2943138195-2239912363
Opcode ID: e2dcc5ac231621b7bb9adceaede0f9dd180f9bba2b8fff5e7c5622460418e45f
Instruction ID: 62a6018308b4d67c254759c5f328e5506aae8002e6641cd06cbd69267843e90e
Opcode Fuzzy Hash: e2dcc5ac231621b7bb9adceaede0f9dd180f9bba2b8fff5e7c5622460418e45f
Instruction Fuzzy Hash: B8515D62E18B5699FB11CBB8D8852BC77B0BB98788F44853ADF4D12B96DF3CA444C710

Function 00007FF8BFB58AB0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF8BFB58B22
av_log.AVUTIL-58 ref: 00007FF8BFB58B83
abort.MSVCRT ref: 00007FF8BFB58B88

Strings

out->ch_count == in->ch_count, xrefs: 00007FF8BFB58B6C
out->bps == in->bps, xrefs: 00007FF8BFB58B9C
Assertion %s failed at %s:%d, xrefs: 00007FF8BFB58B78
src/libswresample/swresample.c, xrefs: 00007FF8BFB58B5D, 00007FF8BFB58B8D, 00007FF8BFB58BAA
out->planar == in->planar, xrefs: 00007FF8BFB58BB9

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortav_logmemcpy
String ID: Assertion %s failed at %s:%d$out->bps == in->bps$out->ch_count == in->ch_count$out->planar == in->planar$src/libswresample/swresample.c
API String ID: 2496068414-3511948170
Opcode ID: b7f206457b9caba27af6789feee01ca3d186e054d088e26f0222d9f3267d756f
Instruction ID: 233e83b5c76a9cf5253617047d87c2b3d226544cfe92710e651a96db8483879c
Opcode Fuzzy Hash: b7f206457b9caba27af6789feee01ca3d186e054d088e26f0222d9f3267d756f
Instruction Fuzzy Hash: A021EFB6A09A46A6E720CF99E9550B9B3A8FB443D4F944232CF4C033A1DF3DF555CA00

Function 00007FF8A7B0FAD0 Relevance: 13.7, APIs: 9, Instructions: 221COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FF8A7B0FBE6
_aligned_free.MSVCRT ref: 00007FF8A7B0FBF0
_aligned_free.MSVCRT ref: 00007FF8A7B0FC3D
_aligned_free.MSVCRT ref: 00007FF8A7B0FC45

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free
String ID:
API String ID: 2229574080-0
Opcode ID: bb8437b69a084f07a8ed3204e31c2741436194e29f9f638b4584538b28a8ba08
Instruction ID: ce1fcbe4efaef42056508f1bf272c0fcf15ce05ebf5d52024c901de4801bf5ac
Opcode Fuzzy Hash: bb8437b69a084f07a8ed3204e31c2741436194e29f9f638b4584538b28a8ba08
Instruction Fuzzy Hash: 94819CB2B0A642A5EB20DF12A45167EA3A0FB84BC0F444535EF4D57795DE3CE443EB80

Function 00007FF8A7B0F080 Relevance: 13.7, APIs: 9, Instructions: 181COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FF8A7B0F10E
_aligned_free.MSVCRT ref: 00007FF8A7B0F118
_aligned_free.MSVCRT ref: 00007FF8A7B0F157
_aligned_free.MSVCRT ref: 00007FF8A7B0F15F

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free
String ID:
API String ID: 2229574080-0
Opcode ID: 01f721f6df29f9dd6bf7ef2f97b91fefc10836ccc23b581315bb421e2c98f023
Instruction ID: 69bf6f026382f4239b7bb22032dbd25d1a2f94c161d44886f07ad896c3a2edb4
Opcode Fuzzy Hash: 01f721f6df29f9dd6bf7ef2f97b91fefc10836ccc23b581315bb421e2c98f023
Instruction Fuzzy Hash: 2D619FB6B0BA4265EA25EE12E41167E6390FF48BD8F444134EE8D57792DE3CE443E380

Function 00007FF8A7B29D80 Relevance: 13.6, APIs: 2, Strings: 7, Instructions: 146stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7B299A4
strcmp.MSVCRT ref: 00007FF8A7B29DD7

Strings

UINT32_MAX, xrefs: 00007FF8A7B2A2E8
INT_MAX, xrefs: 00007FF8A7B2A2B6
%-15s , xrefs: 00007FF8A7B299B0
%lld, xrefs: 00007FF8A7B2A29D
INT_MIN, xrefs: 00007FF8A7B2A301
I64_MAX, xrefs: 00007FF8A7B2A31A
I64_MIN, xrefs: 00007FF8A7B2A2CF

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmp
String ID: %-15s $%lld$I64_MAX$I64_MIN$INT_MAX$INT_MIN$UINT32_MAX
API String ID: 1004003707-1419900426
Opcode ID: 60724dc2eec3de23298e2ae44bcb11fdf03ae2348c3838bc2f08ec1f1516dc3e
Instruction ID: 0e1965ca45ea129bfa2bdda772c5ad8d71ad562f7ae54ba92efee2628526cbab
Opcode Fuzzy Hash: 60724dc2eec3de23298e2ae44bcb11fdf03ae2348c3838bc2f08ec1f1516dc3e
Instruction Fuzzy Hash: A95179B1A0B242AAEB659E11A1043BE2360EF457E1FD81232DE1D676D5CF7DE442E2C0

Function 00007FF6AB242160 Relevance: 13.6, APIs: 9, Instructions: 98COMMON

Download Yara Rule

APIs

pthread_mutex_lock.W32-PTHREADS ref: 00007FF6AB2421BB
os_event_reset.OBS ref: 00007FF6AB2421E7
pthread_mutex_unlock.W32-PTHREADS ref: 00007FF6AB2421F3
os_event_wait.OBS ref: 00007FF6AB2421FF
pthread_mutex_lock.W32-PTHREADS ref: 00007FF6AB24220B
memcpy.VCRUNTIME140 ref: 00007FF6AB24227B
memcpy.VCRUNTIME140 ref: 00007FF6AB24228E
os_event_signal.OBS ref: 00007FF6AB2422D1
pthread_mutex_unlock.W32-PTHREADS ref: 00007FF6AB2422DD

Memory Dump Source

Source File: 0000000B.00000002.2238921075.00007FF6AB241000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6AB240000, based on PE: true

Associated: 0000000B.00000002.2238894813.00007FF6AB240000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238957985.00007FF6AB245000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238984071.00007FF6AB246000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2239020574.00007FF6AB249000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6ab240000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpypthread_mutex_lockpthread_mutex_unlock$os_event_resetos_event_signalos_event_wait
String ID:
API String ID: 2918620995-0
Opcode ID: 2ecd02ec26d4cc9ba7addf2ffba6d2c38598a6939d4a4f97ceb40f02c73610ba
Instruction ID: da58edf88876ae90fdddf72a0954b197992572584e0b38852c5c15af780aba52
Opcode Fuzzy Hash: 2ecd02ec26d4cc9ba7addf2ffba6d2c38598a6939d4a4f97ceb40f02c73610ba
Instruction Fuzzy Hash: 88415136629A8181D720DF22E6513B96760FB99B98F440033EF8D97F6ECF38D1908710

Function 00007FF8A7BB7C30 Relevance: 13.6, APIs: 9, Instructions: 96COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8A7BB7B90: EnterCriticalSection.KERNEL32(?,?,?,?,00007FF8A7BB7EA7,?,?,?,?,?,?,?,?,00007FF8A7B41502), ref: 00007FF8A7BB7BB6
Part of subcall function 00007FF8A7BB7B90: LeaveCriticalSection.KERNEL32(?,?,00007FF8A7BB7EA7,?,?,?,?,?,?,?,?,00007FF8A7B41502), ref: 00007FF8A7BB7BDB

TryEnterCriticalSection.KERNEL32 ref: 00007FF8A7BB7CB0
CloseHandle.KERNEL32(?,?,?,?,?,?,00007FF8A7B41817), ref: 00007FF8A7BB7CF8
CloseHandle.KERNEL32(?,?,?,?,?,?,00007FF8A7B41817), ref: 00007FF8A7BB7D02
LeaveCriticalSection.KERNEL32 ref: 00007FF8A7BB7D07
DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,00007FF8A7B41817), ref: 00007FF8A7BB7D17
DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,00007FF8A7B41817), ref: 00007FF8A7BB7D1C
DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,00007FF8A7B41817), ref: 00007FF8A7BB7D23
free.MSVCRT ref: 00007FF8A7BB7D28

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CriticalSection$Delete$CloseEnterHandleLeave$free
String ID:
API String ID: 3899327206-0
Opcode ID: 2505bcbe3cd4d1a469b291fb81c03ba1909a3890b205137eb9b30536ece67948
Instruction ID: 331d703753a90f788f7e9a242fbdc3b0a886c148721775b275014b4b34a105e4
Opcode Fuzzy Hash: 2505bcbe3cd4d1a469b291fb81c03ba1909a3890b205137eb9b30536ece67948
Instruction Fuzzy Hash: E9315E71A0A902A5E6519B2298147AE2794FFC5BE8F844632DE2E537D5CE3CD543E304

Function 00007FF6AB2435E4 Relevance: 13.6, APIs: 9, Instructions: 94COMMON

Download Yara Rule

APIs

__scrt_initialize_crt.LIBCMT ref: 00007FF6AB2435F8
__scrt_acquire_startup_lock.LIBCMT ref: 00007FF6AB24360D
__scrt_release_startup_lock.LIBCMT ref: 00007FF6AB24367B
_register_thread_local_exe_atexit_callback.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6AB2436C9
_get_initial_wide_environment.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6AB2436CE
__p___wargv.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6AB2436D6
__p___argc.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6AB2436DE
_cexit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6AB243700
_exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6AB24375A

Memory Dump Source

Source File: 0000000B.00000002.2238921075.00007FF6AB241000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6AB240000, based on PE: true

Associated: 0000000B.00000002.2238894813.00007FF6AB240000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238957985.00007FF6AB245000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238984071.00007FF6AB246000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2239020574.00007FF6AB249000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6ab240000_obs-ffmpeg-mux.jbxd

Similarity

API ID: __p___argc__p___wargv__scrt_acquire_startup_lock__scrt_initialize_crt__scrt_release_startup_lock_cexit_exit_get_initial_wide_environment_register_thread_local_exe_atexit_callback
String ID:
API String ID: 1184979102-0
Opcode ID: d1267e791b308d50114738cb6d3fcce0682459912f5f90b2ba963487117e6561
Instruction ID: efae2d82a39f72c902cabd6a4cc3d346cb3a238f1fe9057d1a09c4074354e75a
Opcode Fuzzy Hash: d1267e791b308d50114738cb6d3fcce0682459912f5f90b2ba963487117e6561
Instruction Fuzzy Hash: D9316B21A2E20341FA24AB20D6523B923A1BF5D784F444437EA5ECBEFFDE2CE404C600

Function 00007FF8BFB62290 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 167COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 00007FF8BFB623A9

Strings

Address %p has no image-section, xrefs: 00007FF8BFB62300, 00007FF8BFB62510
Mingw-w64 runtime failure:, xrefs: 00007FF8BFB622C8
VirtualQuery failed for %d bytes at address %p, xrefs: 00007FF8BFB624FC
VirtualProtect failed with code 0x%x, xrefs: 00007FF8BFB624A2

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: QueryVirtual
String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
API String ID: 1804819252-1534286854
Opcode ID: 177a0442ffddc2d8412e742cb8e5249e265e09483f4b31c5fb5574984be0ec8a
Instruction ID: a1640eb021950a2c3daf9855610039eb626ab88aaacc8b2e76b881868e8e1293
Opcode Fuzzy Hash: 177a0442ffddc2d8412e742cb8e5249e265e09483f4b31c5fb5574984be0ec8a
Instruction Fuzzy Hash: 4E61CF32B09B42A6FB108F99E845669B7A0FB49BD4F448235EB5C47B90EE3CE484C700

Function 00007FF8A7BA87A0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 167COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 00007FF8A7BA88B9

Strings

Address %p has no image-section, xrefs: 00007FF8A7BA8810, 00007FF8A7BA8A20
VirtualQuery failed for %d bytes at address %p, xrefs: 00007FF8A7BA8A0C
VirtualProtect failed with code 0x%x, xrefs: 00007FF8A7BA89B2
Mingw-w64 runtime failure:, xrefs: 00007FF8A7BA87D8

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: QueryVirtual
String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
API String ID: 1804819252-1534286854
Opcode ID: a8cae70abf7ffee8518c3ea9921427e896fff9301f328d805a1cc0052b195cee
Instruction ID: 015d4947b919faca28ef3f9b4df4be3358e8868462d5cdd14096bd85049e01cf
Opcode Fuzzy Hash: a8cae70abf7ffee8518c3ea9921427e896fff9301f328d805a1cc0052b195cee
Instruction Fuzzy Hash: 8361C1B2B0AB02A6EB11AF15E88467D77A1FB857D0F545239EB9D03795EE3CE442D300

Function 00007FF8BFB85F0A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB863F0: RtlPcToFileHeader.KERNEL32 ref: 00007FF8BFB86434
Part of subcall function 00007FF8BFB863F0: RaiseException.KERNEL32 ref: 00007FF8BFB8647A

RtlPcToFileHeader.KERNEL32 ref: 00007FF8BFB85FA7
FindMITargetTypeInstance.LIBVCRUNTIME ref: 00007FF8BFB86003

Strings

Attempted a typeid of nullptr pointer!, xrefs: 00007FF8BFB860E5
Access violation - no RTTI data!, xrefs: 00007FF8BFB85F0A, 00007FF8BFB8612B
Bad read pointer - no RTTI data!, xrefs: 00007FF8BFB86108
Bad dynamic_cast!, xrefs: 00007FF8BFB86072

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: FileHeader$ExceptionFindInstanceRaiseTargetType
String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
API String ID: 1852475696-928371585
Opcode ID: 7f6c35cefbfcfc98e88ebc0aa35afe6c2c6ede9eabcdb344d1914a97fbaad475
Instruction ID: d32f4f0aa600e8032ac7510b2150dcea80d767f76e03e96dbea36ed410b9ac5e
Opcode Fuzzy Hash: 7f6c35cefbfcfc98e88ebc0aa35afe6c2c6ede9eabcdb344d1914a97fbaad475
Instruction Fuzzy Hash: 7351C362B19A4692EE20DF9CE8906B96361FF84BD4F409435DB8D07766EF3CE505C700

Function 00007FF8BFB53F10 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 144COMMON

Download Yara Rule

APIs

av_free.AVUTIL-58 ref: 00007FF8BFB54056
av_log.AVUTIL-58 ref: 00007FF8BFB54139
abort.MSVCRT ref: 00007FF8BFB5413E

Strings

*, xrefs: 00007FF8BFB5416A
Assertion %s failed at %s:%d, xrefs: 00007FF8BFB5412E
s->dither.method < SWR_DITHER_NB, xrefs: 00007FF8BFB54152
src/libswresample/dither.c, xrefs: 00007FF8BFB54113, 00007FF8BFB5414B

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortav_freeav_log
String ID: *$Assertion %s failed at %s:%d$s->dither.method < SWR_DITHER_NB$src/libswresample/dither.c
API String ID: 3300847756-1990850000
Opcode ID: ab30c3e9237167edfc00d8e6b718087be1c521b79e3897be0253280de5e0c4da
Instruction ID: 36cf6cff04ec9bf50c79797a130f9399cb93bcbec1659f6146f630b5705b0cec
Opcode Fuzzy Hash: ab30c3e9237167edfc00d8e6b718087be1c521b79e3897be0253280de5e0c4da
Instruction Fuzzy Hash: 46511872D18F4295EA26CBBC946217AF355EF563C4F548332D70E26694EF3DB08AC600

Function 00007FF8BFB8E148 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8E1BC
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8E1CB
DName::operator+=.LIBVCRUNTIME ref: 00007FF8BFB8E2E8

Part of subcall function 00007FF8BFB8C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C459
Part of subcall function 00007FF8BFB8C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C492
Part of subcall function 00007FF8BFB8C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C7BB

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8E26B
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8E27B
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8E325

Strings

{for , xrefs: 00007FF8BFB8E1F4

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+$Name::operator+=
String ID: {for
API String ID: 179159573-864106941
Opcode ID: edc966f78679f2c80b6a90da374f91d2d358e76260b44eb27b7c84d8a506cb89
Instruction ID: d9aab5f11e3996da5c57b66349044b41bf7e1bd3e1c2c48d2c0c8ced17c69c6c
Opcode Fuzzy Hash: edc966f78679f2c80b6a90da374f91d2d358e76260b44eb27b7c84d8a506cb89
Instruction Fuzzy Hash: 3A515B72A08A85A9E7119FA8D4813EC77A1FB857C8F808035EB4C4BB9ADF7CD555C340

Function 00007FF8A7B1D650 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 101COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 00007FF8A7B1D6EA
free.MSVCRT ref: 00007FF8A7B1D6F3

Strings

cu->cuCtxDestroy(hwctx->cuda_ctx), xrefs: 00007FF8A7B1D68E, 00007FF8A7B1D7DF
cu->cuDevicePrimaryCtxRelease(hwctx->internal->cuda_device), xrefs: 00007FF8A7B1D721, 00007FF8A7B1D76A
Calling %s, xrefs: 00007FF8A7B1D695, 00007FF8A7B1D728
-> %s: %s, xrefs: 00007FF8A7B1D79E
%s failed, xrefs: 00007FF8A7B1D771

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: FreeLibraryfree
String ID: -> %s: %s$%s failed$Calling %s$cu->cuCtxDestroy(hwctx->cuda_ctx)$cu->cuDevicePrimaryCtxRelease(hwctx->internal->cuda_device)
API String ID: 155010425-3275200884
Opcode ID: 5bf74a7dc137a0c155993daea2b6d87e70908d77a28ad94112a4fe68d911b2e3
Instruction ID: 7c8f797ba678fb63e726f22981f19b6c186a289f57d222e6490478962c8c5649
Opcode Fuzzy Hash: 5bf74a7dc137a0c155993daea2b6d87e70908d77a28ad94112a4fe68d911b2e3
Instruction Fuzzy Hash: 51415AB6A0AA82A6EA599F21E4107BE2360FF44BC8F844432DE4E57754CF3CE556E340

Function 00007FF8BFB56770 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 90COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB58F70: av_freep.AVUTIL-58 ref: 00007FF8BFB5909C

memcpy.MSVCRT ref: 00007FF8BFB56814
av_log.AVUTIL-58 ref: 00007FF8BFB56865
abort.MSVCRT ref: 00007FF8BFB5686A
av_freep.AVUTIL-58 ref: 00007FF8BFB56885

Strings

a->planar, xrefs: 00007FF8BFB56846
src/libswresample/resample.c, xrefs: 00007FF8BFB5683F
Assertion %s failed at %s:%d, xrefs: 00007FF8BFB56856

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_freep$abortav_logmemcpy
String ID: Assertion %s failed at %s:%d$a->planar$src/libswresample/resample.c
API String ID: 932020481-1037444191
Opcode ID: 2fed7eb9d3f7d8d6d6ab3b2d75b72cd75ee98cc0c08d437b01389e601e0e5f9a
Instruction ID: 9a25b592f03a3b0d0954eaaddd7971b069af8aa54a42fb5e618c366409c241b3
Opcode Fuzzy Hash: 2fed7eb9d3f7d8d6d6ab3b2d75b72cd75ee98cc0c08d437b01389e601e0e5f9a
Instruction Fuzzy Hash: 0431E033F052829BEB25DBA998511BDB3A2FB88799F498135DF094B745DE3CE602C740

Function 00007FF8A7BA9860 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 89stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF8A7BA9878
_errno.MSVCRT ref: 00007FF8A7BA9897
rand.MSVCRT ref: 00007FF8A7BA9910
_sopen.MSVCRT ref: 00007FF8A7BA995F
_errno.MSVCRT ref: 00007FF8A7BA9970

Strings

XXXX, xrefs: 00007FF8A7BA988F
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789, xrefs: 00007FF8A7BA98FE

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno$_sopenrandstrlen
String ID: XXXX$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
API String ID: 1081397658-1416102993
Opcode ID: 7ac93ad39a8cb676dc86535b40274021b571b1fd82cfda16182900e2eb2af889
Instruction ID: 6e7193ca9c7d4b9815fabf0ddb5a1ba24a2146340f39c01702034245b5394c04
Opcode Fuzzy Hash: 7ac93ad39a8cb676dc86535b40274021b571b1fd82cfda16182900e2eb2af889
Instruction Fuzzy Hash: FD3138F2E0A5527BE661AE259D0817C1991EB857E5F498231DE0C477C1EE2DE843F710

Function 00007FF8A7B2C1D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 89stringCOMMON

Download Yara Rule

APIs

strspn.MSVCRT ref: 00007FF8A7B2C1FC
strspn.MSVCRT ref: 00007FF8A7B2C245
strchr.MSVCRT ref: 00007FF8A7B2C25D
memcpy.MSVCRT ref: 00007FF8A7B2C28C

Strings

ambisonic , xrefs: 00007FF8A7B2C1D7
, xrefs: 00007FF8A7B2C1EF, 00007FF8A7B2C23B

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strspn$memcpystrchr
String ID: $ambisonic
API String ID: 2918080867-3257024572
Opcode ID: 0f5482def2ad202852d1b32bcf54bb77238b5e8d6a621b367dc68f81b01bffa8
Instruction ID: 39dc22326d0266aab078e1927bcb7aefa493a142b4acea135c08ea02352d7227
Opcode Fuzzy Hash: 0f5482def2ad202852d1b32bcf54bb77238b5e8d6a621b367dc68f81b01bffa8
Instruction Fuzzy Hash: F731F6B3F0B642A0E720AF6699501BE2791EF497D4F888132DE1D57396DE3CE543E280

Function 00007FF8BFB868AC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF8BFB86A6B,?,?,00000000,00007FF8BFB8689C,?,?,?,?,00007FF8BFB865E5), ref: 00007FF8BFB86931
GetLastError.KERNEL32(?,?,?,00007FF8BFB86A6B,?,?,00000000,00007FF8BFB8689C,?,?,?,?,00007FF8BFB865E5), ref: 00007FF8BFB8693F
wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF8BFB86A6B,?,?,00000000,00007FF8BFB8689C,?,?,?,?,00007FF8BFB865E5), ref: 00007FF8BFB86958
LoadLibraryExW.KERNEL32(?,?,?,00007FF8BFB86A6B,?,?,00000000,00007FF8BFB8689C,?,?,?,?,00007FF8BFB865E5), ref: 00007FF8BFB8696A
FreeLibrary.KERNEL32(?,?,?,00007FF8BFB86A6B,?,?,00000000,00007FF8BFB8689C,?,?,?,?,00007FF8BFB865E5), ref: 00007FF8BFB869B0
GetProcAddress.KERNEL32(?,?,?,00007FF8BFB86A6B,?,?,00000000,00007FF8BFB8689C,?,?,?,?,00007FF8BFB865E5), ref: 00007FF8BFB869BC

Strings

api-ms-, xrefs: 00007FF8BFB86951

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
String ID: api-ms-
API String ID: 916704608-2084034818
Opcode ID: 45bb9c456b18d615664943834e4003b355ea3ec7f5874fc1f64106649d67ca5c
Instruction ID: a9f4bc84fae163994e6a63c5eb242186ebe8f882cc15f44d07dc5421ec7d0e92
Opcode Fuzzy Hash: 45bb9c456b18d615664943834e4003b355ea3ec7f5874fc1f64106649d67ca5c
Instruction Fuzzy Hash: 48319421A1A69191EE15DB8AE8005B56395FF88BE0F594539DF2D0B395DF3CE944C700

Function 00007FF8A7B10D30 Relevance: 12.2, APIs: 8, Instructions: 150COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF8A7B10E09
memcpy.MSVCRT ref: 00007FF8A7B10E31
memcpy.MSVCRT ref: 00007FF8A7B10E64
_aligned_free.MSVCRT ref: 00007FF8A7B10EFD
_aligned_free.MSVCRT ref: 00007FF8A7B10F22
_aligned_free.MSVCRT ref: 00007FF8A7B10F2B
_aligned_free.MSVCRT ref: 00007FF8A7B10F34
_aligned_free.MSVCRT ref: 00007FF8A7B10F3C

Part of subcall function 00007FF8A7B109B0: _aligned_free.MSVCRT ref: 00007FF8A7B10AA6
Part of subcall function 00007FF8A7B109B0: _aligned_free.MSVCRT ref: 00007FF8A7B10ADD
Part of subcall function 00007FF8A7B109B0: _aligned_free.MSVCRT ref: 00007FF8A7B10AFA
Part of subcall function 00007FF8A7B109B0: _aligned_free.MSVCRT ref: 00007FF8A7B10B03
Part of subcall function 00007FF8A7B109B0: _aligned_free.MSVCRT ref: 00007FF8A7B10B0C
Part of subcall function 00007FF8A7B109B0: _aligned_free.MSVCRT ref: 00007FF8A7B10B14
Part of subcall function 00007FF8A7B109B0: _aligned_free.MSVCRT ref: 00007FF8A7B10B1D
Part of subcall function 00007FF8A7B109B0: _aligned_free.MSVCRT ref: 00007FF8A7B10B27
Part of subcall function 00007FF8A7B109B0: _aligned_free.MSVCRT ref: 00007FF8A7B10B31

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free$memcpy
String ID:
API String ID: 2399556850-0
Opcode ID: 3c9d650dbb13996a3ec22da08a15398705cb45436fe499cb8ebfbe706efbcf1e
Instruction ID: 9be043e3f1f7cb87d221d5ec800cc6f79ecb9e05a27214d0b018215f868ef51e
Opcode Fuzzy Hash: 3c9d650dbb13996a3ec22da08a15398705cb45436fe499cb8ebfbe706efbcf1e
Instruction Fuzzy Hash: DC51B2B2F5B64995EA509F16E44437D67A1FB88BC4F048035EE4E07B95DF3CE842A300

Function 00007FF8BFB827CC Relevance: 12.1, APIs: 8, Instructions: 148COMMON

Download Yara Rule

APIs

abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB82886
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB828A5
__AdjustPointer.LIBCMT ref: 00007FF8BFB828E6
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB828F3
__AdjustPointer.LIBCMT ref: 00007FF8BFB8292F
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB82944
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB82989
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB82990

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort$AdjustPointer
String ID:
API String ID: 1501936508-0
Opcode ID: ad7bbbe6b4c289a22ae1e43e79ef4439cf3ee9b14764b2eff01f06dd25f3f236
Instruction ID: f46a53b4d0226a3741fda8fb53a49cfb6715db3640ba9c53e24bf2b91c2885b8
Opcode Fuzzy Hash: ad7bbbe6b4c289a22ae1e43e79ef4439cf3ee9b14764b2eff01f06dd25f3f236
Instruction Fuzzy Hash: 27515A61E0AA9381FE699BDDD9446387795AF84BD0F098439DB4D06B96DF3CE442C300

Function 00007FF8BFB825E8 Relevance: 12.1, APIs: 8, Instructions: 148COMMON

Download Yara Rule

APIs

abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB826A0
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB826BE
__AdjustPointer.LIBCMT ref: 00007FF8BFB826FF
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB8270C
__AdjustPointer.LIBCMT ref: 00007FF8BFB82748
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB8275D
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB827A2
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB827A9

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort$AdjustPointer
String ID:
API String ID: 1501936508-0
Opcode ID: d386002f74db6febb42ef9b4bac4e43e25a554ab645870d9c47f674d5a84533b
Instruction ID: e2b19baa4bc2bb157625f640f8093f8e907efe78899ab47e3eb4fd2f138cfa41
Opcode Fuzzy Hash: d386002f74db6febb42ef9b4bac4e43e25a554ab645870d9c47f674d5a84533b
Instruction Fuzzy Hash: 37517C25A0AA5282FE669F9ED5446387394AFD5FD4F098436CF4E06B96DE3CE842C300

Function 00007FF8A7BBBC90 Relevance: 12.1, APIs: 8, Instructions: 89timethreadCOMMON

Download Yara Rule

APIs

QueryPerformanceFrequency.KERNEL32 ref: 00007FF8A7BBBCBD
QueryPerformanceCounter.KERNEL32 ref: 00007FF8A7BBBCD0
GetCurrentThread.KERNEL32 ref: 00007FF8A7BBBD39
GetThreadTimes.KERNEL32 ref: 00007FF8A7BBBD5B
GetCurrentProcess.KERNEL32 ref: 00007FF8A7BBBDA8
GetProcessTimes.KERNEL32 ref: 00007FF8A7BBBDCA
_errno.MSVCRT ref: 00007FF8A7BBBDD4
GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF8A7BBBDF5

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CurrentPerformanceProcessQueryThreadTimeTimes$CounterFileFrequencySystem_errno
String ID:
API String ID: 3786581644-0
Opcode ID: d139243207ebbece3588048b73cc12c1a18ec046571d34b62e2ee2edf8e95ea4
Instruction ID: 45119db938466295a4ba4d9fe81eb1fe097ebcf872be41acc9c32bfb51db9f2c
Opcode Fuzzy Hash: d139243207ebbece3588048b73cc12c1a18ec046571d34b62e2ee2edf8e95ea4
Instruction Fuzzy Hash: 0D31C0B2B1AA4692EF548F25E41017E6365EBC0BC4B809136EB8F46B68DF3CD446DB00

Function 00007FF8A7B31C90 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 85stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7B31D24

Strings

rgb32, xrefs: 00007FF8A7B31C9A
yuv420p, xrefs: 00007FF8A7B31CE5, 00007FF8A7B31D74
rgba, xrefs: 00007FF8A7B31CD3
bgr32, xrefs: 00007FF8A7B31CC3
bgra, xrefs: 00007FF8A7B31D40
%s%s, xrefs: 00007FF8A7B31D63

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmp
String ID: %s%s$bgr32$bgra$rgb32$rgba$yuv420p
API String ID: 1004003707-3566121812
Opcode ID: 98d685d57b4154a566717737cbd7b33df6296256410a4f9ae653ec1de5376476
Instruction ID: a8f61df558d466a62604aef7a557b9e947888edc3b22379b42b0ced6e6a33d82
Opcode Fuzzy Hash: 98d685d57b4154a566717737cbd7b33df6296256410a4f9ae653ec1de5376476
Instruction Fuzzy Hash: 603171B1F0B90AB4FA509F1299112BD1359EF41BC4F481131CE0E5BAE6EE6CE587E300

Function 00007FF8A7B06810 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 226COMMON

Download Yara Rule

Strings

Assertion %s failed at %s:%d, xrefs: 00007FF8A7B06A0D
src/libavutil/avstring.c, xrefs: 00007FF8A7B069F6
tail_len <= 5, xrefs: 00007FF8A7B069FD

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: Assertion %s failed at %s:%d$src/libavutil/avstring.c$tail_len <= 5
API String ID: 0-789252298
Opcode ID: 329d394584cb3486badaf9e4265f6a7098fb55d9a784c86af4291aec6c9427e0
Instruction ID: 96e5e90d1d9f8effbf9eebc18b651d086deac21f32a127879ae842d072cd767f
Opcode Fuzzy Hash: 329d394584cb3486badaf9e4265f6a7098fb55d9a784c86af4291aec6c9427e0
Instruction Fuzzy Hash: 1F7103B3E0A64361EA665F24652477D2581EB097ECF448272EE2E16BC4ED6DA943E300

Function 00007FF8A7B1AF20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 189COMMON

Download Yara Rule

Strings

src/libavutil/hwcontext.c, xrefs: 00007FF8A7B1B115
Failed to map frame into derived frame context: %d., xrefs: 00007FF8A7B1B1DD
Assertion %s failed at %s:%d, xrefs: 00007FF8A7B1B12C
Invalid mapping found when attempting unmap., xrefs: 00007FF8A7B1B0F6
orig_dst_frames == ((void *)0) || orig_dst_frames == dst->hw_frames_ctx, xrefs: 00007FF8A7B1B11C

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: Assertion %s failed at %s:%d$Failed to map frame into derived frame context: %d.$Invalid mapping found when attempting unmap.$orig_dst_frames == ((void *)0) || orig_dst_frames == dst->hw_frames_ctx$src/libavutil/hwcontext.c
API String ID: 0-1886799933
Opcode ID: 7de98eef6f36daff8acd38367cc58669d168e51f435deb3ddf0eda039419a1c9
Instruction ID: c770f0a83caad7e9631bd6c943feda4897eeec8e613deb32bd165cb94a02b760
Opcode Fuzzy Hash: 7de98eef6f36daff8acd38367cc58669d168e51f435deb3ddf0eda039419a1c9
Instruction Fuzzy Hash: 9F718FB2B0AA46E1EA51CF16D454A7F67A0FB48BD4F458136DE1D873A0EE3CE442E740

Function 00007FF8A7B25339 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7B24F79
strcpy.MSVCRT ref: 00007FF8A7B24FC5
strlen.MSVCRT ref: 00007FF8A7B252C6

Strings

Last message repeated %d times, xrefs: 00007FF8A7B24FA2
[%s] , xrefs: 00007FF8A7B25316
%s%s%s%s, xrefs: 00007FF8A7B24F2A
?, xrefs: 00007FF8A7B250A8
fatal, xrefs: 00007FF8A7B25339

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $fatal
API String ID: 895318938-1232420508
Opcode ID: e43060acaf70824709399effa99a617178f79ba8015f1816a65e9df156666156
Instruction ID: 6c7b7f4a35241a922307dcc3937315d252b92cde1e63f7acc86b2b3b81420070
Opcode Fuzzy Hash: e43060acaf70824709399effa99a617178f79ba8015f1816a65e9df156666156
Instruction Fuzzy Hash: 68617DB1E0B68A65EB609F11A4103FE6791EF827C4FC04076DA8D17686DE2DE846E7C0

Function 00007FF8A7B25342 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7B24F79
strcpy.MSVCRT ref: 00007FF8A7B24FC5
strlen.MSVCRT ref: 00007FF8A7B252C6

Strings

verbose, xrefs: 00007FF8A7B25342
Last message repeated %d times, xrefs: 00007FF8A7B24FA2
[%s] , xrefs: 00007FF8A7B25316
%s%s%s%s, xrefs: 00007FF8A7B24F2A
?, xrefs: 00007FF8A7B250A8

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $verbose
API String ID: 895318938-125437466
Opcode ID: 111cff4ae6d6aba25a1bf3a452fafae3e172758b0fbde44d0ea9f4480844efc2
Instruction ID: b23773bf034ef4051704751216700fe2cfc9d7f82f4ccd5f9e4591db0d525533
Opcode Fuzzy Hash: 111cff4ae6d6aba25a1bf3a452fafae3e172758b0fbde44d0ea9f4480844efc2
Instruction Fuzzy Hash: 7A618FB1E0B68A65EB609F11A4103FE6791FF827C4FC04076DA8D17686DE2DE846E7C0

Function 00007FF8A7B2534B Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7B24F79
strcpy.MSVCRT ref: 00007FF8A7B24FC5
strlen.MSVCRT ref: 00007FF8A7B252C6

Strings

Last message repeated %d times, xrefs: 00007FF8A7B24FA2
[%s] , xrefs: 00007FF8A7B25316
info, xrefs: 00007FF8A7B2534B
%s%s%s%s, xrefs: 00007FF8A7B24F2A
?, xrefs: 00007FF8A7B250A8

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $info
API String ID: 895318938-3747654419
Opcode ID: 1be4c7bd4cf85f2f8b6acf3c87bb03881b465a4d7c3eb98ae2da582cd249990e
Instruction ID: be4f61799a9ad98019631edd86f7ac2c8755275f2a3f7c5846b7be557e86d43c
Opcode Fuzzy Hash: 1be4c7bd4cf85f2f8b6acf3c87bb03881b465a4d7c3eb98ae2da582cd249990e
Instruction Fuzzy Hash: B6618FB1E0B68A65EB609F11A4103FE6791FF827C4FC04076DA8D17686DE2DE846E7C0

Function 00007FF8A7B25354 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7B24F79
strcpy.MSVCRT ref: 00007FF8A7B24FC5
strlen.MSVCRT ref: 00007FF8A7B252C6

Strings

Last message repeated %d times, xrefs: 00007FF8A7B24FA2
[%s] , xrefs: 00007FF8A7B25316
%s%s%s%s, xrefs: 00007FF8A7B24F2A
warning, xrefs: 00007FF8A7B25354
?, xrefs: 00007FF8A7B250A8

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $warning
API String ID: 895318938-1705345410
Opcode ID: b34cf2a9aa40cf4703508ede8532485c6d2ea4047648aeaf1220a8223c5c525f
Instruction ID: c361a0cc3f83bb6d3a1b39e42b2bfd845cf20145d469874c2547caad01f84d9d
Opcode Fuzzy Hash: b34cf2a9aa40cf4703508ede8532485c6d2ea4047648aeaf1220a8223c5c525f
Instruction Fuzzy Hash: E36180B1E0B68665EB609F11A4103FE6791FF827C4FC04076DA8D17686DE2DE846E7C0

Function 00007FF8A7B2535D Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7B24F79
strcpy.MSVCRT ref: 00007FF8A7B24FC5
strlen.MSVCRT ref: 00007FF8A7B252C6

Strings

Last message repeated %d times, xrefs: 00007FF8A7B24FA2
[%s] , xrefs: 00007FF8A7B25316
%s%s%s%s, xrefs: 00007FF8A7B24F2A
?, xrefs: 00007FF8A7B250A8
trace, xrefs: 00007FF8A7B2535D

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $trace
API String ID: 895318938-1090435506
Opcode ID: 3a7e4ea2ce39469d736bb449845fd121ad088e9476b66ab627605bef7bb8b932
Instruction ID: 97cdcef00004f829a81f120ac907bd0b1a5afd4226b556b3b5282b807d155895
Opcode Fuzzy Hash: 3a7e4ea2ce39469d736bb449845fd121ad088e9476b66ab627605bef7bb8b932
Instruction Fuzzy Hash: 54618FB1E0B68A65EB609F11A4103FE6791FF827C4FC04076DA8D17686DE2DE846E7C0

Function 00007FF8A7B25366 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7B24F79
strcpy.MSVCRT ref: 00007FF8A7B24FC5
strlen.MSVCRT ref: 00007FF8A7B252C6

Strings

Last message repeated %d times, xrefs: 00007FF8A7B24FA2
debug, xrefs: 00007FF8A7B25366
[%s] , xrefs: 00007FF8A7B25316
%s%s%s%s, xrefs: 00007FF8A7B24F2A
?, xrefs: 00007FF8A7B250A8

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $debug
API String ID: 895318938-486550452
Opcode ID: ca6cd3af04bd65ff9df01a8aa6ed36bed15bcb452fe8f5dd11deeb11099c855e
Instruction ID: ca99c9a12b4610f1a73e1f34b6f52e5ee138b342c121f45cc28dc8e64ccf09ac
Opcode Fuzzy Hash: ca6cd3af04bd65ff9df01a8aa6ed36bed15bcb452fe8f5dd11deeb11099c855e
Instruction Fuzzy Hash: 8A618EB1E0B68A65EB609F11A4103FE6791FF827C4FC04076DA8D17686DE2DE846E7C0

Function 00007FF8A7B25327 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7B24F79
strcpy.MSVCRT ref: 00007FF8A7B24FC5
strlen.MSVCRT ref: 00007FF8A7B252C6

Strings

Last message repeated %d times, xrefs: 00007FF8A7B24FA2
panic, xrefs: 00007FF8A7B25327
[%s] , xrefs: 00007FF8A7B25316
%s%s%s%s, xrefs: 00007FF8A7B24F2A
?, xrefs: 00007FF8A7B250A8

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $panic
API String ID: 895318938-4009946497
Opcode ID: 0b1fd8db72d8f79bd2880fc2ae61cae8c81ef59cf9502c5cc70fc41dd9ef4533
Instruction ID: f34ae99f859c50aa7f8d7c652cb6438366b80656d5c7bfdcdfec43df5991218c
Opcode Fuzzy Hash: 0b1fd8db72d8f79bd2880fc2ae61cae8c81ef59cf9502c5cc70fc41dd9ef4533
Instruction Fuzzy Hash: 09618FB1E0B68A65EB609F11A4103FE6791FF827C4FC04076DA8D17686DE2DE846E7C0

Function 00007FF8A7B25330 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7B24F79
strcpy.MSVCRT ref: 00007FF8A7B24FC5
strlen.MSVCRT ref: 00007FF8A7B252C6

Strings

Last message repeated %d times, xrefs: 00007FF8A7B24FA2
[%s] , xrefs: 00007FF8A7B25316
%s%s%s%s, xrefs: 00007FF8A7B24F2A
error, xrefs: 00007FF8A7B25330
?, xrefs: 00007FF8A7B250A8

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $error
API String ID: 895318938-746115170
Opcode ID: 57478434a447384fa94a03ff1bade18b8ff03ea6d8e4a2e89f8b75d2d60d4bc3
Instruction ID: f7f211d4f83cf77fa8c2d04e05fa898eed9bc029a84d54ceeb6b661973205433
Opcode Fuzzy Hash: 57478434a447384fa94a03ff1bade18b8ff03ea6d8e4a2e89f8b75d2d60d4bc3
Instruction Fuzzy Hash: A3618FB1E0B68A65EB609F11A4103FE6791FF827C4FC04076DA8D17686DE2DE846E7C0

Function 00007FF8BFB85520 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 132COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32 ref: 00007FF8BFB855E9
_local_unwind.LIBVCRUNTIME ref: 00007FF8BFB8568C

Strings

MOC, xrefs: 00007FF8BFB85562
csm, xrefs: 00007FF8BFB85584
RCC, xrefs: 00007FF8BFB8556E
csm, xrefs: 00007FF8BFB856D0

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: FileHeader_local_unwind
String ID: MOC$RCC$csm$csm
API String ID: 2627209546-1441736206
Opcode ID: 385ada566cdd30ad99b7ac5e1d5c8025a7264eea7c22efa234297d7bd0e399d8
Instruction ID: f86054bcf62643f1762f3efe51d0fa645309f139cc8ae3aaf077c315fe105312
Opcode Fuzzy Hash: 385ada566cdd30ad99b7ac5e1d5c8025a7264eea7c22efa234297d7bd0e399d8
Instruction Fuzzy Hash: 23518B76A0964286EB609FA9D84177927A0FFC4BE4F142035EF4C4238BEE3CE841CB41

Function 00007FF8BFB5AC80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FF8BFB5AD29
av_log.AVUTIL-58 ref: 00007FF8BFB5AD9C

Strings

adding %d audio samples of silence, xrefs: 00007FF8BFB5AD8D

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_logmemset
String ID: adding %d audio samples of silence
API String ID: 1585849880-1798122562
Opcode ID: 43dec4429a85b2510075a362c729a0e6794df002455a30ccca771920209cc6fe
Instruction ID: 45c2fa4628bab721d53bb5d961792b68ed9b39815f0724f5d701f287548af3b8
Opcode Fuzzy Hash: 43dec4429a85b2510075a362c729a0e6794df002455a30ccca771920209cc6fe
Instruction Fuzzy Hash: 6A310122B0826256F755A69AA069FAAA34DFB84BC1F404037DF0CA7BC6CE3CF501C744

Function 00007FF8BFB8D740 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89COMMON

Download Yara Rule

APIs

atol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8BFB8CE14), ref: 00007FF8BFB8D803
DName::DName.LIBVCRUNTIME ref: 00007FF8BFB8D822

Strings

`template-parameter, xrefs: 00007FF8BFB8D830
void, xrefs: 00007FF8BFB8D786

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: NameName::atol
String ID: `template-parameter$void
API String ID: 2130343216-4057429177
Opcode ID: 2821a58495c29764098872c6b010649cccddcb6c42941e500fb92a9452cac6b1
Instruction ID: 2749fdc2c3cb853701163d5588712d01b2ae13ccb7c86b426d0034fbdb036696
Opcode Fuzzy Hash: 2821a58495c29764098872c6b010649cccddcb6c42941e500fb92a9452cac6b1
Instruction Fuzzy Hash: 7041F662F08B5698FB009BA9D8512AC23B1BB887C8F54513ADF0D26B6ADF78A545C350

Function 00007FF8BFB88624 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 85COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB886DB

Strings

<ellipsis>, xrefs: 00007FF8BFB88734
,..., xrefs: 00007FF8BFB886A8
,<ellipsis>, xrefs: 00007FF8BFB886B8
..., xrefs: 00007FF8BFB88724
void, xrefs: 00007FF8BFB88759

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: ,...$,<ellipsis>$...$<ellipsis>$void
API String ID: 2943138195-2211150622
Opcode ID: 16d5b7056506ac1aa3be62c87a897449e0af35361c1a5b370ad614f7e7c3f2e7
Instruction ID: 6035e0e78a3f2e3320c420f29683b94bc4825167c13c5da257612200709cf266
Opcode Fuzzy Hash: 16d5b7056506ac1aa3be62c87a897449e0af35361c1a5b370ad614f7e7c3f2e7
Instruction Fuzzy Hash: B5413772E28B4699FB118FACD8812AC37B0BB88788F548139DB4D12769DF3CE545C740

Function 00007FF8BFB8A31C Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 83COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8A40F

Strings

short , xrefs: 00007FF8BFB8A39C
long , xrefs: 00007FF8BFB8A37E
unsigned , xrefs: 00007FF8BFB8A3E3
char , xrefs: 00007FF8BFB8A3A5
int , xrefs: 00007FF8BFB8A38D

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: char $int $long $short $unsigned
API String ID: 2943138195-3894466517
Opcode ID: 1a667bf595c3f0eddcec5e75b1b20bf055c895b242c78c01af1086ecda962d52
Instruction ID: d4fc56c2c3a0982fa2afceabd73fe0a28a4f24d9716f8c2718a6473281832526
Opcode Fuzzy Hash: 1a667bf595c3f0eddcec5e75b1b20bf055c895b242c78c01af1086ecda962d52
Instruction Fuzzy Hash: EA416A32E18A56A9EB118FACD8441BC7BB5BB89784F448235CB0C16B9ADF3CE544C700

Function 00007FF8A7B0AD20 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 80stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7B0AD79

Strings

U, xrefs: 00007FF8A7B0ADC0
AMBI, xrefs: 00007FF8A7B0AD2A
R, xrefs: 00007FF8A7B0ADD4
S, xrefs: 00007FF8A7B0ADC6

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmp
String ID: AMBI$R$S$U
API String ID: 1004003707-1923686996
Opcode ID: 2c03c1ff48f72caf1a01bafe690d171ef4b5263fdc57e4468dab7bf39da5722a
Instruction ID: f37b2287efe14f1271c7cd9644e9072b3727d4eedcca98ca523da5ab14e7bd55
Opcode Fuzzy Hash: 2c03c1ff48f72caf1a01bafe690d171ef4b5263fdc57e4468dab7bf39da5722a
Instruction Fuzzy Hash: 3E21B7B7A1A54379FB218E15E8002BE2750EB457E9F888A71DF0D065D0ED7CE987E304

Function 00007FF8A7B21880 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 77COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF8A7B2191C

Strings

Assertion %s failed at %s:%d, xrefs: 00007FF8A7B21951
src/libavutil/imgutils.c, xrefs: 00007FF8A7B21936, 00007FF8A7B21966
((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth, xrefs: 00007FF8A7B21945
((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth, xrefs: 00007FF8A7B21975

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpy
String ID: ((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth$((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth$Assertion %s failed at %s:%d$src/libavutil/imgutils.c
API String ID: 3510742995-1436408019
Opcode ID: 29eedba0b8a561808ce1373c0d83b9e424659025d8d80de6197fb189af70282f
Instruction ID: 7d5d6f7c12eab11591d4b0b146c4f5373d715ef68197757ca92fbc138865e6db
Opcode Fuzzy Hash: 29eedba0b8a561808ce1373c0d83b9e424659025d8d80de6197fb189af70282f
Instruction Fuzzy Hash: 0C2128F3F0B65965FA21DF11BD001AE6256FB887D8F884132DD4C0A355EE3CE5439600

Function 00007FF8A7B2D160 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 65COMMON

Download Yara Rule

Strings

false,n,no,disable,disabled,off, xrefs: 00007FF8A7B2D326
true,y,yes,enable,enabled,on, xrefs: 00007FF8A7B2D2C8
auto, xrefs: 00007FF8A7B2D169
Unable to parse option value "%s" as boolean, xrefs: 00007FF8A7B2D3A8

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: Unable to parse option value "%s" as boolean$auto$false,n,no,disable,disabled,off$true,y,yes,enable,enabled,on
API String ID: 0-3796170252
Opcode ID: 80dcf72f5eaf96136f939c22b2c5b1b32456b8058e2967939369524f2b68426d
Instruction ID: be7e800a3b0c7ee405a343bf787a7a85329f52efd657042e9e636e97e111ce82
Opcode Fuzzy Hash: 80dcf72f5eaf96136f939c22b2c5b1b32456b8058e2967939369524f2b68426d
Instruction Fuzzy Hash: CE217FB6A0BA0665FB02AF61A4113BE5251EF857E8F914631DC1D272D1EF3CE487B344

Function 00007FF8A7B16860 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 64stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF8A7B16C25

Part of subcall function 00007FF8A7BA9860: strlen.MSVCRT ref: 00007FF8A7BA9878
Part of subcall function 00007FF8A7BA9860: _errno.MSVCRT ref: 00007FF8A7BA9897

_errno.MSVCRT ref: 00007FF8A7B16C93

Strings

ff_tempfile: Cannot open temporary file %s, xrefs: 00007FF8A7B16CA2
./%sXXXXXX, xrefs: 00007FF8A7B16C77
/tmp/%sXXXXXX, xrefs: 00007FF8A7B16C49
ff_tempfile: Cannot allocate file name, xrefs: 00007FF8A7B16CD6

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errnostrlen
String ID: ./%sXXXXXX$/tmp/%sXXXXXX$ff_tempfile: Cannot allocate file name$ff_tempfile: Cannot open temporary file %s
API String ID: 860928405-2152079688
Opcode ID: 0f688c71126fc59946a20c54ec96a80db71b419569075c9b5168e78452e7bea4
Instruction ID: 761941d522ed79a8663d71c273f91a16350f512d0d8856943592be97618d93c0
Opcode Fuzzy Hash: 0f688c71126fc59946a20c54ec96a80db71b419569075c9b5168e78452e7bea4
Instruction Fuzzy Hash: F3216DB6A0A606A1EA41EF11A4584BE2364FF88BD8F844532FF4D47791EE3CE006E740

Function 00007FF8A7B21990 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 61COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF8A7B219F9
abort.MSVCRT ref: 00007FF8A7B21A3F

Strings

Assertion %s failed at %s:%d, xrefs: 00007FF8A7B21A2F
src/libavutil/imgutils.c, xrefs: 00007FF8A7B21A14, 00007FF8A7B21A44
((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth, xrefs: 00007FF8A7B21A23
((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth, xrefs: 00007FF8A7B21A53

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortmemcpy
String ID: ((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth$((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth$Assertion %s failed at %s:%d$src/libavutil/imgutils.c
API String ID: 985927305-1436408019
Opcode ID: 57f52b22eac4459bf228b66986decd4f74425c1849e3cd511780a932ceefaf11
Instruction ID: 6e06e7cec9e7d16ca67a4b2103527b04650e5fa097ff8c5b5ac912caadf37932
Opcode Fuzzy Hash: 57f52b22eac4459bf228b66986decd4f74425c1849e3cd511780a932ceefaf11
Instruction Fuzzy Hash: 441129F2E1B96661E770DF55A9016BE2694FF493D0FC80534DE0C06B62EE3CE5029740

Function 00007FF6AB242370 Relevance: 10.6, APIs: 7, Instructions: 55COMMON

Download Yara Rule

APIs

avcodec_free_context.AVCODEC-60 ref: 00007FF6AB242388
avformat_free_context.AVFORMAT-60 ref: 00007FF6AB2423CC

Part of subcall function 00007FF6AB242030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6AB2423A2), ref: 00007FF6AB24204A
Part of subcall function 00007FF6AB242030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6AB2423A2), ref: 00007FF6AB242065
Part of subcall function 00007FF6AB242030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6AB2423A2), ref: 00007FF6AB242080
Part of subcall function 00007FF6AB242030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6AB2423A2), ref: 00007FF6AB24209B
Part of subcall function 00007FF6AB242030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6AB2423A2), ref: 00007FF6AB2420B6

av_free.AVUTIL-58 ref: 00007FF6AB2423B1
avio_context_free.AVFORMAT-60 ref: 00007FF6AB2423BD
avio_close.AVFORMAT-60 ref: 00007FF6AB2423C4
avcodec_free_context.AVCODEC-60 ref: 00007FF6AB242402
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6AB242415

Memory Dump Source

Source File: 0000000B.00000002.2238921075.00007FF6AB241000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6AB240000, based on PE: true

Associated: 0000000B.00000002.2238894813.00007FF6AB240000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238957985.00007FF6AB245000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238984071.00007FF6AB246000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2239020574.00007FF6AB249000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6ab240000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strncmp$avcodec_free_context$av_freeavformat_free_contextavio_closeavio_context_freefree
String ID:
API String ID: 1086289117-0
Opcode ID: 5750c0e3cd2fb8260dfd87b4c22098c1e8e3cbc363b4994d39577057d30215b3
Instruction ID: 0d9b906a6879f95c937a2c3b0b89afc6e3a731d74e6793d681d298f691b8bcba
Opcode Fuzzy Hash: 5750c0e3cd2fb8260dfd87b4c22098c1e8e3cbc363b4994d39577057d30215b3
Instruction Fuzzy Hash: CB215026A5665182EB10DF26E65127C77A0FB4CF88F056537DE4E87A6ECF38D4428311

Function 00007FF8A7BBA660 Relevance: 10.6, APIs: 7, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8A7BB9840: TlsGetValue.KERNEL32 ref: 00007FF8A7BB985D

longjmp.MSVCRT ref: 00007FF8A7BBA69B
TlsGetValue.KERNEL32 ref: 00007FF8A7BBA6A7
CloseHandle.KERNEL32 ref: 00007FF8A7BBA6D3
_endthreadex.MSVCRT ref: 00007FF8A7BBA6EB
CloseHandle.KERNEL32 ref: 00007FF8A7BBA6FD
TlsSetValue.KERNEL32 ref: 00007FF8A7BBA71B
CloseHandle.KERNEL32 ref: 00007FF8A7BBA72E

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CloseHandleValue$_endthreadexlongjmp
String ID:
API String ID: 3990644698-0
Opcode ID: 73060f70dbe4c489cd31e19d1776919e8e936670c78b2bffbe7749b2f46d11de
Instruction ID: 1f94bfeb0067d5d113a973984400c3f40e2c9b1c630272cbe740e5e4d0195c61
Opcode Fuzzy Hash: 73060f70dbe4c489cd31e19d1776919e8e936670c78b2bffbe7749b2f46d11de
Instruction Fuzzy Hash: 122128B5E0B682A6F7949F11D45877E76A4EF88B84F058135CF4A07790DF3CA846E700

Function 00007FF8A7B0D810 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 40COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7B0D85F

Strings

src/libavutil/crc.c, xrefs: 00007FF8A7B0D834, 00007FF8A7B0D894
av_crc_init(av_crc_table[AV_CRC_16_ANSI_LE], 1, 16, 0xA001, sizeof(av_crc_table[AV_CRC_16_ANSI_LE])) >= 0, xrefs: 00007FF8A7B0D89B
Assertion %s failed at %s:%d, xrefs: 00007FF8A7B0D84B, 00007FF8A7B0D8AB
av_crc_init(av_crc_table[AV_CRC_32_IEEE_LE], 1, 32, 0xEDB88320, sizeof(av_crc_table[AV_CRC_32_IEEE_LE])) >= 0, xrefs: 00007FF8A7B0D83B

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$av_crc_init(av_crc_table[AV_CRC_16_ANSI_LE], 1, 16, 0xA001, sizeof(av_crc_table[AV_CRC_16_ANSI_LE])) >= 0$av_crc_init(av_crc_table[AV_CRC_32_IEEE_LE], 1, 32, 0xEDB88320, sizeof(av_crc_table[AV_CRC_32_IEEE_LE])) >= 0$src/libavutil/crc.c
API String ID: 4206212132-3869419772
Opcode ID: 96f5f185df5af9d250496bea1b812434c02eec593cc3f23363683570a2ddd386
Instruction ID: a4307d0a12ede7c84bcbc29f8dfb3df8eac36cfb958976f7ff60b15eeb11f0b9
Opcode Fuzzy Hash: 96f5f185df5af9d250496bea1b812434c02eec593cc3f23363683570a2ddd386
Instruction Fuzzy Hash: 9B1152B1E0A646E1E710AF11E8052FE6B54EF88384FC04535DA4C5A6A1DE3CE107E714

Function 00007FF8A7B28E40 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 136stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF8A7B28F33

Strings

%d:%02d.%06d, xrefs: 00007FF8A7B28EE2
INT64_MAX, xrefs: 00007FF8A7B2901B
%lld:%02d:%02d.%06d, xrefs: 00007FF8A7B28FE4
%d.%06d, xrefs: 00007FF8A7B2907B
INT64_MIN, xrefs: 00007FF8A7B29056

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strlen
String ID: %d.%06d$%d:%02d.%06d$%lld:%02d:%02d.%06d$INT64_MAX$INT64_MIN
API String ID: 39653677-2240581584
Opcode ID: cf4f16006c1c0a862bb4f663b07b40e742fc65853bf7fc4d11485ba963f2ff38
Instruction ID: 40cdca495520b50ea011a6f6555bd60f0a9ecb97200ff0108e4aeff21b3fde3f
Opcode Fuzzy Hash: cf4f16006c1c0a862bb4f663b07b40e742fc65853bf7fc4d11485ba963f2ff38
Instruction Fuzzy Hash: 52417DF1B1B78915EF34DF2668052BD5682DB98BC0FC88532DE1D577D9DE3CA102A280

Function 00007FF8BFB862D0 Relevance: 9.1, APIs: 6, Instructions: 84stringCOMMON

Download Yara Rule

APIs

__unDName.LIBVCRUNTIME ref: 00007FF8BFB86326
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8BFB86369
strcpy_s.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF8BFB86393
InterlockedPushEntrySList.KERNEL32 ref: 00007FF8BFB863B0
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8BFB863BC
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8BFB863C5

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
String ID:
API String ID: 3741236498-0
Opcode ID: 6447550c70440ae48e9dc09acfbe7fa3055870e3a5d625089a78ddc05dba8847
Instruction ID: 249528ff6a78341969894b47dafc18f895e69e16cdd8170a2934eea86c48cd1c
Opcode Fuzzy Hash: 6447550c70440ae48e9dc09acfbe7fa3055870e3a5d625089a78ddc05dba8847
Instruction Fuzzy Hash: 2031C721B1975191EB11DF6EA8045696395FF89FD4F554539DF2D03391EE3DD842C300

Function 00007FF8A7B08250 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 196stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF8A7B0828B
strftime.MSVCRT ref: 00007FF8A7B0832A

Strings

[truncated strftime output], xrefs: 00007FF8A7B0840E, 00007FF8A7B08421, 00007FF8A7B084F1

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strftimestrlen
String ID: [truncated strftime output]
API String ID: 1668665056-4273287863
Opcode ID: 48fee134cde3df212bc8b5240acc974637bc91c92b5dcb55f0befaaa1fd8cc70
Instruction ID: 0cb1b1ba905479b75bbd9bad74f275fa5f710d279f7714a3deef6f41fb1f820c
Opcode Fuzzy Hash: 48fee134cde3df212bc8b5240acc974637bc91c92b5dcb55f0befaaa1fd8cc70
Instruction Fuzzy Hash: 747102B2B066515AE714DE29D88863D3391EB887D4F558235DE1A93BD0EE3CED03E300

Function 00007FF8BFB838A8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 189COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB86710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8BFB8239E), ref: 00007FF8BFB8671E

EncodePointer.KERNEL32 ref: 00007FF8BFB83918
_CallSETranslator.LIBVCRUNTIME ref: 00007FF8BFB83963
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB83B91

Strings

MOC, xrefs: 00007FF8BFB8392C
RCC, xrefs: 00007FF8BFB83934

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort$CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 2889003569-2084237596
Opcode ID: 63425386b35f735f5eb303e83bfbe55818570f32e5447e3767ff35a3eaf3afb3
Instruction ID: 63e9f83e9745564b36c61e2f7a5fdbdb6dc08a974d6ae15da47fa6655f2275af
Opcode Fuzzy Hash: 63425386b35f735f5eb303e83bfbe55818570f32e5447e3767ff35a3eaf3afb3
Instruction Fuzzy Hash: 5D916F73A087958AE750CFA9E4802AD7BA0F7847C8F14412AEF8D17756DF38D1A5C700

Function 00007FF8A7B213C0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 188COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FF8A7B215FB
_aligned_free.MSVCRT ref: 00007FF8A7B21633

Strings

Picture size %ux%u is invalid, xrefs: 00007FF8A7B21649
Formats with a palette require a minimum alignment of 4, xrefs: 00007FF8A7B21604

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_freememset
String ID: Formats with a palette require a minimum alignment of 4$Picture size %ux%u is invalid
API String ID: 4139559148-2772728507
Opcode ID: d2bce35dc7bea88bc8b002da499a7abb22af52d3ac8cced75f3b84996035a56c
Instruction ID: 09e9fbfc9c7dd164d1bdf95a9cd5626d7266ed24a40f567786a42ca0999ca063
Opcode Fuzzy Hash: d2bce35dc7bea88bc8b002da499a7abb22af52d3ac8cced75f3b84996035a56c
Instruction Fuzzy Hash: 246137B2B0B68656EB048F15D81477E6692FF85BD4F848231EE4D877E9DE3CE4029780

Function 00007FF8A7B41850 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 172COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7B41AF8

Part of subcall function 00007FF8A7BBAF60: CreateEventA.KERNEL32 ref: 00007FF8A7BBAFE2
Part of subcall function 00007FF8A7BBAF60: Sleep.KERNEL32 ref: 00007FF8A7BBAFF7

Strings

nb_threads >= 0, xrefs: 00007FF8A7B41AD4
src/libavutil/slicethread.c, xrefs: 00007FF8A7B41ACD
j, xrefs: 00007FF8A7B41AEB
Assertion %s failed at %s:%d, xrefs: 00007FF8A7B41AE4

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CreateEventSleepabort
String ID: Assertion %s failed at %s:%d$j$nb_threads >= 0$src/libavutil/slicethread.c
API String ID: 723382662-4085466978
Opcode ID: 0dd97ee1e1389a45ab9eeccc6ffecfb3266947cce79cf5f2d17546453878bf81
Instruction ID: 209ec89000311ea3fc0628d17598c8b9646559f0cf5d2d8fdaacd3e74b6c369c
Opcode Fuzzy Hash: 0dd97ee1e1389a45ab9eeccc6ffecfb3266947cce79cf5f2d17546453878bf81
Instruction Fuzzy Hash: BD717CB2A0A786A6E724AF12E5403AE73A2FB847C4F448131DF8D47795DF3CE412A741

Function 00007FF8BFB8BB70 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8BC50

Part of subcall function 00007FF8BFB88C24: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8913D
Part of subcall function 00007FF8BFB88C24: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB89175

Strings

std::nullptr_t, xrefs: 00007FF8BFB8BDF1
volatile , xrefs: 00007FF8BFB8BBD3, 00007FF8BFB8BD21
volatile, xrefs: 00007FF8BFB8BBE2, 00007FF8BFB8BD30
std::nullptr_t , xrefs: 00007FF8BFB8BDC5

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
API String ID: 2943138195-757766384
Opcode ID: 8ec89114dc1e92fb087ff84a90b975bd849231731579a14e6ae3ff20f009c8f1
Instruction ID: cfd1ac9df379a15da2fe8860f10ebb50dc7aaee042009b7310938672b75bc096
Opcode Fuzzy Hash: 8ec89114dc1e92fb087ff84a90b975bd849231731579a14e6ae3ff20f009c8f1
Instruction Fuzzy Hash: 6F716872A08A4694EB148FACD9411BC67A5BB857C4F44C539DB4E07BAADF3CE650C700

Function 00007FF8BFB63660 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166COMMON

Download Yara Rule

APIs

av_get_packed_sample_fmt.AVUTIL-58 ref: 00007FF8BFB63693
av_get_packed_sample_fmt.AVUTIL-58 ref: 00007FF8BFB6369E
av_get_bytes_per_sample.AVUTIL-58 ref: 00007FF8BFB6386F
av_log.AVUTIL-58 ref: 00007FF8BFB638CE

Strings

Requested noise shaping dither not available at this sampling rate, using triangular hp dither, xrefs: 00007FF8BFB638BF

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_get_packed_sample_fmt$av_get_bytes_per_sampleav_log
String ID: Requested noise shaping dither not available at this sampling rate, using triangular hp dither
API String ID: 3201340904-3665241142
Opcode ID: 3aabd3796ad4e8e3c28a21a01194fa0efc64d4ec367513780e46d480d1dae623
Instruction ID: f68d18d4486c553c6b5f79ba28ab711b040937992fa552a0d29443b33e99b788
Opcode Fuzzy Hash: 3aabd3796ad4e8e3c28a21a01194fa0efc64d4ec367513780e46d480d1dae623
Instruction Fuzzy Hash: 89612533E18A8659E752CB7C89417B9F395BF597C4F088332DB0E66390EF6DA4A5C600

Function 00007FF8BFB83690 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB86710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8BFB8239E), ref: 00007FF8BFB8671E

EncodePointer.KERNEL32 ref: 00007FF8BFB836DC
_CallSETranslator.LIBVCRUNTIME ref: 00007FF8BFB8372B
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB8389F

Strings

MOC, xrefs: 00007FF8BFB836F0
RCC, xrefs: 00007FF8BFB836F9

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort$CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 2889003569-2084237596
Opcode ID: bda6881e4fb6ddd96fb50e60b72b5d1eaa618bcc944dda4a5bc0b193bb5b3b27
Instruction ID: 2acbb592e27071bed484ddf7126a03528cd763ea83e5ac7af000430b36879a92
Opcode Fuzzy Hash: bda6881e4fb6ddd96fb50e60b72b5d1eaa618bcc944dda4a5bc0b193bb5b3b27
Instruction Fuzzy Hash: 2D613777A08A858AE724CFA9D4807AD77A0FB84BC8F184125EF4D13B5ADF38E465C700

Function 00007FF8BFB63000 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 123COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF8BFB630A0
_errno.MSVCRT ref: 00007FF8BFB630F0

Strings

exp, xrefs: 00007FF8BFB630C6, 00007FF8BFB6310B, 00007FF8BFB63145

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: exp
API String ID: 2918714741-113136155
Opcode ID: e892162a4feb91c5f06d0adc05f7b2a5d8b4b961a27d821f26560dc97cede207
Instruction ID: 6daacfd21e1c04d6320fff3906ecd900d432ae7e1316f0ea02a4b46d2eab533d
Opcode Fuzzy Hash: e892162a4feb91c5f06d0adc05f7b2a5d8b4b961a27d821f26560dc97cede207
Instruction Fuzzy Hash: 8851FC53D0CA85A2E7025F78D81227BB320FF95384F54D325EB8D31696FF1DE5949A40

Function 00007FF8A7BAD620 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 123COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF8A7BAD6C0
_errno.MSVCRT ref: 00007FF8A7BAD710

Strings

exp, xrefs: 00007FF8A7BAD6E6, 00007FF8A7BAD72B, 00007FF8A7BAD765

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: exp
API String ID: 2918714741-113136155
Opcode ID: e90ec1942e2a92b2f1d0ed0121cc3710e2463ace097223b5873384d11cd1195e
Instruction ID: edf39ac248ad08fbbe68144bdfe8125605e33d7438843e98108c741819bd690a
Opcode Fuzzy Hash: e90ec1942e2a92b2f1d0ed0121cc3710e2463ace097223b5873384d11cd1195e
Instruction Fuzzy Hash: F651EBA2D0DA8592E7026F34E81127F6320FFD6384F50D335EA8D3455AFF1DA9969A40

Function 00007FF8A7B09750 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

src/libavutil/buffer.c, xrefs: 00007FF8A7B098C9
Assertion %s failed at %s:%d, xrefs: 00007FF8A7B098E6
pool->alloc || pool->alloc2, xrefs: 00007FF8A7B098D0

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: Assertion %s failed at %s:%d$pool->alloc || pool->alloc2$src/libavutil/buffer.c
API String ID: 0-4265094632
Opcode ID: d76ba869af0c935bc261349364afef7ac018e203dbb1c970f62eb4bb728a1136
Instruction ID: d66d4131b73a1d88c6622bc11f1ca53b092f99bdf6ba7e29a4576d9109192994
Opcode Fuzzy Hash: d76ba869af0c935bc261349364afef7ac018e203dbb1c970f62eb4bb728a1136
Instruction Fuzzy Hash: 1C5148B2606B4595EB559F11E84876E33A8FB88BC8F554135DE8D17390DF3CE846D380

Function 00007FF8A7B26510 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 119COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7B266C3

Strings

duration >= 0, xrefs: 00007FF8A7B266D7
in_ts != ((int64_t)0x8000000000000000ULL), xrefs: 00007FF8A7B266A7
src/libavutil/mathematics.c, xrefs: 00007FF8A7B26698, 00007FF8A7B266C8
Assertion %s failed at %s:%d, xrefs: 00007FF8A7B266B3

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$duration >= 0$in_ts != ((int64_t)0x8000000000000000ULL)$src/libavutil/mathematics.c
API String ID: 4206212132-3367517387
Opcode ID: 513caed045a4db0526df902e940f6b02687e0721ee3627fbbd4727eb2fb21fc4
Instruction ID: f78ac9a2fd924cdcd8af8a32ce0a766e68998dc7f905e7fef04c601f68c95855
Opcode Fuzzy Hash: 513caed045a4db0526df902e940f6b02687e0721ee3627fbbd4727eb2fb21fc4
Instruction Fuzzy Hash: 3E4126B270BB8590EB20CF41B8406AEA764FB98BC4F844036EE8D47B95DE7CE042D740

Function 00007FF8A7B461E0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 85COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7B462C2

Strings

dual_stride <= basis, xrefs: 00007FF8A7B46321
src/libavutil/tx.c, xrefs: 00007FF8A7B46297, 00007FF8A7B46312
!dual_stride || !(dual_stride & (dual_stride - 1)), xrefs: 00007FF8A7B462A6
Assertion %s failed at %s:%d, xrefs: 00007FF8A7B462B2

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: !dual_stride || !(dual_stride & (dual_stride - 1))$Assertion %s failed at %s:%d$dual_stride <= basis$src/libavutil/tx.c
API String ID: 4206212132-1907613106
Opcode ID: b2d68d41104b27e6dcc2f546f5ee05c62e4ee261660e14a4176fa03e21371bc5
Instruction ID: bc02076d696c34dfb9a43f4c90c05c18fd450e051bbb441a3752d35532ff4c15
Opcode Fuzzy Hash: b2d68d41104b27e6dcc2f546f5ee05c62e4ee261660e14a4176fa03e21371bc5
Instruction Fuzzy Hash: EF31C7B2A0E685A6E334DF14A4407AE76A0FB483D8F544139EE8D43B95DF3CD446DB01

Function 00007FF8BFB5AEC0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 67COMMON

Download Yara Rule

APIs

av_log.AVUTIL-58 ref: 00007FF8BFB5AF42
abort.MSVCRT ref: 00007FF8BFB5AF47

Strings

Assertion %s failed at %s:%d, xrefs: 00007FF8BFB5AF33
src/libswresample/swresample.c, xrefs: 00007FF8BFB5AF1C
s->out_sample_rate == s->in_sample_rate, xrefs: 00007FF8BFB5AF23

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortav_log
String ID: Assertion %s failed at %s:%d$s->out_sample_rate == s->in_sample_rate$src/libswresample/swresample.c
API String ID: 208496458-2566888546
Opcode ID: 6f075df65b6eed603a674aefd9f5f2e9a38cef1fcc3b0318237051135531fcf6
Instruction ID: 32398e982eb3367660bff6d0912aebd9e7f87653bbd6ca865867f671309bd87e
Opcode Fuzzy Hash: 6f075df65b6eed603a674aefd9f5f2e9a38cef1fcc3b0318237051135531fcf6
Instruction Fuzzy Hash: B4218161E0974289EB258BADD460779B7A4EF84788F584236EB0D967E4DF3CF542CA00

Function 00007FF8A7B2E750 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7B2E792

Strings

none, xrefs: 00007FF8A7B2E755
ntsc, xrefs: 00007FF8A7B2E76B

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmp
String ID: none$ntsc
API String ID: 1004003707-2486863473
Opcode ID: 6b738e6fadc790c156b69ca33ae2bb0c185686464ba8ef256ca71794a6c641fc
Instruction ID: 91d6d007922878295c93add143ff945e78914bb7524d3dd97524cb7bd29ebee8
Opcode Fuzzy Hash: 6b738e6fadc790c156b69ca33ae2bb0c185686464ba8ef256ca71794a6c641fc
Instruction Fuzzy Hash: 6611D6F2F0B15165E7219F27E8446BE6794EB447D8F884531EE4C4B3A5DE2CE442E380

Function 00007FF8A7BB9780 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF8A7BB97D6
_ultoa.MSVCRT ref: 00007FF8A7BB97E9
OutputDebugStringA.KERNEL32 ref: 00007FF8A7BB982D
abort.MSVCRT ref: 00007FF8A7BB9833

Strings

Error cleaning up spin_keys for thread , xrefs: 00007FF8A7BB97BE

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CurrentDebugOutputStringThread_ultoaabort
String ID: Error cleaning up spin_keys for thread
API String ID: 4191895893-2906507043
Opcode ID: 81378f2af0811eeb7f04898ebd31de8b15f56f487cc7d9f9e4b7e3e7059bb688
Instruction ID: 4739b64bc98418201ccfaf6072e86ab71a40faac3251f961b62ba4cbcd9be174
Opcode Fuzzy Hash: 81378f2af0811eeb7f04898ebd31de8b15f56f487cc7d9f9e4b7e3e7059bb688
Instruction Fuzzy Hash: BF11BEF2B0A642A9FB608B24A81837D1691EB863E5F944731DF5D467D4DE2CE886D301

Function 00007FF8BFBA2780 Relevance: 7.7, APIs: 5, Instructions: 200synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF8BFBA2829

Memory Dump Source

Source File: 0000000B.00000002.2248249108.00007FF8BFBA1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2248160576.00007FF8BFBA0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2248326454.00007FF8BFBA8000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2248408100.00007FF8BFBAC000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: ObjectSingleWait
String ID:
API String ID: 24740636-0
Opcode ID: 128c7c0c7c4041ad80a73ece8c7e6e0e6db133071bd0854d49eb70ad7e1cdf79
Instruction ID: daeef98b1e4a0dea13996cca45b89344141df54beb5133216d947f545b4ab9b9
Opcode Fuzzy Hash: 128c7c0c7c4041ad80a73ece8c7e6e0e6db133071bd0854d49eb70ad7e1cdf79
Instruction Fuzzy Hash: 93914232A08A8786EB728BADD40037A73A0FF957E4F555231DB5D86AD5EF3CE8418740

Function 00007FF8A7BB78B0 Relevance: 7.7, APIs: 5, Instructions: 180synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF8A7BB7957

Part of subcall function 00007FF8A7BB8840: WaitForMultipleObjects.KERNEL32 ref: 00007FF8A7BB88B4

ResetEvent.KERNEL32 ref: 00007FF8A7BB7917
WaitForSingleObject.KERNEL32 ref: 00007FF8A7BB7998

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Wait$ObjectSingle$EventMultipleObjectsReset
String ID:
API String ID: 654736092-0
Opcode ID: 34fbc9e2f4b500ec35d71564d19f70a292e06c702ea4cefd25497b8e02179aaa
Instruction ID: b07719f1553bda1f068e2c30331fd54a56388891ee2b367a3f45029f2e521d1a
Opcode Fuzzy Hash: 34fbc9e2f4b500ec35d71564d19f70a292e06c702ea4cefd25497b8e02179aaa
Instruction Fuzzy Hash: C65116B1E0A503B1FAB19A76984537F0291FFD07D8F581532DF8E926D1ED2CE983A201

Function 00007FF8A7BB8970 Relevance: 7.6, APIs: 5, Instructions: 102threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF8A7BB89B0

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CurrentThread
String ID:
API String ID: 2882836952-0
Opcode ID: 64ab8e10bfe97489d8a8b5c547ce0e4a8904eff289fa1a41a4582324bccb7b1a
Instruction ID: 30d190240dce486820dc1f06f3470e6c5cced1b338d054ba047b0531ab9ff798
Opcode Fuzzy Hash: 64ab8e10bfe97489d8a8b5c547ce0e4a8904eff289fa1a41a4582324bccb7b1a
Instruction Fuzzy Hash: 8F31D473B0A21296FB568F25994876E2294EF803E0F455535DF4D86680EE3CEC82E381

Function 00007FF8BFB89FA4 Relevance: 7.6, APIs: 5, Instructions: 94COMMON

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 00007FF8BFB8A01D
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8A03F
DName::DName.LIBVCRUNTIME ref: 00007FF8BFB8A052
DName::DName.LIBVCRUNTIME ref: 00007FF8BFB8A089
DName::DName.LIBVCRUNTIME ref: 00007FF8BFB8A094

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: NameName::$Name::operator+
String ID:
API String ID: 826178784-0
Opcode ID: 7682a6ebcb32bf14f43659220100a1b4a5a4a6e3db385e7ce84af32120df353b
Instruction ID: 6eeeef95698b76e79f9e3e1f8c2b1d531238d4ed4f12a5ed150b659d478995c4
Opcode Fuzzy Hash: 7682a6ebcb32bf14f43659220100a1b4a5a4a6e3db385e7ce84af32120df353b
Instruction Fuzzy Hash: A341CE32B08B56A4EB10CBA8D8811BC77B8BB95BC4B548136EB4D53796DF3CE855C300

Function 00007FF8A7B2A167 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 72stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7B299A4

Strings

false, xrefs: 00007FF8A7B2A180
true, xrefs: 00007FF8A7B2A179
%-15s , xrefs: 00007FF8A7B299B0
auto, xrefs: 00007FF8A7B2A16A

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmp
String ID: %-15s $auto$false$true
API String ID: 1004003707-1025821387
Opcode ID: fb3527bd10113371e98a9a1ec61775ec9984070070ae132d8b4dc0cee117fe9d
Instruction ID: 95d2f5c974fa00c6deaded3623ceeab92297906c9c96a5818a68e5d19ed30239
Opcode Fuzzy Hash: fb3527bd10113371e98a9a1ec61775ec9984070070ae132d8b4dc0cee117fe9d
Instruction Fuzzy Hash: 183156B1A0B642AAEB61CF11A2013FE2364EF447D1F941032DA8D57A96DF3CF452E780

Function 00007FF8BFB639E6 Relevance: 7.6, APIs: 5, Instructions: 57COMMON

Download Yara Rule

APIs

av_channel_layout_subset.AVUTIL-58 ref: 00007FF8BFB63A11
av_channel_layout_subset.AVUTIL-58 ref: 00007FF8BFB63A2C
av_channel_layout_subset.AVUTIL-58 ref: 00007FF8BFB63A47
av_channel_layout_subset.AVUTIL-58 ref: 00007FF8BFB63A62
av_channel_layout_subset.AVUTIL-58 ref: 00007FF8BFB63A81

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_channel_layout_subset
String ID:
API String ID: 2965862492-0
Opcode ID: ffdd762dd7e7d539b56224ab97a8e7a7bb2a5354903c6b430eecf0b001850afc
Instruction ID: 0fc35d34a2f8b9f48963bf41a44535d5327b8b2e9fb9a6270dcf069bb7a782aa
Opcode Fuzzy Hash: ffdd762dd7e7d539b56224ab97a8e7a7bb2a5354903c6b430eecf0b001850afc
Instruction Fuzzy Hash: 7F115806F5B302A0FE595AA8844A37DB3D26F847C0F5CA438CB0F0A7C5EE2EE914C650

Function 00007FF8A7BB7400 Relevance: 7.6, APIs: 5, Instructions: 57COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF8A7BB7418
ReleaseSemaphore.KERNEL32 ref: 00007FF8A7BB7446
LeaveCriticalSection.KERNEL32 ref: 00007FF8A7BB7453
LeaveCriticalSection.KERNEL32 ref: 00007FF8A7BB7473
LeaveCriticalSection.KERNEL32 ref: 00007FF8A7BB7498

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CriticalSection$Leave$EnterReleaseSemaphore
String ID:
API String ID: 2813224205-0
Opcode ID: f1a7a2740e80d1d3259fae1787131c9bb634157a3b26bf56fc66d50a79331669
Instruction ID: 4798bb82619190855251f6c124a67dd6f8dc9d10a687f1a1bb4a4c24b6df7bd3
Opcode Fuzzy Hash: f1a7a2740e80d1d3259fae1787131c9bb634157a3b26bf56fc66d50a79331669
Instruction Fuzzy Hash: D501F573F0621A52EB458F27BC852699280FF997E6FC49636CE1E42B54DD3C98C39300

Function 00007FF8BFBA5BA0 Relevance: 7.5, APIs: 5, Instructions: 31COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FF8BFBA5BAC
OpenProcess.KERNEL32 ref: 00007FF8BFBA5BC0
GetLastError.KERNEL32 ref: 00007FF8BFBA5BCB
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFBA5BE1
CloseHandle.KERNEL32 ref: 00007FF8BFBA5BF7

Memory Dump Source

Source File: 0000000B.00000002.2248249108.00007FF8BFBA1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2248160576.00007FF8BFBA0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2248326454.00007FF8BFBA8000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2248408100.00007FF8BFBAC000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Process$CloseCurrentErrorHandleLastOpen_errno
String ID:
API String ID: 202612177-0
Opcode ID: 59d5a97e427603bb888d026b8b2610f650cbaf0f5f7bb9ca25a91e49a38cba3c
Instruction ID: bfc40cacb0e7fc4d1df833ae8ef0ff06eeae33e000e00eff2a1c73e454a41cd7
Opcode Fuzzy Hash: 59d5a97e427603bb888d026b8b2610f650cbaf0f5f7bb9ca25a91e49a38cba3c
Instruction Fuzzy Hash: FBF01264F0560747FB295BE998943352391AF48792F845438CB2E86BD0DE6CEDE98710

Function 00007FF8A7B14910 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 306stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF8A7B1494B
_aligned_free.MSVCRT ref: 00007FF8A7B14E0E

Strings

Invalid chars '%s' at the end of expression '%s', xrefs: 00007FF8A7B14A7D
d, xrefs: 00007FF8A7B149CB

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_freestrlen
String ID: Invalid chars '%s' at the end of expression '%s'$d
API String ID: 1887580107-3215087449
Opcode ID: 5a1976bc1fae1619cc5837e51ad9f9ceb58bf78b7d192d9c0debe48df1a25819
Instruction ID: daf89c410589500e9d1ef905154b0594adca1c63a3d6f292cc038cd60a160013
Opcode Fuzzy Hash: 5a1976bc1fae1619cc5837e51ad9f9ceb58bf78b7d192d9c0debe48df1a25819
Instruction Fuzzy Hash: 13E139B661AA4691DA10EF1AE4906AE6770FFC5BC0F500032EB8E47BB6DF39D442D740

Function 00007FF8BFB53C60 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 204COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8BFB53EFB

Strings

src/libswresample/audioconvert.c, xrefs: 00007FF8BFB53ED0
Assertion %s failed at %s:%d, xrefs: 00007FF8BFB53EE7
ctx->channels == out->ch_count, xrefs: 00007FF8BFB53ED7

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$ctx->channels == out->ch_count$src/libswresample/audioconvert.c
API String ID: 4206212132-1145592257
Opcode ID: 866e3859ebfbb8229919b961fbf36017d54387b83d359a5ec9b00af1929c4d7d
Instruction ID: fbeae8640aec95ce604382149e00a276e9fb86dc1260319f59b7ed5ced6edcbc
Opcode Fuzzy Hash: 866e3859ebfbb8229919b961fbf36017d54387b83d359a5ec9b00af1929c4d7d
Instruction Fuzzy Hash: F661E273B1825686EA64CA8AD464B7973A6FF58BC4F498135CF0D07B90EE3CF4518700

Function 00007FF8BFB5AFA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 193COMMON

Download Yara Rule

Strings

compensating audio timestamp drift:%f compensation:%d in:%d, xrefs: 00007FF8BFB5B181
Failed to compensate for timestamp delta of %f, xrefs: 00007FF8BFB5B250

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: Failed to compensate for timestamp delta of %f$compensating audio timestamp drift:%f compensation:%d in:%d
API String ID: 0-3137371971
Opcode ID: 9453577323ccaac385d38161161e3fdd902f05c07b8afe89a999298048375f23
Instruction ID: 7d518fcee4d4e356ebf2a54387758688e1dcb75ea60347aa2558be36df8dac44
Opcode Fuzzy Hash: 9453577323ccaac385d38161161e3fdd902f05c07b8afe89a999298048375f23
Instruction Fuzzy Hash: F1713922E1979A81EA528F7A5411379A364AF99FC8F0DC332DF0D67394EF3CB5818210

Function 00007FF8BFB84044 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 163COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB86710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8BFB8239E), ref: 00007FF8BFB8671E

abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB841C3

Strings

csm, xrefs: 00007FF8BFB84093
, xrefs: 00007FF8BFB84114
csm, xrefs: 00007FF8BFB841FD

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: $csm$csm
API String ID: 4206212132-1512788406
Opcode ID: a1e41bd14f4dc8a012b9b6851bae8dba3a2639313cd67671a1d4b299b7556132
Instruction ID: faade396d2b35e33dd69e20979e8f05f9c4a2f9f4108ca993e3d704a9d3d2502
Opcode Fuzzy Hash: a1e41bd14f4dc8a012b9b6851bae8dba3a2639313cd67671a1d4b299b7556132
Instruction Fuzzy Hash: 1B719D32A08691C6DB689FA994507B97BA1FB95BC8F148136DF8C07A8ACB3CD491C741

Function 00007FF8BFB83E1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB86710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8BFB8239E), ref: 00007FF8BFB8671E

abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB83F13
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF8BFB83F23

Strings

csm, xrefs: 00007FF8BFB83E66
csm, xrefs: 00007FF8BFB83F75

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Frameabort$EmptyHandler3::StateUnwind
String ID: csm$csm
API String ID: 4108983575-3733052814
Opcode ID: 723d316c6bb1492db26d318ced58129fbbb71e04f86aecbd325fb3d3c805e488
Instruction ID: 026dec830c188771ae41d1273138dbca89e8d0415f1fd6593ccf698e119f80a3
Opcode Fuzzy Hash: 723d316c6bb1492db26d318ced58129fbbb71e04f86aecbd325fb3d3c805e488
Instruction Fuzzy Hash: 25516C33908682C6EB748F9AA44426977A0FB94BD5F184136DB9D47BD6CF3CE461C740

Function 00007FF8A7B415C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 122COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7B41747

Strings

src/libavutil/slicethread.c, xrefs: 00007FF8A7B4171C
nb_jobs > 0, xrefs: 00007FF8A7B41723
Assertion %s failed at %s:%d, xrefs: 00007FF8A7B41733

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$nb_jobs > 0$src/libavutil/slicethread.c
API String ID: 4206212132-1031856425
Opcode ID: 6ee0518d565bae88eeec7544e1c0ff8f03f36ef7bb88ca07a7aea4a2878acd5c
Instruction ID: 95fd24701b5e6b0c07271e4ae49f5443f81519ab9121efd8c815390135ffa583
Opcode Fuzzy Hash: 6ee0518d565bae88eeec7544e1c0ff8f03f36ef7bb88ca07a7aea4a2878acd5c
Instruction Fuzzy Hash: 3C41BFB6B46606A6EB25CF1AE80066EB7A1FB84BD8F588135CE4D43664DF38E443D740

Function 00007FF8A7B05FB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF8A7B05FC9
strspn.MSVCRT ref: 00007FF8A7B06030
strspn.MSVCRT ref: 00007FF8A7B060B6

Strings

, xrefs: 00007FF8A7B05FEA, 00007FF8A7B060A3

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strspn$strlen
String ID:
API String ID: 697951671-596783616
Opcode ID: c2f3e75c8f79a9c271b989593eea45416c26161b9ab45691b9c7843e23effee5
Instruction ID: 5fb0d37d019442e5c2a09c0c29a6592f6aae2f48d6a597f559e9396146ea26eb
Opcode Fuzzy Hash: c2f3e75c8f79a9c271b989593eea45416c26161b9ab45691b9c7843e23effee5
Instruction Fuzzy Hash: 5D31C4B1A4F29260EE564F125A6027D5AA2FF05BCCF488471DE5D6B386EE2DF443E300

Function 00007FF8A7B28990 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 94stringCOMMON

Download Yara Rule

APIs

strtol.MSVCRT ref: 00007FF8A7B28A4A

Strings

none, xrefs: 00007FF8A7B289B2
Unable to parse option value "%s" as %s, xrefs: 00007FF8A7B28A79
Value %d for parameter '%s' out of %s format range [%d - %d], xrefs: 00007FF8A7B28ADA

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strtol
String ID: Unable to parse option value "%s" as %s$Value %d for parameter '%s' out of %s format range [%d - %d]$none
API String ID: 76114499-2908652078
Opcode ID: 3dc9da589c42dd02856a593b1258d03a0b292f87372d4db75a7a8f83acead3ae
Instruction ID: 845f6b252d1880663a6ff3b7c43106aea19a47fc08e6c0032eacfac602809987
Opcode Fuzzy Hash: 3dc9da589c42dd02856a593b1258d03a0b292f87372d4db75a7a8f83acead3ae
Instruction Fuzzy Hash: B9312AB2B0FA8665E7A1CF25680067E7252EB867E4F908331ED5D536D4DF3CE4829780

Function 00007FF8BFB8A714 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 00007FF8BFB8A778

Strings

%lf, xrefs: 00007FF8BFB8A7BE

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: NameName::
String ID: %lf
API String ID: 1333004437-2891890143
Opcode ID: f37b8968dc856f8c22d72c120ca4476383f363961e161f929d9d255907aecf6d
Instruction ID: d2aa59a95ba348ae2eb96ea084b58970d97aa0de1da66ed5d38dfff3fa423e91
Opcode Fuzzy Hash: f37b8968dc856f8c22d72c120ca4476383f363961e161f929d9d255907aecf6d
Instruction Fuzzy Hash: 2131A43690CA8595EB20CFA8E85127AB765FBC9BC4F448235EB9E47646DF3CE501C740

Function 00007FF6AB242990 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

avformat_new_stream.AVFORMAT-60(?,?,?,00007FF6AB2412F1), ref: 00007FF6AB2429AD
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,00007FF6AB2412F1), ref: 00007FF6AB2429C0
fprintf.MSPDB140-MSVCRT ref: 00007FF6AB2429D3

Part of subcall function 00007FF6AB242320: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,00007FF6AB2429D8,?,?,?,00007FF6AB2412F1), ref: 00007FF6AB242357

Strings

Couldn't create stream for encoder '%s', xrefs: 00007FF6AB2429C9

Memory Dump Source

Source File: 0000000B.00000002.2238921075.00007FF6AB241000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6AB240000, based on PE: true

Associated: 0000000B.00000002.2238894813.00007FF6AB240000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238957985.00007FF6AB245000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2238984071.00007FF6AB246000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2239020574.00007FF6AB249000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6ab240000_obs-ffmpeg-mux.jbxd

Similarity

API ID: __acrt_iob_func__stdio_common_vfprintfavformat_new_streamfprintf
String ID: Couldn't create stream for encoder '%s'
API String ID: 306180413-3485626053
Opcode ID: 97d36ac62344db8522675eb32487dc47749b1acbad2880230df25e82e6eb689d
Instruction ID: 600d4e4d2e185d851915b2dc76e31de1e559762656229824b75c8cdb578414f7
Opcode Fuzzy Hash: 97d36ac62344db8522675eb32487dc47749b1acbad2880230df25e82e6eb689d
Instruction Fuzzy Hash: 29F01D36A1AB8181EA44CB17F551069B7A0FB8CBD0B489036EE5D47B6DDF3CD551CB00

Function 00007FF8A7B1D880 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strtol.MSVCRT ref: 00007FF8A7B1D8AF

Strings

Using CUDA primary device context, xrefs: 00007FF8A7B1D8E0
primary_ctx, xrefs: 00007FF8A7B1D889
Disabling use of CUDA primary device context, xrefs: 00007FF8A7B1D8B8

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strtol
String ID: Disabling use of CUDA primary device context$Using CUDA primary device context$primary_ctx
API String ID: 76114499-1919470267
Opcode ID: 3c091e27e2dbc98c8e65e12db3f15324b02cb9e40d48561a3b36329f0690444e
Instruction ID: 336e339dfadf82212a384031a16144921f2d82e3ce6bedf8a63e238f25e4e91e
Opcode Fuzzy Hash: 3c091e27e2dbc98c8e65e12db3f15324b02cb9e40d48561a3b36329f0690444e
Instruction Fuzzy Hash: A4F0B4F2F0B20260FA14AF66A4156BD2200EF8A7D1FC09871DD0D8A7E1DD2CA443E300

Function 00007FF8BFB82400 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB86710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8BFB8239E), ref: 00007FF8BFB8671E

terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB8243E

Strings

MOC, xrefs: 00007FF8BFB82418
csm, xrefs: 00007FF8BFB82420
RCC, xrefs: 00007FF8BFB82410

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortterminate
String ID: MOC$RCC$csm
API String ID: 661698970-2671469338
Opcode ID: b838753ef247b2fc749e3877e0128dea9035de62b0ba29f15289213c97603889
Instruction ID: a0774adaa420c87953666972b9ea45e83bc8bcc30b06e39ebe77d05732468535
Opcode Fuzzy Hash: b838753ef247b2fc749e3877e0128dea9035de62b0ba29f15289213c97603889
Instruction Fuzzy Hash: BBF0FF3A91864685EB505FA9E2810693765FBC8B84F099476DB5807653CF3CD890C651

Function 00007FF8A7B09960 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 27COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7B099A4

Strings

src/libavutil/buffer.c, xrefs: 00007FF8A7B09979
Assertion %s failed at %s:%d, xrefs: 00007FF8A7B09990
buf, xrefs: 00007FF8A7B09980

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$buf$src/libavutil/buffer.c
API String ID: 4206212132-2693306993
Opcode ID: 6a1729c8ae82779914f64dfb9c10cf82327e2bfa5a8fbcb130779104fee64848
Instruction ID: a92a1373516e6bbce06f6f4a6f50f714c4215da4f4406ac5e6578ec92090aa3e
Opcode Fuzzy Hash: 6a1729c8ae82779914f64dfb9c10cf82327e2bfa5a8fbcb130779104fee64848
Instruction Fuzzy Hash: 23E06DB1A0AA0AA1EE14EF65E4010AD27A0EF887C8FD48537DA4C033B0DF3CE102D704

Function 00007FF8BFB8E9E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22COMMON

Download Yara Rule

APIs

__C_specific_handler.LIBVCRUNTIME ref: 00007FF8BFB8E9F0

Part of subcall function 00007FF8BFB8EC30: _IsNonwritableInCurrentImage.LIBCMT ref: 00007FF8BFB8ECF0
Part of subcall function 00007FF8BFB8EC30: RtlUnwindEx.KERNEL32(?,?,?,?,?,?,?,00007FF8BFB8E9F5), ref: 00007FF8BFB8ED3F

Part of subcall function 00007FF8BFB86710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8BFB8239E), ref: 00007FF8BFB8671E

terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB8EA1A

Strings

csm, xrefs: 00007FF8BFB8E9FB
f, xrefs: 00007FF8BFB8E9F5

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: C_specific_handlerCurrentImageNonwritableUnwindabortterminate
String ID: csm$f
API String ID: 2451123448-629598281
Opcode ID: c9fb23446a5b638453e0304dd207887769bfaeb8010eb75ee95ffcfd07f137de
Instruction ID: ffdc250335e1efb96b3420e1bb4df510b76b3db3ecb31a25136871b0e8f01f6d
Opcode Fuzzy Hash: c9fb23446a5b638453e0304dd207887769bfaeb8010eb75ee95ffcfd07f137de
Instruction Fuzzy Hash: 28E06D36D1828281EB206BE9B18113D27A5BF95BD4F148039DB4807687CE3CE8A0C641

Function 00007FF8A7B27500 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 14COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7B2752F

Strings

Assertion %s failed at %s:%d, xrefs: 00007FF8A7B27516
val || !min_size, xrefs: 00007FF8A7B2750F
src/libavutil/mem.c, xrefs: 00007FF8A7B27504

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$src/libavutil/mem.c$val || !min_size
API String ID: 4206212132-3343232236
Opcode ID: 9f2d832eee8a386a6791954090d46eb0d2479cb7aefd3148675639f8814a35ca
Instruction ID: e67a5fd80861583c81382fe881eb19f93231bcee1e6c400907f76e3b54990ef4
Opcode Fuzzy Hash: 9f2d832eee8a386a6791954090d46eb0d2479cb7aefd3148675639f8814a35ca
Instruction Fuzzy Hash: F7E08CB190BB42A1E710EF50A8002FD3760FF88384F904236D54E57A62DF3CA107D624

Function 00007FF8A7B155A0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 12COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7B155CF

Strings

src/libavutil/fifo.c, xrefs: 00007FF8A7B155A4
cur_size >= size, xrefs: 00007FF8A7B155AF
Assertion %s failed at %s:%d, xrefs: 00007FF8A7B155B6

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$cur_size >= size$src/libavutil/fifo.c
API String ID: 4206212132-2007657860
Opcode ID: 88a5e5efd281f7ab3c7b4b2a72e72c85cd5da5ff7f8b021ecd333fd393f9dcb8
Instruction ID: 4d94737915bda9d15dedb17a63f3caea28a04e47e9549bce5e6a8452984f2e63
Opcode Fuzzy Hash: 88a5e5efd281f7ab3c7b4b2a72e72c85cd5da5ff7f8b021ecd333fd393f9dcb8
Instruction Fuzzy Hash: 77D012B2A0A946E4E314EF51A8112FD37A1FF4C384F808976D64D42261CF3CD116D704

Function 00007FF8BFB89CC0 Relevance: 6.2, APIs: 4, Instructions: 193COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB8C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C459
Part of subcall function 00007FF8BFB8C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C492
Part of subcall function 00007FF8BFB8C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C7BB

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB89E19
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB89E78
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB89EAA
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB89EBA

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID:
API String ID: 2943138195-0
Opcode ID: f50f9f5b0f4c072e52125a456639a7d4e2bd829a5a5137cb56b4f6bb80237050
Instruction ID: 0f940d71045aad1eb60dda49bd35a46817eb2b419a99c94bcdf52cedb3b94dd1
Opcode Fuzzy Hash: f50f9f5b0f4c072e52125a456639a7d4e2bd829a5a5137cb56b4f6bb80237050
Instruction Fuzzy Hash: 73915E62E0875699FB118BE8D8413BC3BB1BB94B88F548039DF4E5769ADF7CA845C340

Function 00007FF8BFB8A44C Relevance: 6.1, APIs: 4, Instructions: 134COMMON

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 00007FF8BFB8A4F1
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8A501
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8A51E
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8A553

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+$NameName::
String ID:
API String ID: 168861036-0
Opcode ID: fdc850366a52cc8509fdc883a27d076c67a20e363f2b2ed3a2a440fa302089d7
Instruction ID: bc6dc597271701b998f807160e2c15e3beb9fd51ba989bd6daae0876db1a0b44
Opcode Fuzzy Hash: fdc850366a52cc8509fdc883a27d076c67a20e363f2b2ed3a2a440fa302089d7
Instruction Fuzzy Hash: 48517972E18A56A8E710CFA8E8413BC77A5BB85B88F548135DB0E1779ADF3DE481C340

Function 00007FF8BFBA3BE0 Relevance: 6.1, APIs: 4, Instructions: 126synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF8BFBA3C3E
ResetEvent.KERNEL32 ref: 00007FF8BFBA3C8E
WaitForSingleObject.KERNEL32 ref: 00007FF8BFBA3D0F

Memory Dump Source

Source File: 0000000B.00000002.2248249108.00007FF8BFBA1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2248160576.00007FF8BFBA0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2248326454.00007FF8BFBA8000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2248408100.00007FF8BFBAC000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: ObjectSingleWait$EventReset
String ID:
API String ID: 466820088-0
Opcode ID: 23d1a419ce0311e38330c9e7fff77312c1ba9e2a20c5924deb88d3609af00be2
Instruction ID: 42864604935c4123fecfc7ea0ce021d9d9ac74849b2da8ac78a119f5f2f991ad
Opcode Fuzzy Hash: 23d1a419ce0311e38330c9e7fff77312c1ba9e2a20c5924deb88d3609af00be2
Instruction Fuzzy Hash: FE416D33B08682C2EB55DF69E4402AE73A1EB84BC4F484035EB9D47A99EF3DD955CB40

Function 00007FF8BFB51010 Relevance: 6.1, APIs: 4, Instructions: 124sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32 ref: 00007FF8BFB5105D
_amsg_exit.MSVCRT ref: 00007FF8BFB51086

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Sleep_amsg_exit
String ID:
API String ID: 1015461914-0
Opcode ID: b553eb0038be5d07e6e415a4f5416fb2498995f0916b4543aad5407793640784
Instruction ID: 2320c2dd9df4a83468906a467fc3053bfd429c3e31bdbaa98591c38f243dd764
Opcode Fuzzy Hash: b553eb0038be5d07e6e415a4f5416fb2498995f0916b4543aad5407793640784
Instruction Fuzzy Hash: B0416932F0968295FA528B9EE97127963A5EF887D4F884032DF0C47394DE3CF8819341

Function 00007FF8A7B01010 Relevance: 6.1, APIs: 4, Instructions: 124sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32 ref: 00007FF8A7B0105D
_amsg_exit.MSVCRT ref: 00007FF8A7B01086

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Sleep_amsg_exit
String ID:
API String ID: 1015461914-0
Opcode ID: 3224bf86eb5cef696b33d2aba6a83138660028b8981cd15249a10f7ce29e597b
Instruction ID: de2760dc9e9def9a72ea62c3fe7619af42520ba6af66d61b54312775848019c1
Opcode Fuzzy Hash: 3224bf86eb5cef696b33d2aba6a83138660028b8981cd15249a10f7ce29e597b
Instruction Fuzzy Hash: AC415FB2E0B54AA5F75A9F16E85027D22A5EF887D4F544032DE4C573A5EE7CE883A300

Function 00007FF8A7B066B0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF8A7B066D8
strchr.MSVCRT ref: 00007FF8A7B0670F
strlen.MSVCRT ref: 00007FF8A7B067FB

Strings

ALL, xrefs: 00007FF8A7B066F8

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strlen$strchr
String ID: ALL
API String ID: 3013107155-2914988887
Opcode ID: fcefe4586e90ed2a4975fb323870bf9105dc7dc9ba43fdb0f7cef785815bcb23
Instruction ID: a1eea540a2e54c3806c23cd5952569029c05fff1e6839977f99d96cea425612f
Opcode Fuzzy Hash: fcefe4586e90ed2a4975fb323870bf9105dc7dc9ba43fdb0f7cef785815bcb23
Instruction Fuzzy Hash: 3A3109B7B0B16660FF66CD316A38B7D09A29F457C8F584870CE1967A85DE6C9C87A300

Function 00007FF8BFBA1CF0 Relevance: 6.1, APIs: 4, Instructions: 102threadCOMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8BFBA1D5C
_beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFBA1DDB
ResumeThread.KERNEL32 ref: 00007FF8BFBA1E0A

Part of subcall function 00007FF8BFBA56D0: CloseHandle.KERNEL32 ref: 00007FF8BFBA5775
Part of subcall function 00007FF8BFBA56D0: CloseHandle.KERNEL32 ref: 00007FF8BFBA5785

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8BFBA1E42

Memory Dump Source

Source File: 0000000B.00000002.2248249108.00007FF8BFBA1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2248160576.00007FF8BFBA0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2248326454.00007FF8BFBA8000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2248408100.00007FF8BFBAC000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CloseHandle$ResumeThread_beginthreadexfreemalloc
String ID:
API String ID: 1141387253-0
Opcode ID: 66f779a04675420d10c3e0e1a40261c3780ffcd5451449fc6e1faf9f36e06287
Instruction ID: adb5b4b273f7d4821030ea0aadc3fb8010b88b015c409e41575a7ee180dfe3de
Opcode Fuzzy Hash: 66f779a04675420d10c3e0e1a40261c3780ffcd5451449fc6e1faf9f36e06287
Instruction Fuzzy Hash: E441E232A08B8586E7A18F59E4006AAB3A0FF98BD4F549130EF8D03B54EF3CD951CB40

Function 00007FF8BFBA1AE0 Relevance: 6.1, APIs: 4, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2248249108.00007FF8BFBA1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2248160576.00007FF8BFBA0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2248326454.00007FF8BFBA8000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2248408100.00007FF8BFBAC000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5ed3023e85355d8c7d662a5ea9ebd51d1dc57e461f8a813a7e81e918f6af5b3
Instruction ID: c5bf6fddf33dbb7d7064e7e14b991c7c636a037742b4ff62255f36f921a75317
Opcode Fuzzy Hash: a5ed3023e85355d8c7d662a5ea9ebd51d1dc57e461f8a813a7e81e918f6af5b3
Instruction Fuzzy Hash: 10416B76A08B0686EB51DF99A84013973A5FF88BD0B989435CF4D437A4EF3CE856CB00

Function 00007FF8BFBA1790 Relevance: 6.1, APIs: 4, Instructions: 96threadsynchronizationinjectionCOMMON

Download Yara Rule

APIs

SuspendThread.KERNEL32 ref: 00007FF8BFBA1845
WaitForSingleObject.KERNEL32 ref: 00007FF8BFBA1850
ResumeThread.KERNEL32 ref: 00007FF8BFBA188E

Memory Dump Source

Source File: 0000000B.00000002.2248249108.00007FF8BFBA1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2248160576.00007FF8BFBA0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2248326454.00007FF8BFBA8000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2248408100.00007FF8BFBAC000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Thread$ObjectResumeSingleSuspendWait
String ID:
API String ID: 879609812-0
Opcode ID: e0952a9e7b9d2dd58eff9cf88d52fd7236f715f562f819b9b31cf785f32f6f21
Instruction ID: 207e47eccf29379d47344cedd6975a44dd94930060bf8835a640f5d4e3620f72
Opcode Fuzzy Hash: e0952a9e7b9d2dd58eff9cf88d52fd7236f715f562f819b9b31cf785f32f6f21
Instruction Fuzzy Hash: 43418032A0858582FB618F69E0413BD73A1FF94B98F549131DB4D47699DF3CE989CB40

Function 00007FF8A7BB6900 Relevance: 6.1, APIs: 4, Instructions: 92COMMON

Download Yara Rule

APIs

IsDBCSLeadByteEx.KERNEL32 ref: 00007FF8A7BB695A
MultiByteToWideChar.KERNEL32 ref: 00007FF8A7BB699A

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Byte$CharLeadMultiWide
String ID:
API String ID: 2561704868-0
Opcode ID: 1a996603528365f6f637cd234a293156ba757802906f7287cb03bbb997d6b298
Instruction ID: baaed6a3e46f808aedf031f23695d0dffd110e551c92779546c2911c19b124f6
Opcode Fuzzy Hash: 1a996603528365f6f637cd234a293156ba757802906f7287cb03bbb997d6b298
Instruction Fuzzy Hash: 3731BFB2A0D28186E7609F24B42036D7690FBC87C8F548231DFD887BC8DE3DD9829B00

Function 00007FF8BFB8C87C Relevance: 6.1, APIs: 4, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB8C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C459
Part of subcall function 00007FF8BFB8C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C492
Part of subcall function 00007FF8BFB8C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C7BB

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C8F7
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C906
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C982
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C991

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID:
API String ID: 2943138195-0
Opcode ID: 010c9cc7b649f2daabbc83b7255f351f4a32df461fe661a6f710ba75eaae01a6
Instruction ID: d06f21f864826966cc72f150ea8c4e5e341a0fac5771a52dd55e028f12252c3f
Opcode Fuzzy Hash: 010c9cc7b649f2daabbc83b7255f351f4a32df461fe661a6f710ba75eaae01a6
Instruction Fuzzy Hash: 184128B2A08B9589FB02CFA8D8813AC77B0FB94B88F548029DB4D5779ADF7C9541C710

Function 00007FF8A7BBBF60 Relevance: 6.1, APIs: 4, Instructions: 84timeCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF8A7BBBF93
GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF8A7BBBFF9
_errno.MSVCRT ref: 00007FF8A7BBC056
_errno.MSVCRT ref: 00007FF8A7BBC083

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Time$FileSystem_errno
String ID:
API String ID: 3586254970-0
Opcode ID: 49a1365162b2beb6e2a3ccfb8f5b0d34ed3bda1431d8c2c1350c42e5770df44f
Instruction ID: adc7816d75fcb351c5ef4354a61a561e71c3a0a0ebb542207ad66519e4efa032
Opcode Fuzzy Hash: 49a1365162b2beb6e2a3ccfb8f5b0d34ed3bda1431d8c2c1350c42e5770df44f
Instruction Fuzzy Hash: C631C5B3B0A64A97EE548F35EA4017D6291DBD4BD4F5C8231DE1D477E4EE3CE842A200

Function 00007FF8A7B281C0 Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FF8A7B2822F
_aligned_malloc.MSVCRT ref: 00007FF8A7B28249
memset.MSVCRT ref: 00007FF8A7B2825C

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free_aligned_mallocmemset
String ID:
API String ID: 881591362-0
Opcode ID: cb9fa4dfdc566d95d76ac6a2519e6b12bbd1fac9c9e4a918d491552342bc60f3
Instruction ID: d6819c6df7b59a85c0fb8ee133c3f31eed4e1dc12cdf40efb54ef5cc560b0111
Opcode Fuzzy Hash: cb9fa4dfdc566d95d76ac6a2519e6b12bbd1fac9c9e4a918d491552342bc60f3
Instruction Fuzzy Hash: E521ACB2B0BB4596FB515F55FA0036C63D1EB58BD0F888130CE1D13794EE7C68829300

Function 00007FF8A7BBB1F0 Relevance: 6.1, APIs: 4, Instructions: 69synchronizationCOMMON

Download Yara Rule

APIs

GetHandleInformation.KERNEL32 ref: 00007FF8A7BBB221

Part of subcall function 00007FF8A7BB9840: TlsGetValue.KERNEL32 ref: 00007FF8A7BB985D

WaitForSingleObject.KERNEL32 ref: 00007FF8A7BBB27E
CloseHandle.KERNEL32(?,?,?,-00000028,?,00007FF8A7B417F6), ref: 00007FF8A7BBB290
CloseHandle.KERNEL32(?,?,?,-00000028,?,00007FF8A7B417F6), ref: 00007FF8A7BBB29C

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Handle$Close$InformationObjectSingleValueWait
String ID:
API String ID: 3336430066-0
Opcode ID: 549c524895db14aa5244f77738d71316e65da89358fac4c80a16bd5f07bf5018
Instruction ID: 2946da823696b1f840e37dbe42b8e6b7640475332531c917e553710e2ae8d63b
Opcode Fuzzy Hash: 549c524895db14aa5244f77738d71316e65da89358fac4c80a16bd5f07bf5018
Instruction Fuzzy Hash: 342139B2B0B682A4FA519F61D8497BF6694EF847E0F480231DF2D463D0DE2CE846E344

Function 00007FF8A7B32150 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 69stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF8A7B32184

Part of subcall function 00007FF8A7B05DA0: strlen.MSVCRT ref: 00007FF8A7B05DF3

strlen.MSVCRT ref: 00007FF8A7B321AC
strcmp.MSVCRT ref: 00007FF8A7B321FC

Part of subcall function 00007FF8A7B066B0: strlen.MSVCRT ref: 00007FF8A7B066D8
Part of subcall function 00007FF8A7B066B0: strchr.MSVCRT ref: 00007FF8A7B0670F

Strings

yuv420p, xrefs: 00007FF8A7B321DA

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strlen$strchrstrcmp
String ID: yuv420p
API String ID: 3490844034-503634524
Opcode ID: 633ea0c1e1550fd14e7121fbcdf51e94ec169c277e73b1c36fc1efad037321a4
Instruction ID: 342de25c698751a49bc1a0cfa15202dd6e603d99a4dc0810bafa43d3e8fefd28
Opcode Fuzzy Hash: 633ea0c1e1550fd14e7121fbcdf51e94ec169c277e73b1c36fc1efad037321a4
Instruction Fuzzy Hash: 4321A1F1E0E68260FF659E21AC11ABD5690EF45BC4F444232CE2D06AD1DE5CE5C7E305

Function 00007FF8A7B105F0 Relevance: 6.1, APIs: 4, Instructions: 57COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FF8A7B10678
_aligned_free.MSVCRT ref: 00007FF8A7B10682
_aligned_free.MSVCRT ref: 00007FF8A7B1068C
_aligned_free.MSVCRT ref: 00007FF8A7B10697

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free
String ID:
API String ID: 2229574080-0
Opcode ID: d8a117b9735c8cceecb487bba0c084549c0ddfc89fe5e4f491a561c101f37a0f
Instruction ID: 62c3650a418900e33f629d27de635ec5d584b022a165d2d7ee93383bd018b814
Opcode Fuzzy Hash: d8a117b9735c8cceecb487bba0c084549c0ddfc89fe5e4f491a561c101f37a0f
Instruction Fuzzy Hash: F611E7B2B0770212EA55BF09544DA6E129AEF887D0F800639DF0D47392DE389C42D3C8

Function 00007FF8BFBA58A0 Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8BFBA58C5

Part of subcall function 00007FF8BFBA3E30: TlsSetValue.KERNEL32 ref: 00007FF8BFBA3F19

_endthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFBA5929
_endthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFBA594E

Memory Dump Source

Source File: 0000000B.00000002.2248249108.00007FF8BFBA1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2248160576.00007FF8BFBA0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2248326454.00007FF8BFBA8000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2248408100.00007FF8BFBAC000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _endthreadex$Valuefree
String ID:
API String ID: 1763976194-0
Opcode ID: ad5126445cb35a49f1ec9a11fd8a50259baa29f677a2b30741e53d48839e9ca9
Instruction ID: 47fe2fb70e0e800a139bacb710e58f88cb4ca6981b3823c4b7be705bb9268eb6
Opcode Fuzzy Hash: ad5126445cb35a49f1ec9a11fd8a50259baa29f677a2b30741e53d48839e9ca9
Instruction Fuzzy Hash: F8214F32704B0182DB109F6DE89016D7360FB88BA4B241235DF6E477A5DF3DD999C700

Function 00007FF8BFBA5CF0 Relevance: 6.1, APIs: 4, Instructions: 52sleepCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,00007FF8BFBA1BA8,?,?,?,?,?,00000002,00000000,00007FF8BFBA4983), ref: 00007FF8BFBA5D3C

Part of subcall function 00007FF8BFBA2F10: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,00000018,00007FF8BFBA25B8), ref: 00007FF8BFBA2FFF

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF8BFBA1BA8,?,?,?,?,?,00000002,00000000,00007FF8BFBA4983), ref: 00007FF8BFBA5D54
Sleep.KERNEL32(?,?,?,00007FF8BFBA1BA8,?,?,?,?,?,00000002,00000000,00007FF8BFBA4983), ref: 00007FF8BFBA5D92
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8BFBA1BA8,?,?,?,?,?,00000002,00000000,00007FF8BFBA4983), ref: 00007FF8BFBA5DA9

Memory Dump Source

Source File: 0000000B.00000002.2248249108.00007FF8BFBA1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2248160576.00007FF8BFBA0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2248326454.00007FF8BFBA8000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2248408100.00007FF8BFBAC000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CloseEventHandleSleep_errnofree
String ID:
API String ID: 1909294951-0
Opcode ID: fb46983425866d5872816068a530570fbf95f67e655fb18db1a897369a563da2
Instruction ID: d21a5c8f228c48364a8c8cd8348019edf7b7281a8ac5ca6738877d04efaca657
Opcode Fuzzy Hash: fb46983425866d5872816068a530570fbf95f67e655fb18db1a897369a563da2
Instruction Fuzzy Hash: B3115C31A08A4382EA249FA9E454A7E73A0EF44790F545431DBAE46EE1DF3CE945CB00

Function 00007FF8BFB84710 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB86710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8BFB8239E), ref: 00007FF8BFB8671E

_CreateFrameInfo.LIBVCRUNTIME ref: 00007FF8BFB847E6
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB84844

Strings

csm, xrefs: 00007FF8BFB848EA

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort$CreateFrameInfo
String ID: csm
API String ID: 2697087660-1018135373
Opcode ID: f6943bea1c78c8542bb5a279c29cdd6a6ec40214996e776607272464948ef889
Instruction ID: 7bc1cc7452f4d0ac5b83cb7f27a53b20af2dd90039f4fd886a53c17caf4633ad
Opcode Fuzzy Hash: f6943bea1c78c8542bb5a279c29cdd6a6ec40214996e776607272464948ef889
Instruction Fuzzy Hash: 83514A36A1978186E620AF69E44026E77A5FBC9BD0F140539EF8D07B56CF3CE461CB40

Function 00007FF8BFB89BAC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB89CAA

Strings

void , xrefs: 00007FF8BFB89C34
void, xrefs: 00007FF8BFB89C0C

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: void$void
API String ID: 2943138195-3746155364
Opcode ID: ff67bb32e799e4a453516f5f2b265aba841f0c9d9f12838b8a28f15594d75a10
Instruction ID: b0e7cd1ab735b557ffa57511cdee4b5ddc9ad0fff4eb27122e2218c427f3eeb7
Opcode Fuzzy Hash: ff67bb32e799e4a453516f5f2b265aba841f0c9d9f12838b8a28f15594d75a10
Instruction Fuzzy Hash: 38310862E18B5998FB11DBA8D8410FC37B4BB88788F44413AEF4E62B5ADF389144C750

Function 00007FF8BFB62EC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF8BFB62F3C

Strings

cos, xrefs: 00007FF8BFB62F4A, 00007FF8BFB62F9C

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: cos
API String ID: 2918714741-2662988677
Opcode ID: 3dedc7b003d8cb5d8982c9379cb08930f2b1518781c78ce34f340fed2c860ab8
Instruction ID: 7e227b67f3c167654f82b1fef40e5344e609ae8ff1b8edc2889cbfd83c9fd78a
Opcode Fuzzy Hash: 3dedc7b003d8cb5d8982c9379cb08930f2b1518781c78ce34f340fed2c860ab8
Instruction Fuzzy Hash: FC21F522D0DA8652FB025F78A44117BB321FFD5344F189235FB8D1569ADF6DE0D08604

Function 00007FF8A7BAD8E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF8A7BAD960
_errno.MSVCRT ref: 00007FF8A7BAD9C0

Strings

log, xrefs: 00007FF8A7BAD97C, 00007FF8A7BAD9DC

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: log
API String ID: 2918714741-2403297477
Opcode ID: fa12abfb3e14b30e677fb45da5cfe9a9bbeb6b1c1569a3c707cd0e3862981db9
Instruction ID: 0cd7905c696c5900a4c95f5b50c7e9ab060de3c9ddd00bc00c834fea55d6dc62
Opcode Fuzzy Hash: fa12abfb3e14b30e677fb45da5cfe9a9bbeb6b1c1569a3c707cd0e3862981db9
Instruction Fuzzy Hash: B32108B2D1EA4692E702AF34A85027F6725FFD5384F509335EA8D05599DF2DE4829600

Function 00007FF8A7BAD4E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF8A7BAD55C

Strings

cos, xrefs: 00007FF8A7BAD56A, 00007FF8A7BAD5BC

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: cos
API String ID: 2918714741-2662988677
Opcode ID: 903857df638d29162f1127ec14efd8d82056fcd9a594b0710213474096d9e04a
Instruction ID: ef18f279eb37377a5fce83c71efcbbae8c85a6311cfc15e65d946cc024aea1b9
Opcode Fuzzy Hash: 903857df638d29162f1127ec14efd8d82056fcd9a594b0710213474096d9e04a
Instruction Fuzzy Hash: 172137B2D1EB8582FB029F38A80027F6361EFD1348F149335FA8915699EF2DE4D29700

Function 00007FF8A7BAE120 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF8A7BAE19C

Strings

sin, xrefs: 00007FF8A7BAE1AA, 00007FF8A7BAE1FC

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: sin
API String ID: 2918714741-3083047850
Opcode ID: 1712686245d460706722795bac48a202a04de283def8482a719af71ef36c7ef1
Instruction ID: 5069f632859309e71e4e948b3b4dddb6c88cff01c045123f30a4d24dab79f7fd
Opcode Fuzzy Hash: 1712686245d460706722795bac48a202a04de283def8482a719af71ef36c7ef1
Instruction Fuzzy Hash: 8E2104B2D0EB8692EB025F34A85127F6720EFD1348F149335FA891569ADF2DE5D29700

Function 00007FF8A7B0FFF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59stringCOMMON

Download Yara Rule

APIs

strftime.MSVCRT ref: 00007FF8A7B10061

Strings

.%06dZ, xrefs: 00007FF8A7B10092
%Y-%m-%dT%H:%M:%S, xrefs: 00007FF8A7B10057

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strftime
String ID: %Y-%m-%dT%H:%M:%S$.%06dZ
API String ID: 1100141660-930656424
Opcode ID: 6197a247b2b8d8ceb3bdce396f44f74d54b797a4093b4ad4865344da7c3ecd53
Instruction ID: 20c801adf6aad1e8086cf47746614a61d4efd1f11a5d85556e96f88a136d175a
Opcode Fuzzy Hash: 6197a247b2b8d8ceb3bdce396f44f74d54b797a4093b4ad4865344da7c3ecd53
Instruction Fuzzy Hash: 1F1148A270AA4224EA108F137C009EB5610EB49BF4F885332EE7D5B7C5EE3CE043A300

Function 00007FF8BFB8604F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB863F0: RtlPcToFileHeader.KERNEL32 ref: 00007FF8BFB86434
Part of subcall function 00007FF8BFB863F0: RaiseException.KERNEL32 ref: 00007FF8BFB8647A

RtlPcToFileHeader.KERNEL32 ref: 00007FF8BFB860BF

Strings

Access violation - no RTTI data!, xrefs: 00007FF8BFB8604F
Bad dynamic_cast!, xrefs: 00007FF8BFB86072

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: FileHeader$ExceptionRaise
String ID: Access violation - no RTTI data!$Bad dynamic_cast!
API String ID: 3685223789-3176238549
Opcode ID: d06b4d24d7aa4607bffac334420f89fbd77c373aef9fdd9199db5b082a62258c
Instruction ID: 29dc32ae02688151da9f3e6a561be090f9ab8d7562356f82436813cc840d8be2
Opcode Fuzzy Hash: d06b4d24d7aa4607bffac334420f89fbd77c373aef9fdd9199db5b082a62258c
Instruction Fuzzy Hash: 73017161A29A4691EF409B9CE8915786361FFD07D4F40A431E74E076A7EF6CD905C700

Function 00007FF8BFB63940 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

av_channel_layout_describe.AVUTIL-58 ref: 00007FF8BFB63999
av_log.AVUTIL-58 ref: 00007FF8BFB639B0

Strings

Treating %s as mono, xrefs: 00007FF8BFB639A9

Memory Dump Source

Source File: 0000000B.00000002.2247462174.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2247439309.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247561095.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247643449.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247697260.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247757824.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2247781410.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_channel_layout_describeav_log
String ID: Treating %s as mono
API String ID: 2946648090-2429896034
Opcode ID: 25249c404e77cebffcfa5134640f119eef46f531f346a7abaed1bc42c180491e
Instruction ID: 0301a9c1b45cf4b6ca23f2d46893d14ceee507ddc4e2c5b2ef116dfc78e0445b
Opcode Fuzzy Hash: 25249c404e77cebffcfa5134640f119eef46f531f346a7abaed1bc42c180491e
Instruction Fuzzy Hash: 3101F46270864560FB51C646F80876BB244B7467C8F848031DE888B381DE3ED08EC700

Function 00007FF8BFB863F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32 ref: 00007FF8BFB86434
RaiseException.KERNEL32 ref: 00007FF8BFB8647A

Strings

csm, xrefs: 00007FF8BFB86467

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 04e89f2c23f7d49b97199698fdfbf86ccf7878464e1c577e170b006b6ea557c8
Instruction ID: 9607bbd2befaff7524da891084c84affe2e732df437acba98c10ac629ad90ad7
Opcode Fuzzy Hash: 04e89f2c23f7d49b97199698fdfbf86ccf7878464e1c577e170b006b6ea557c8
Instruction Fuzzy Hash: AC111F32618B8182EB518F59F44026977A5FB88BD4F588235DF8D07759DF3DD951C700

Function 00007FF8A7B27870 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

_aligned_malloc.MSVCRT ref: 00007FF8A7B27898

Strings

Microsoft Primitive Provider, xrefs: 00007FF8A7B27872

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_malloc
String ID: Microsoft Primitive Provider
API String ID: 175129771-4132848957
Opcode ID: 61d24a781ba67f0d1d7f4682cf0f95fd41d5d8f035c987dadc3b785e5cf7c726
Instruction ID: 22ee7808024b760d0d2e305a989bc88accaad04fdc46cdad8d3ad10ae817eaf5
Opcode Fuzzy Hash: 61d24a781ba67f0d1d7f4682cf0f95fd41d5d8f035c987dadc3b785e5cf7c726
Instruction Fuzzy Hash: A8F090E1F0B11621FE949A832805AA842819F48BD4D885935DF1C5B785EC3CA883A388

Function 00007FF8A7B0DDB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7B0DEE3

Strings

src/libavutil/crc.c, xrefs: 00007FF8A7B0DEB8
Assertion %s failed at %s:%d, xrefs: 00007FF8A7B0DECF

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$src/libavutil/crc.c
API String ID: 4206212132-3600904276
Opcode ID: bba2b5a7149953d7c06390e03a8456bfcd7d5d25b4af83ad1be5f4adfa0ba47c
Instruction ID: 3b422547cdb42f7e600b50eb80b89967322344657bf4aacf9f202be7531c56b9
Opcode Fuzzy Hash: bba2b5a7149953d7c06390e03a8456bfcd7d5d25b4af83ad1be5f4adfa0ba47c
Instruction Fuzzy Hash: DFE065F190B646F1EB149F51E4552FE3765EF4C384F808936D74C46361DE3CE2069604

Function 00007FF8A7BB7F10 Relevance: 5.1, APIs: 4, Instructions: 84COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF8A7BB7F57
LeaveCriticalSection.KERNEL32 ref: 00007FF8A7BB7F81

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: dbaf99fa4423a1f3adf368dfeb11cd1e5322a0253855be351de1d8e7fc337a2b
Instruction ID: 59a7ebea5c0826d3ea54ffba2a12c7f43133375eda7ae1e9f1b291739cdbdbc5
Opcode Fuzzy Hash: dbaf99fa4423a1f3adf368dfeb11cd1e5322a0253855be351de1d8e7fc337a2b
Instruction Fuzzy Hash: 053162B2A056429AE794CF31D45076E7390FB84BECF588232DE294A788DF3CE846D754

Function 00007FF8A7BB7DD0 Relevance: 5.1, APIs: 4, Instructions: 81COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF8A7BB7E17
LeaveCriticalSection.KERNEL32 ref: 00007FF8A7BB7E3E

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 3daa023327df31125aad0ab46ab992fec0b38e9f634fe2131313756e927dbfc2
Instruction ID: 60a54d96f7b87f543ec0e3676b37bc50d3f8ed25d4c2f840dec49bdbe01b5b98
Opcode Fuzzy Hash: 3daa023327df31125aad0ab46ab992fec0b38e9f634fe2131313756e927dbfc2
Instruction Fuzzy Hash: A13175B3A092029ADB55CF35D40026D33A5FF84B98F588636DE2D4A788DF3CE846D750

Function 00007FF8BFB8672C Relevance: 5.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF8BFB865B9,?,?,?,?,00007FF8BFB8FB22,?,?,?,?,?), ref: 00007FF8BFB8674B
SetLastError.KERNEL32(?,?,?,00007FF8BFB865B9,?,?,?,?,00007FF8BFB8FB22,?,?,?,?,?), ref: 00007FF8BFB867D4

Memory Dump Source

Source File: 0000000B.00000002.2247922927.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2247845364.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2247975653.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248049488.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2248133369.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: c7aaac8a80d8b30c274ca3e3b7c59e83a4e0092024cc1b5b0b7c72c8c7be0031
Instruction ID: cdae89b67f277437b1621790ef23fdbcaa88c32460ce514c05cfa10dd52901b7
Opcode Fuzzy Hash: c7aaac8a80d8b30c274ca3e3b7c59e83a4e0092024cc1b5b0b7c72c8c7be0031
Instruction Fuzzy Hash: AA11E228E0D65682FA5497A9A8641352392AF89BE0F148A3CDF6E077D6DE3CFC51C740

Function 00007FF8A7BB7B90 Relevance: 5.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,00007FF8A7BB7EA7,?,?,?,?,?,?,?,?,00007FF8A7B41502), ref: 00007FF8A7BB7BB6
LeaveCriticalSection.KERNEL32(?,?,00007FF8A7BB7EA7,?,?,?,?,?,?,?,?,00007FF8A7B41502), ref: 00007FF8A7BB7BDB
EnterCriticalSection.KERNEL32(?,?,00007FF8A7BB7EA7,?,?,?,?,?,?,?,?,00007FF8A7B41502), ref: 00007FF8A7BB7C0C
LeaveCriticalSection.KERNEL32(?,?,00007FF8A7BB7EA7,?,?,?,?,?,?,?,?,00007FF8A7B41502), ref: 00007FF8A7BB7C16

Memory Dump Source

Source File: 0000000B.00000002.2246582140.00007FF8A7B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8A7B00000, based on PE: true

Associated: 0000000B.00000002.2246558474.00007FF8A7B00000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247013390.00007FF8A7BC5000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247040989.00007FF8A7BC6000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247206897.00007FF8A7D03000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247262637.00007FF8A7D08000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D09000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247292012.00007FF8A7D0C000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2247357738.00007FF8A7D0D000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7b00000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 3a1490edba09e3a7becc86b2e09e5672a663190b4e9fac5deeb906d35fe4d6c1
Instruction ID: b5e41f4f5ed8015c6695a2a43a1ae94c9fc2637febc2a4c3c9d76684e867a032
Opcode Fuzzy Hash: 3a1490edba09e3a7becc86b2e09e5672a663190b4e9fac5deeb906d35fe4d6c1
Instruction Fuzzy Hash: 1B01F776B0A65569E525DF23BC40A2E5750FF84FD9F855032DE0E07700CD3DD442A740

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report setup.msi

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

PCAP (Network Traffic)

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Config.Msi\5c570b.rbs

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_han1tlwj.eeq.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vriwzcc3.0rk.psm1

C:\Users\user\AppData\Local\Temp\msi8676.txt

C:\Users\user\AppData\Local\Temp\pss8679.ps1

C:\Users\user\AppData\Local\Temp\scr8677.ps1

C:\Users\user\AppData\Roaming\Microsoft\Installer\{5B7114EE-00D6-44D7-B716-410C9ADE9DAB}\icon_24.exe

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\BCUninstaller.exe

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\UnRar.exe

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-console-l1-1-0.dll

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-console-l1-2-0.dll

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-datetime-l1-1-0.dll

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-debug-l1-1-0.dll

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-errorhandling-l1-1-0.dll

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l1-1-0.dll

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l1-2-0.dll

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l2-1-0.dll

C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-handle-l1-1-0.dll

Windows Analysis Report
setup.msi

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre