Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
setup.msi

Overview

General Information

Sample name:setup.msi
Analysis ID:1591980
MD5:fc2fca2711e9ff2c2d5919f4c27cd1a1
SHA1:1d0a411878f9ebc1c5c7da1b2fe812c295a37cbd
SHA256:52341adb87a5e79d06901a64002c494e3f431c378193982c30225eab3b136688
Tags:LegionLoadermsiRobotDropperstaticmaxepress-comuser-aachum
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Suricata IDS alerts for network traffic
AI detected suspicious sample
Bypasses PowerShell execution policy
Potentially malicious time measurement code found
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Msiexec Initiated Connection
Sigma detected: Suspicious MsiExec Embedding Parent
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected AdvancedInstaller

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 2408 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 6460 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 2888 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding B91CBCAFE99AE17FCB8B82C57B495F0F MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • powershell.exe (PID: 6552 cmdline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss9DE7.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi9DD4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr9DD5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr9DD6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue." MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • conhost.exe (PID: 6388 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • obs-ffmpeg-mux.exe (PID: 1292 cmdline: "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exe" MD5: D3CAC4D7B35BACAE314F48C374452D71)
      • conhost.exe (PID: 6020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • createdump.exe (PID: 2164 cmdline: "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exe" MD5: 71F796B486C7FAF25B9B16233A7CE0CD)
      • conhost.exe (PID: 3292 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_AdvancedInstallerYara detected AdvancedInstallerJoe Security

    Sigma Signatures

    System Summary

    barindex
    Sigma detected: Script Interpreter Execution From Suspicious Folder
    Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss9DE7.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi9DD4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr9DD5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr9DD6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss9DE7.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi9DD4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr9DD5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr9DD6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding B91CBCAFE99AE17FCB8B82C57B495F0F, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 2888, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss9DE7.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi9DD4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr9DD5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr9DD6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 6552, ProcessName: powershell.exe
    Sigma detected: Suspicious Script Execution From Temp Folder
    Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss9DE7.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi9DD4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr9DD5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr9DD6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss9DE7.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi9DD4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr9DD5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr9DD6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding B91CBCAFE99AE17FCB8B82C57B495F0F, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 2888, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss9DE7.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi9DD4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr9DD5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr9DD6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 6552, ProcessName: powershell.exe
    Sigma detected: Change PowerShell Policies to an Insecure Level
    Source: Process startedAuthor: frack113: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss9DE7.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi9DD4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr9DD5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr9DD6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss9DE7.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi9DD4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr9DD5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr9DD6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding B91CBCAFE99AE17FCB8B82C57B495F0F, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 2888, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss9DE7.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi9DD4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr9DD5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr9DD6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 6552, ProcessName: powershell.exe
    Sigma detected: Msiexec Initiated Connection
    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 188.114.96.3, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 2888, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49704
    Sigma detected: Suspicious MsiExec Embedding Parent
    Source: Process startedAuthor: frack113: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss9DE7.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi9DD4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr9DD5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr9DD6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss9DE7.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi9DD4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr9DD5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr9DD6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding B91CBCAFE99AE17FCB8B82C57B495F0F, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 2888, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss9DE7.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi9DD4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr9DD5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr9DD6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 6552, ProcessName: powershell.exe
    Sigma detected: Non Interactive PowerShell Process Spawned
    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss9DE7.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi9DD4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr9DD5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr9DD6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss9DE7.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi9DD4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr9DD5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr9DD6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding B91CBCAFE99AE17FCB8B82C57B495F0F, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 2888, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss9DE7.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi9DD4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr9DD5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr9DD6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 6552, ProcessName: powershell.exe

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-15T16:10:28.604111+010028292021A Network Trojan was detected192.168.2.549704188.114.96.3443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus detection for URL or domain
    Source: https://staticmaxepress.com/updater2.phpAvira URL Cloud: Label: malware
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 85.5% probability
    Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8373D77F-FFF1-454F-A9BC-057E48DE9D80}Jump to behavior
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49704 version: TLS 1.2
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb source: createdump.exe, 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmp, createdump.exe, 00000008.00000000.2292812193.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb= source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb)) source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: ucrtbase.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.1.dr
    Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdbk source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
    Source: Binary string: Microsoft.Web.WebView2.Core.pdbGCTL source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdbj source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbm source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcamp140_app.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vccorlib140_app.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.1.dr
    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\msvcp140_app.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.1.dr
    Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.1.dr
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcomp140_app.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb!! source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.1.dr
    Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
    Source: Binary string: C:\a\_work\1\s\BuildOutput\Release\x86\Microsoft.UI.Xaml\Microsoft.UI.Xaml.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr
    Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\vcruntime140_app.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: api-ms-win-core-file-l1-1-0.dll.1.dr
    Source: Binary string: obs-ffmpeg-mux.pdb source: obs-ffmpeg-mux.exe, 00000007.00000002.2294667462.00007FF65EE15000.00000004.00000001.01000000.00000006.sdmp, obs-ffmpeg-mux.exe, 00000007.00000000.2292786392.00007FF65EE15000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb;;;GCTL source: createdump.exe, 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmp, createdump.exe, 00000008.00000000.2292812193.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: Microsoft.Web.WebView2.Core.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: ucrtbase.pdbUGP source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.1.dr
    Source: Binary string: w32-pthreads.pdb source: obs-ffmpeg-mux.exe, 00000007.00000002.2301373372.00007FF8BFAB8000.00000004.00000001.01000000.0000000B.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: setup.msi, MSI778F.tmp.1.dr, 4c6f16.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: setup.msi, 4c6f16.msi.1.dr
    Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: c:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 4x nop then push rbx7_2_00007FF8A7DD46C0

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2829202 - Severity 1 - ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA : 192.168.2.5:49704 -> 188.114.96.3:443
    Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
    Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficDNS traffic detected: DNS query: staticmaxepress.com
    Source: unknownHTTP traffic detected: POST /updater2.php HTTP/1.1Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: AdvancedInstallerHost: staticmaxepress.comContent-Length: 71Cache-Control: no-cache
    Source: setup.msi, 4c6f16.msi.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: setup.msi, 4c6f16.msi.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
    Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
    Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: setup.msi, 4c6f16.msi.1.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
    Source: powershell.exe, 00000004.00000002.2236454578.0000000002BE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
    Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: setup.msi, 4c6f16.msi.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
    Source: setup.msi, 4c6f16.msi.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
    Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: swresample-4.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: setup.msi, 4c6f16.msi.1.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
    Source: setup.msi, 4c6f16.msi.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
    Source: setup.msi, 4c6f16.msi.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
    Source: setup.msi, 4c6f16.msi.1.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0K
    Source: setup.msi, 4c6f16.msi.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
    Source: obs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 00000007.00000002.2295394041.00007FF8A4C7B000.00000002.00000001.01000000.0000000A.sdmp, avformat-60.dll.1.drString found in binary or memory: http://dashif.org/guidelines/trickmode
    Source: powershell.exe, 00000004.00000002.2239446716.0000000005898000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
    Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.drString found in binary or memory: http://ocsp.digicert.com0
    Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.drString found in binary or memory: http://ocsp.digicert.com0A
    Source: setup.msi, avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr, 4c6f16.msi.1.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: setup.msi, 4c6f16.msi.1.drString found in binary or memory: http://ocsp.digicert.com0K
    Source: setup.msi, 4c6f16.msi.1.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: setup.msi, 4c6f16.msi.1.drString found in binary or memory: http://ocsp.digicert.com0O
    Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.drString found in binary or memory: http://ocsp.digicert.com0X
    Source: powershell.exe, 00000004.00000002.2237085575.0000000004987000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
    Source: setup.msi, 4c6f16.msi.1.drString found in binary or memory: http://schemas.mici
    Source: powershell.exe, 00000004.00000002.2237085575.0000000004831000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    Source: obs-ffmpeg-mux.exe, 00000007.00000002.2295394041.00007FF8A4C7B000.00000002.00000001.01000000.0000000A.sdmp, avformat-60.dll.1.drString found in binary or memory: http://standards.iso.org/ittf/PubliclyAvailableStandards/MPEG-DASH_schema_files/DASH-MPD.xsd
    Source: powershell.exe, 00000004.00000002.2237085575.0000000004987000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
    Source: setup.msi, avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr, 4c6f16.msi.1.drString found in binary or memory: http://www.digicert.com/CPS0
    Source: obs-ffmpeg-mux.exe, 00000007.00000002.2298547245.00007FF8A6E50000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.videolan.org/x264.html
    Source: zlib.dll.1.drString found in binary or memory: http://www.zlib.net/D
    Source: powershell.exe, 00000004.00000002.2237085575.0000000004831000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
    Source: setup.msi, 4c6f16.msi.1.drString found in binary or memory: https://aka.ms/winui2/webview2download/Reload():
    Source: powershell.exe, 00000004.00000002.2239446716.0000000005898000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
    Source: powershell.exe, 00000004.00000002.2239446716.0000000005898000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
    Source: powershell.exe, 00000004.00000002.2239446716.0000000005898000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
    Source: powershell.exe, 00000004.00000002.2237085575.0000000004987000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
    Source: powershell.exe, 00000004.00000002.2237085575.0000000004EF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
    Source: powershell.exe, 00000004.00000002.2239446716.0000000005898000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
    Source: setup.msi, 4c6f16.msi.1.drString found in binary or memory: https://staticmaxepress.com/updater2.phpx
    Source: obs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://streams.videolan.org/upload/
    Source: setup.msi, 4c6f16.msi.1.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49704 version: TLS 1.2
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4c6f13.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI778F.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI77FE.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI783D.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI786D.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI78AD.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI790B.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI793B.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9715.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{8373D77F-FFF1-454F-A9BC-057E48DE9D80}Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9D30.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9D31.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4c6f16.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4c6f16.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI778F.tmpJump to behavior
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF65EE12A107_2_00007FF65EE12A10
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF65EE12EE07_2_00007FF65EE12EE0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5B8D07_2_00007FF8A7D5B8D0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5D8D07_2_00007FF8A7D5D8D0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D828B07_2_00007FF8A7D828B0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7DD48407_2_00007FF8A7DD4840
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5E8207_2_00007FF8A7D5E820
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D768207_2_00007FF8A7D76820
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D787F07_2_00007FF8A7D787F0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5B7907_2_00007FF8A7D5B790
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D517307_2_00007FF8A7D51730
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5D7007_2_00007FF8A7D5D700
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5B6A07_2_00007FF8A7D5B6A0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7E006407_2_00007FF8A7E00640
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D7C6507_2_00007FF8A7D7C650
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5B5C07_2_00007FF8A7D5B5C0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5D5C07_2_00007FF8A7D5D5C0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D735807_2_00007FF8A7D73580
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D935607_2_00007FF8A7D93560
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5A5207_2_00007FF8A7D5A520
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5E4C07_2_00007FF8A7D5E4C0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D944D07_2_00007FF8A7D944D0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D724D07_2_00007FF8A7D724D0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5B4607_2_00007FF8A7D5B460
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D733E07_2_00007FF8A7D733E0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D513A07_2_00007FF8A7D513A0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5B3807_2_00007FF8A7D5B380
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D953507_2_00007FF8A7D95350
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D963507_2_00007FF8A7D96350
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D943307_2_00007FF8A7D94330
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5C2F07_2_00007FF8A7D5C2F0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D7F2C07_2_00007FF8A7D7F2C0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D572607_2_00007FF8A7D57260
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5D2107_2_00007FF8A7D5D210
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5C1A07_2_00007FF8A7D5C1A0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5A1B07_2_00007FF8A7D5A1B0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D811607_2_00007FF8A7D81160
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5B1507_2_00007FF8A7D5B150
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D830A07_2_00007FF8A7D830A0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5B0307_2_00007FF8A7D5B030
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5D0307_2_00007FF8A7D5D030
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D72F207_2_00007FF8A7D72F20
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5DEF07_2_00007FF8A7D5DEF0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D56E707_2_00007FF8A7D56E70
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5BE207_2_00007FF8A7D5BE20
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D91E107_2_00007FF8A7D91E10
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D6FDF07_2_00007FF8A7D6FDF0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D82D907_2_00007FF8A7D82D90
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D59D507_2_00007FF8A7D59D50
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D72D207_2_00007FF8A7D72D20
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5CCE07_2_00007FF8A7D5CCE0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D92CC07_2_00007FF8A7D92CC0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D74C807_2_00007FF8A7D74C80
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D51C307_2_00007FF8A7D51C30
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D83C007_2_00007FF8A7D83C00
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D9CBE07_2_00007FF8A7D9CBE0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D72BF07_2_00007FF8A7D72BF0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7DB2B807_2_00007FF8A7DB2B80
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D53B877_2_00007FF8A7D53B87
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D92B607_2_00007FF8A7D92B60
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D82B407_2_00007FF8A7D82B40
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D95B007_2_00007FF8A7D95B00
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7DFDAA07_2_00007FF8A7DFDAA0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5BA707_2_00007FF8A7D5BA70
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D59A507_2_00007FF8A7D59A50
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D599C07_2_00007FF8A7D599C0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5E9A07_2_00007FF8A7D5E9A0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D5D9B07_2_00007FF8A7D5D9B0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D809B07_2_00007FF8A7D809B0
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D759807_2_00007FF8A7D75980
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D519907_2_00007FF8A7D51990
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D849207_2_00007FF8A7D84920
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: String function: 00007FF8A7D756C0 appears 288 times
    Source: avcodec-60.dll.1.drStatic PE information: Number of sections : 13 > 10
    Source: avutil-58.dll.1.drStatic PE information: Number of sections : 12 > 10
    Source: swresample-4.dll.1.drStatic PE information: Number of sections : 12 > 10
    Source: swscale-7.dll.1.drStatic PE information: Number of sections : 12 > 10
    Source: zlib.dll.1.drStatic PE information: Number of sections : 12 > 10
    Source: avformat-60.dll.1.drStatic PE information: Number of sections : 12 > 10
    Source: api-ms-win-core-handle-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-string-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-synch-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-sysinfo-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-memory-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-debug-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-environment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processthreads-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-heap-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-console-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-console-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l2-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-profile-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-libraryloader-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-localization-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-datetime-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processthreads-l1-1-1.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-namedpipe-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-filesystem-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-util-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-errorhandling-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processenvironment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-interlocked-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-synch-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-conio-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-timezone-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-convert-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: setup.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs setup.msi
    Source: setup.msiBinary or memory string: OriginalFilenameSoftwareDetector.dllF vs setup.msi
    Source: setup.msiBinary or memory string: OriginalFilenameDataUploader.dllF vs setup.msi
    Source: setup.msiBinary or memory string: OriginalFilenamePowerShellScriptLauncher.dllF vs setup.msi
    Source: setup.msiBinary or memory string: OriginalFilenameucrtbase.dllj% vs setup.msi
    Source: setup.msiBinary or memory string: OriginalFilenamevcruntime140.dllT vs setup.msi
    Source: setup.msiBinary or memory string: OriginalFilenamemsvcp140.dllT vs setup.msi
    Source: setup.msiBinary or memory string: OriginalFilenameMicrosoft.Web.WebView2.Core.dll vs setup.msi
    Source: setup.msiBinary or memory string: OriginalFilenameMicrosoft.UI.Xaml.dllD vs setup.msi
    Source: setup.msiBinary or memory string: OriginalFilenameembeddeduiproxy.dllF vs setup.msi
    Source: classification engineClassification label: mal76.evad.winMSI@13/88@1/1
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CMLA6CD.tmpJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6020:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3292:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6388:120:WilError_03
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DFF3C7A797E5A0F76F.TMPJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\PayloadJump to behavior
    Source: obs-ffmpeg-mux.exeString found in binary or memory: #EXT-X-START value isinvalid, it will be ignored
    Source: obs-ffmpeg-mux.exeString found in binary or memory: #EXT-X-START:
    Source: obs-ffmpeg-mux.exeString found in binary or memory: prefer to use #EXT-X-START if it's in playlist instead of live_start_index
    Source: obs-ffmpeg-mux.exeString found in binary or memory: start/stop audio
    Source: obs-ffmpeg-mux.exeString found in binary or memory: start/stop audio
    Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi"
    Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding B91CBCAFE99AE17FCB8B82C57B495F0F
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss9DE7.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi9DD4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr9DD5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr9DD6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exe "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exe"
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exe "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exe"
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding B91CBCAFE99AE17FCB8B82C57B495F0FJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exe "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exe"Jump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exe "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exe"Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss9DE7.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi9DD4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr9DD5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr9DD6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."Jump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: atlthunk.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: obs.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: avcodec-60.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: avutil-58.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: avformat-60.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: w32-pthreads.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: avutil-58.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: swresample-4.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exeSection loaded: dbgcore.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8373D77F-FFF1-454F-A9BC-057E48DE9D80}Jump to behavior
    Source: setup.msiStatic file information: File size 60619566 > 1048576
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb source: createdump.exe, 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmp, createdump.exe, 00000008.00000000.2292812193.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb= source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb)) source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: ucrtbase.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.1.dr
    Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdbk source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
    Source: Binary string: Microsoft.Web.WebView2.Core.pdbGCTL source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdbj source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbm source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcamp140_app.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vccorlib140_app.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.1.dr
    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\msvcp140_app.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.1.dr
    Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.1.dr
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcomp140_app.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb!! source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.1.dr
    Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
    Source: Binary string: C:\a\_work\1\s\BuildOutput\Release\x86\Microsoft.UI.Xaml\Microsoft.UI.Xaml.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr
    Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\vcruntime140_app.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: api-ms-win-core-file-l1-1-0.dll.1.dr
    Source: Binary string: obs-ffmpeg-mux.pdb source: obs-ffmpeg-mux.exe, 00000007.00000002.2294667462.00007FF65EE15000.00000004.00000001.01000000.00000006.sdmp, obs-ffmpeg-mux.exe, 00000007.00000000.2292786392.00007FF65EE15000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb;;;GCTL source: createdump.exe, 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmp, createdump.exe, 00000008.00000000.2292812193.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: Microsoft.Web.WebView2.Core.pdb source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: ucrtbase.pdbUGP source: setup.msi, 4c6f16.msi.1.dr
    Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.1.dr
    Source: Binary string: w32-pthreads.pdb source: obs-ffmpeg-mux.exe, 00000007.00000002.2301373372.00007FF8BFAB8000.00000004.00000001.01000000.0000000B.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: setup.msi, MSI778F.tmp.1.dr, 4c6f16.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: setup.msi, 4c6f16.msi.1.dr
    Source: api-ms-win-core-synch-l1-2-0.dll.1.drStatic PE information: 0x8A188CB0 [Tue Jun 2 13:31:28 2043 UTC]
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D6ED32 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,7_2_00007FF8A7D6ED32
    Source: vcruntime140.dll.1.drStatic PE information: section name: _RDATA
    Source: BCUninstaller.exe.1.drStatic PE information: section name: _RDATA
    Source: createdump.exe.1.drStatic PE information: section name: _RDATA
    Source: UnRar.exe.1.drStatic PE information: section name: _RDATA
    Source: avformat-60.dll.1.drStatic PE information: section name: .xdata
    Source: avutil-58.dll.1.drStatic PE information: section name: .xdata
    Source: swresample-4.dll.1.drStatic PE information: section name: .xdata
    Source: swscale-7.dll.1.drStatic PE information: section name: .xdata
    Source: zlib.dll.1.drStatic PE information: section name: .xdata
    Source: avcodec-60.dll.1.drStatic PE information: section name: .rodata
    Source: avcodec-60.dll.1.drStatic PE information: section name: .xdata
    Source: MSI9D31.tmp.1.drStatic PE information: section name: .fptable
    Source: MSI778F.tmp.1.drStatic PE information: section name: .fptable
    Source: MSI77FE.tmp.1.drStatic PE information: section name: .fptable
    Source: MSI783D.tmp.1.drStatic PE information: section name: .fptable
    Source: MSI786D.tmp.1.drStatic PE information: section name: .fptable
    Source: MSI78AD.tmp.1.drStatic PE information: section name: .fptable
    Source: MSI790B.tmp.1.drStatic PE information: section name: .fptable
    Source: MSI793B.tmp.1.drStatic PE information: section name: .fptable
    Source: MSI9715.tmp.1.drStatic PE information: section name: .fptable
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_068BBD76 push esp; ret 4_2_068BBD93
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\avformat-60.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\w32-pthreads.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\vcruntime140_1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9715.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-console-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\utest.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI793B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI783D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l2-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\avutil-58.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\swscale-7.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-util-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI78AD.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\vcruntime140.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\zlib.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9D31.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI786D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-string-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\msvcp140.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\avcodec-60.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI790B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI77FE.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-console-l1-2-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\swresample-4.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\BCUninstaller.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI778F.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l1-2-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI78AD.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9715.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI790B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI77FE.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI793B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9D31.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI783D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI778F.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI786D.tmpJump to dropped file
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D6B840 FreeLibrary,free,calloc,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryExW,_aligned_free,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,_errno,GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryExA,FreeLibrary,free,wcslen,GetModuleFileNameW,_aligned_free,_aligned_free,_aligned_free,wcscpy,LoadLibraryExW,LoadLibraryExW,_aligned_free,_aligned_free,_aligned_free,_aligned_free,_aligned_free,_aligned_free,_aligned_free,GetSystemDirectoryW,GetSystemDirectoryW,GetSystemDirectoryW,wcscpy,LoadLibraryExW,_aligned_free,_aligned_free,_aligned_free,_aligned_free,7_2_00007FF8A7D6B840
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D82D90 rdtsc 7_2_00007FF8A7D82D90
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2735Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1859Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\swscale-7.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-util-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\vcruntime140_1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI78AD.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI9715.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-console-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\utest.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\zlib.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI793B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI9D31.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI783D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l2-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-string-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI786D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\msvcp140.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI790B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-console-l1-2-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI77FE.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\BCUninstaller.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI778F.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l1-2-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exeAPI coverage: 8.2 %
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6480Thread sleep count: 2735 > 30Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3712Thread sleep count: 1859 > 30Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 768Thread sleep time: -4611686018427385s >= -30000sJump to behavior
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: 4c6f16.msi.1.drBinary or memory string: HKEY_USERSRegOpenKeyTransactedW::NetUserGetInfo() failed with error: \@invalid string_view positionVMware, Inc.VMware Virtual PlatformVMware7,1VMware20,1innotek GmbHVirtualBoxMicrosoft CorporationVirtual MachineVRTUALACRSYSA M IGetting system informationManufacturer [Model [BIOS [\\?\UNC\\\?\shim_clone%d.%d.%d.%dDllGetVersion[%!]%!ProgramFilesFolderCommonFilesFolderDesktopFolderAllUsersDesktopFolderAppDataFolderFavoritesFolderStartMenuFolderProgramMenuFolderStartupFolderFontsFolderLocalAppDataFolderCommonAppDataFolderProgramFiles64FolderProgramFilesProgramW6432SystemFolderSystem32FolderWindowsFolderWindowsVolumeTempFolderSETUPEXEDIRshfolder.dllSHGetFolderPathWProgramFilesAPPDATAPROGRAMFILES&+
    Source: obs-ffmpeg-mux.exe, 00000007.00000002.2298547245.00007FF8A6A3A000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: vmncVMware Screen Codec / VMware Video @
    Source: obs-ffmpeg-mux.exe, 00000007.00000002.2298547245.00007FF8A6A3A000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: VMware Screen Codec / VMware Video
    Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Potentially malicious time measurement code found
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D82D90 Start: 00007FF8A7D8300F End: 00007FF8A7D82E857_2_00007FF8A7D82D90
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D82D90 rdtsc 7_2_00007FF8A7D82D90
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF65EE13C5C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF65EE13C5C
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7D6ED32 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,7_2_00007FF8A7D6ED32
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exe "C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exe"Jump to behavior
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF65EE13E04 SetUnhandledExceptionFilter,7_2_00007FF65EE13E04
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF65EE13774 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FF65EE13774
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF65EE13C5C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF65EE13C5C
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8BFAB6CBC IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF8BFAB6CBC
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8BFAB6710 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FF8BFAB6710
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exeCode function: 8_2_00007FF71BAA2ECC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00007FF71BAA2ECC
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exeCode function: 8_2_00007FF71BAA3074 SetUnhandledExceptionFilter,8_2_00007FF71BAA3074
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exeCode function: 8_2_00007FF71BAA2984 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00007FF71BAA2984

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Bypasses PowerShell execution policy
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss9DE7.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi9DD4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr9DD5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr9DD6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss9DE7.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi9DD4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr9DD5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr9DD6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\pss9de7.ps1" -propfile "c:\users\user\appdata\local\temp\msi9dd4.txt" -scriptfile "c:\users\user\appdata\local\temp\scr9dd5.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scr9dd6.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\pss9de7.ps1" -propfile "c:\users\user\appdata\local\temp\msi9dd4.txt" -scriptfile "c:\users\user\appdata\local\temp\scr9dd5.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scr9dd6.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."Jump to behavior
    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF65EE13B40 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,7_2_00007FF65EE13B40
    Source: C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exeCode function: 7_2_00007FF8A7DF9720 GetTimeZoneInformation,GetSystemTimeAsFileTime,7_2_00007FF8A7DF9720

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure1
    Replication Through Removable Media    		12
    Command and Scripting Interpreter    		1
    Windows Service    		1
    Windows Service    		21
    Masquerading    		OS Credential Dumping2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    Native API    		1
    DLL Side-Loading    		11
    Process Injection    		1
    Disable or Modify Tools    		LSASS Memory21
    Security Software Discovery    		Remote Desktop ProtocolData from Removable Media2
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain Accounts1
    PowerShell    		Logon Script (Windows)1
    DLL Side-Loading    		21
    Virtualization/Sandbox Evasion    		Security Account Manager1
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive3
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
    Process Injection    		NTDS21
    Virtualization/Sandbox Evasion    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Deobfuscate/Decode Files or Information    		LSA Secrets1
    Application Window Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
    Obfuscated Files or Information    		Cached Domain Credentials11
    Peripheral Device Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    Timestomp    		DCSync13
    System Information Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    DLL Side-Loading    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
    File Deletion    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1591980 Sample: setup.msi Startdate: 15/01/2025 Architecture: WINDOWS Score: 76 45 staticmaxepress.com 2->45 51 Suricata IDS alerts for network traffic 2->51 53 Antivirus detection for URL or domain 2->53 55 AI detected suspicious sample 2->55 57 3 other signatures 2->57 9 msiexec.exe 136 104 2->9         started        12 msiexec.exe 2 2->12         started        signatures3 process4 file5 31 C:\Users\user\AppData\...\obs-ffmpeg-mux.exe, PE32+ 9->31 dropped 33 C:\Windows\Installer\MSI9D31.tmp, PE32 9->33 dropped 35 C:\Windows\Installer\MSI9715.tmp, PE32 9->35 dropped 37 51 other files (none is malicious) 9->37 dropped 14 msiexec.exe 14 9->14         started        19 createdump.exe 1 9->19         started        21 obs-ffmpeg-mux.exe 1 9->21         started        process6 dnsIp7 47 staticmaxepress.com 188.114.96.3, 443, 49704 CLOUDFLARENETUS European Union 14->47 39 C:\Users\user\AppData\Local\...\scr9DD5.ps1, Unicode 14->39 dropped 41 C:\Users\user\AppData\Local\...\pss9DE7.ps1, Unicode 14->41 dropped 43 C:\Users\user\AppData\Local\...\msi9DD4.txt, Unicode 14->43 dropped 49 Bypasses PowerShell execution policy 14->49 23 powershell.exe 17 14->23         started        25 conhost.exe 19->25         started        27 conhost.exe 21->27         started        file8 signatures9 process10 process11 29 conhost.exe 23->29         started       

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    No Antivirus matches

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\BCUninstaller.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-console-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\avcodec-60.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\avformat-60.dll3%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\avutil-58.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\msvcp140.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\swresample-4.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\swscale-7.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\utest.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\vcruntime140.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\vcruntime140_1.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\w32-pthreads.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\zlib.dll0%ReversingLabs
    C:\Windows\Installer\MSI778F.tmp0%ReversingLabs
    C:\Windows\Installer\MSI77FE.tmp0%ReversingLabs
    C:\Windows\Installer\MSI783D.tmp0%ReversingLabs
    C:\Windows\Installer\MSI786D.tmp0%ReversingLabs
    C:\Windows\Installer\MSI78AD.tmp0%ReversingLabs
    C:\Windows\Installer\MSI790B.tmp0%ReversingLabs
    C:\Windows\Installer\MSI793B.tmp0%ReversingLabs
    C:\Windows\Installer\MSI9715.tmp0%ReversingLabs
    C:\Windows\Installer\MSI9D31.tmp0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://staticmaxepress.com/updater2.php100%Avira URL Cloudmalware
    https://staticmaxepress.com/updater2.phpx0%Avira URL Cloudsafe
    http://schemas.mici0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    staticmaxepress.com
    		188.114.96.3
    		truetrue
      		unknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://staticmaxepress.com/updater2.phptrue
      • Avira URL Cloud: malware
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://nuget.org/NuGet.exepowershell.exe, 00000004.00000002.2239446716.0000000005898000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        http://crl.micropowershell.exe, 00000004.00000002.2236454578.0000000002BE2000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000004.00000002.2237085575.0000000004987000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            https://streams.videolan.org/upload/obs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpfalse
              		high
              https://aka.ms/pscore6lBpowershell.exe, 00000004.00000002.2237085575.0000000004831000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000004.00000002.2237085575.0000000004987000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://www.zlib.net/Dzlib.dll.1.drfalse
                    		high
                    https://go.micropowershell.exe, 00000004.00000002.2237085575.0000000004EF2000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.videolan.org/x264.htmlobs-ffmpeg-mux.exe, 00000007.00000002.2298547245.00007FF8A6E50000.00000002.00000001.01000000.00000008.sdmpfalse
                        		high
                        https://contoso.com/powershell.exe, 00000004.00000002.2239446716.0000000005898000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://nuget.org/nuget.exepowershell.exe, 00000004.00000002.2239446716.0000000005898000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://contoso.com/Licensepowershell.exe, 00000004.00000002.2239446716.0000000005898000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://dashif.org/guidelines/trickmodeobs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 00000007.00000002.2295394041.00007FF8A4C7B000.00000002.00000001.01000000.0000000A.sdmp, avformat-60.dll.1.drfalse
                                		high
                                https://contoso.com/Iconpowershell.exe, 00000004.00000002.2239446716.0000000005898000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://standards.iso.org/ittf/PubliclyAvailableStandards/MPEG-DASH_schema_files/DASH-MPD.xsdobs-ffmpeg-mux.exe, 00000007.00000002.2295394041.00007FF8A4C7B000.00000002.00000001.01000000.0000000A.sdmp, avformat-60.dll.1.drfalse
                                    		high
                                    http://schemas.micisetup.msi, 4c6f16.msi.1.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://aka.ms/winui2/webview2download/Reload():setup.msi, 4c6f16.msi.1.drfalse
                                      		high
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000004.00000002.2237085575.0000000004831000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://github.com/Pester/Pesterpowershell.exe, 00000004.00000002.2237085575.0000000004987000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://staticmaxepress.com/updater2.phpxsetup.msi, 4c6f16.msi.1.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown

                                          World Map of Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public IPs

                                          IPDomainCountryFlagASNASN NameMalicious
                                          188.114.96.3
                                          		staticmaxepress.comEuropean Union
                                          		13335CLOUDFLARENETUStrue

                                          General Information

                                          Joe Sandbox version:42.0.0 Malachite
                                          Analysis ID:1591980
                                          Start date and time:2025-01-15 16:09:20 +01:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:0h 7m 31s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:12
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Sample name:setup.msi
                                          Detection:MAL
                                          Classification:mal76.evad.winMSI@13/88@1/1
                                          EGA Information:
                                          • Successful, ratio: 33.3%
                                          HCA Information:
                                          • Successful, ratio: 100%
                                          • Number of executed functions: 14
                                          • Number of non-executed functions: 214
                                          Cookbook Comments:
                                          • Found application associated with file extension: .msi

                                          Warnings

                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                          • Excluded IPs from analysis (whitelisted): 13.107.246.45, 20.12.23.50
                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                          • Execution Graph export aborted for target obs-ffmpeg-mux.exe, PID 1292 because there are no executed function
                                          • Execution Graph export aborted for target powershell.exe, PID 6552 because it is empty
                                          • Not all processes where analyzed, report is missing behavior information

                                          Simulations

                                          Behavior and APIs

                                          TimeTypeDescription
                                          10:10:29API Interceptor4x Sleep call for process: powershell.exe modified

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          188.114.96.3http://www.brillflooring.comGet hashmaliciousUnknownBrowse
                                          • www.brillflooring.com/
                                          New Order#12125.exeGet hashmaliciousFormBookBrowse
                                          • www.cifasnc.info/8rr3/
                                          CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                          • www.cifasnc.info/8rr3/
                                          1001-13.exeGet hashmaliciousFormBookBrowse
                                          • www.einpisalpace.shop/pgw3/
                                          trow.exeGet hashmaliciousUnknownBrowse
                                          • www.tc17.com/
                                          HN1GiQ5tF7.exeGet hashmaliciousFormBookBrowse
                                          • www.questmatch.pro/ipd6/
                                          AxKxwW9WGa.exeGet hashmaliciousFormBookBrowse
                                          • www.zkdamdjj.shop/kf1m/
                                          XeFYBYYj0w.exeGet hashmaliciousFormBookBrowse
                                          • www.einpisalpace.shop/8g74/?wtE0B=1LjxZz&9F=WJ/rFpSuW7SUTonvHlYgJHet70+40/nSG+S456FFT70GKpWTD+yYW7KPXc3l6inPZ41lXlQU44ttBNcSIyPO/Awb2QEZq+eieNEXwOjUfdTJHvICblirwfj54bAbpLWz76fPuJmn0JFO
                                          tfWjjV1LdT.exeGet hashmaliciousFormBookBrowse
                                          • www.zkdamdjj.shop/kf1m/
                                          M7XS5C07kV.exeGet hashmaliciousFormBookBrowse
                                          • www.zkdamdjj.shop/kf1m/

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          staticmaxepress.comSetup.msiGet hashmaliciousUnknownBrowse
                                          • 172.67.162.17
                                          setup.msiGet hashmaliciousUnknownBrowse
                                          • 172.67.162.17
                                          Setup.msiGet hashmaliciousUnknownBrowse
                                          • 104.21.34.147

                                          ASNs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          CLOUDFLARENETUSQj9gUbJBkY.dllGet hashmaliciousWannacryBrowse
                                          • 8.44.41.1
                                          xd.spc.elfGet hashmaliciousMiraiBrowse
                                          • 172.69.125.196
                                          http://www.mcpf.co.zaGet hashmaliciousUnknownBrowse
                                          • 104.17.25.14
                                          MotivatedFunded.exeGet hashmaliciousLummaC StealerBrowse
                                          • 162.159.135.233
                                          Set-Up.exeGet hashmaliciousLummaCBrowse
                                          • 104.21.75.15
                                          http://www.mcpf.co.zaGet hashmaliciousUnknownBrowse
                                          • 104.17.25.14
                                          ActiVe_Ver_Set-UpFilE.exeGet hashmaliciousLummaC StealerBrowse
                                          • 172.67.192.161
                                          Personliche Nachricht fur e4060738.pdfGet hashmaliciousUnknownBrowse
                                          • 104.18.95.41
                                          https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fclick.pstmrk.it%25252F3s%25252Fpshieldnemt.com%2525252Fwp%25252FGnrm%25252FJ6y6AQ%25252FAQ%25252Fe40c43dd-851b-4580-9323-fb61c1f4e855%25252F1%25252FDz8wyx-xnG%252FGnrm%252FK6y6AQ%252FAQ%252F08a87d58-9017-42a2-87a2-16d811ad0020%252F1%252FAQhuEqjtZr%2FGnrm%2FLKy6AQ%2FAQ%2Ff082e7c9-7f04-4f29-b74f-bf5134bab4b2%2F1%2F6eo6CGyRlQ/Gnrm/Lay6AQ/AQ/e23803d3-ac37-4b0c-9ec4-0cf79f1109e9/1/9Hx062h64U#d2F0c29uLmJlY2t5QGFpZGIub3JnGet hashmaliciousPhisherBrowse
                                          • 172.66.0.235
                                          https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fclick.pstmrk.it%25252F3s%25252Fpshieldnemt.com%2525252Fwp%25252FGnrm%25252FJ6y6AQ%25252FAQ%25252Fe40c43dd-851b-4580-9323-fb61c1f4e855%25252F1%25252FDz8wyx-xnG%252FGnrm%252FK6y6AQ%252FAQ%252F08a87d58-9017-42a2-87a2-16d811ad0020%252F1%252FAQhuEqjtZr%2FGnrm%2FLKy6AQ%2FAQ%2Ff082e7c9-7f04-4f29-b74f-bf5134bab4b2%2F1%2F6eo6CGyRlQ/Gnrm/Lay6AQ/AQ/e23803d3-ac37-4b0c-9ec4-0cf79f1109e9/1/9Hx062h64U#d2F0c29uLmJlY2t5QGFpZGIub3JnGet hashmaliciousHTMLPhisherBrowse
                                          • 104.17.25.14

                                          JA3 Fingerprints

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          37f463bf4616ecd445d4a1937da06e1900.ps1Get hashmaliciousPureCrypter, LummaC, LummaC StealerBrowse
                                          • 188.114.96.3
                                          00.ps1Get hashmaliciousPureCrypter, LummaC, LummaC StealerBrowse
                                          • 188.114.96.3
                                          Inquiry.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                          • 188.114.96.3
                                          138745635-72645747.116.exeGet hashmaliciousUnknownBrowse
                                          • 188.114.96.3
                                          2834573-3676874985.02.exeGet hashmaliciousUnknownBrowse
                                          • 188.114.96.3
                                          regsvr.exeGet hashmaliciousUnknownBrowse
                                          • 188.114.96.3
                                          0dsIoO7xjt.docxGet hashmaliciousUnknownBrowse
                                          • 188.114.96.3
                                          inward_payment_confirmation_reference_Z1766053541_notifications.bat.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                          • 188.114.96.3
                                          1KaTo6P18Z.docGet hashmaliciousUnknownBrowse
                                          • 188.114.96.3

                                          Dropped Files

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exeK064a7Rfk7.msiGet hashmaliciousUnknownBrowse
                                            Setup.msiGet hashmaliciousUnknownBrowse
                                              setup.msiGet hashmaliciousUnknownBrowse
                                                Setup.msiGet hashmaliciousUnknownBrowse
                                                  setup.msiGet hashmaliciousUnknownBrowse
                                                    u1XWB0BIju.msiGet hashmaliciousUnknownBrowse
                                                      setup.msiGet hashmaliciousUnknownBrowse
                                                        setup.msiGet hashmaliciousUnknownBrowse
                                                          Setup.msiGet hashmaliciousUnknownBrowse
                                                            6a7e35.msiGet hashmaliciousUnknownBrowse
                                                              C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\BCUninstaller.exeK064a7Rfk7.msiGet hashmaliciousUnknownBrowse
                                                                Setup.msiGet hashmaliciousUnknownBrowse
                                                                  setup.msiGet hashmaliciousUnknownBrowse
                                                                    Setup.msiGet hashmaliciousUnknownBrowse
                                                                      setup.msiGet hashmaliciousUnknownBrowse
                                                                        u1XWB0BIju.msiGet hashmaliciousUnknownBrowse
                                                                          setup.msiGet hashmaliciousUnknownBrowse
                                                                            setup.msiGet hashmaliciousUnknownBrowse
                                                                              Setup.msiGet hashmaliciousUnknownBrowse
                                                                                6a7e35.msiGet hashmaliciousUnknownBrowse

                                                                                  Created / dropped Files

                                                                                  C:\Config.Msi\4c6f15.rbs

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:data
                                                                                  Category:modified
                                                                                  Size (bytes):19799
                                                                                  Entropy (8bit):5.833355000167904
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:XYl2sOat1wdvHEJV/tmlkkm+mN/Cit8G4Dv2ejnxZ4UnrcoWVj9CUNGRf8w/8wsT:XQ2sOat1wdvHEJV/tmlkkm+mN/Cit8GF
                                                                                  MD5:B8529E4CE051D9BFA054755FCFE56A4B
                                                                                  SHA1:8825FAF2500813976F77CADB5C0AFB2461AA5B8C
                                                                                  SHA-256:5F930F52A0E11259B2A19E346A02122C7252C0DD94C0CDBECF72F112D92ACA2B
                                                                                  SHA-512:12AEF9C1B4C27F1C028C1C3E72EF9C5EF27E3B6624513BA9285FD94EC817E4366683A10EE94E328F137FA682BB92C6B9FCFD90A6C68A416D8F6DFF2D0584C173
                                                                                  Malicious:false
                                                                                  Preview:...@IXOS.@.....@PQ/Z.@.....@.....@.....@.....@.....@......&.{8373D77F-FFF1-454F-A9BC-057E48DE9D80}..Joas App..setup.msi.@.....@.....@.....@......icon_31.exe..&.{B33EC93A-7963-48BA-BFFE-FA8E09A16C9E}.....@.....@.....@.....@.......@.....@.....@.......@......Joas App......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{F39C344E-A83E-4760-8DA8-F27602095B4F}&.{8373D77F-FFF1-454F-A9BC-057E48DE9D80}.@......&.{BC83E781-7DE2-47A8-97C3-2E6CC9BCAD82}&.{8373D77F-FFF1-454F-A9BC-057E48DE9D80}.@......&.{279C32E3-A00A-4513-9A8B-D3984A41A6FB}&.{8373D77F-FFF1-454F-A9BC-057E48DE9D80}.@......&.{B61B35E4-8BE1-4171-B69B-E2423CE9179F}&.{8373D77F-FFF1-454F-A9BC-057E48DE9D80}.@......&.{FDDB96EE-847D-4B25-85B1-65E662CF63A8}&.{8373D77F-FFF1-454F-A9BC-057E48DE9D80}.@......&.{9608D8ED-8EC6-4540-B232-4A823606F862}&.{8373D77F-FFF1-454F-A9BC-057E48DE9D80}.@......&.{17B6E8D6-C004-40DB-BB2D-125D7C1CC21E}&.{8373D77F-FFF1-454F-A

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):1360
                                                                                  Entropy (8bit):5.415059038751397
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:3Uyt3WSKco4KmZjKbm51s4RPT6moUebIKo+mZ9t7J0gt/NK3R82r+SVbR:ky9WSU4xymI4RfoUeW+mZ9tK8NWR82jD
                                                                                  MD5:FD6EFA8F14C5DC6D31919F10350E7E37
                                                                                  SHA1:19C81E14CD96499CA522E985EF49006061DDE189
                                                                                  SHA-256:9BCB3D1FF78418525F66B02DAD61C5A09975BF673C27EBD9EAB7AF1B3CACBCBE
                                                                                  SHA-512:EF44DB604F1990F96A422C4937D87CFA31C0793BC1E5B03EABFD464480633EACBB286A7DD31EE3250DCAC55585DC7E55EB4E504D44973A4E66D7A3AC13E4D0EA
                                                                                  Malicious:false
                                                                                  Preview:@...e.................................^..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gqdh50wm.iiz.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mvblbacv.ofr.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\msi9DD4.txt

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                  File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):100
                                                                                  Entropy (8bit):3.0073551160284637
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Q0JUINRYplflrOdlVWNlANf5Yplf955:Q0JB0LJOn03ANqLN
                                                                                  MD5:7A131AC8F407D08D1649D8B66D73C3B0
                                                                                  SHA1:D93E1B78B1289FB51E791E524162D69D19753F22
                                                                                  SHA-256:9ACBF0D3EEF230CC2D5A394CA5657AE42F3E369292DA663E2537A278A811FF5B
                                                                                  SHA-512:47B6FF38B4DF0845A83F17E0FE889747A478746E1E7F17926A5CCAC1DD39C71D93F05A88E0EC176C1E5D752F85D4BDCFFB5C64125D1BA92ACC91D03D6031848D
                                                                                  Malicious:true
                                                                                  Preview:..Q.u.i.t.e.S.e.s. .:.<.-.>.:. . .<.<.:.>.>. .E.x.t.e.n.d.E.x.p.i.r.e. .:.<.-.>.:. .0. .<.<.:.>.>. .

                                                                                  C:\Users\user\AppData\Local\Temp\pss9DE7.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):6668
                                                                                  Entropy (8bit):3.5127462716425657
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:5Wb5VNkKmeHn/V2BVrIovmgNlGjxcj6BngOcvjb:5WbyZ/gVyvb
                                                                                  MD5:30C30EF2CB47E35101D13402B5661179
                                                                                  SHA1:25696B2AAB86A9233F19017539E2DD83B2F75D4E
                                                                                  SHA-256:53094DF6FA4E57A3265FF04BC1E970C10BCDB3D4094AD6DD610C05B7A8B79E0F
                                                                                  SHA-512:882BE2768138BB75FF7DDE7D5CA4C2E024699398BAACD0CE1D4619902402E054297E4F464D8CB3C22B2F35D3DABC408122C207FACAD64EC8014F2C54834CF458
                                                                                  Malicious:true
                                                                                  Preview:..p.a.r.a.m.(..... . .[.a.l.i.a.s.(.".p.r.o.p.F.i.l.e.".).]. . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.O.u.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".p.r.o.p.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.K.V.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".l.i.n.e.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.L.i.n.e.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.F.i.l.e.".).]. . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.A.r.g.s.F.i.l.e.".).].[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.f.a.l.s.e.).].[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.A.r.g.s.F.i.l.e.P.a.t.h..... .,.[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                  C:\Users\user\AppData\Local\Temp\scr9DD5.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):262
                                                                                  Entropy (8bit):3.5081452196908582
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:Q9kVk79idK3fOlFowlzS+KiV6wk4rMTlP1LlG7JidK3falnUOn03AnfYBB:Q9k4KvowBNdk4rMTQNeFUr3hB
                                                                                  MD5:25A91A8E49BFEDD214CFF0E00B272D8B
                                                                                  SHA1:54E1BE147BB8B7E4F4FBC0A5FC705F5DC055E18B
                                                                                  SHA-256:F9FA463780F3A22FE9F1F3AA276457EB855A3214B0F9C67416987BB08456FCE1
                                                                                  SHA-512:E96FB585D29D4F431E125628D2EE0EAB82B852C9F4C55C4BE0F391EF876FFFF12C59366A8176D7BB7FC115F6FBA89CAD13EE03BFFDB76BCE4ABF414AEC08B429
                                                                                  Malicious:true
                                                                                  Preview:..$.s.e.g.o.i.j.e. .=. .A.I._.G.e.t.M.s.i.P.r.o.p.e.r.t.y. .".Q.u.i.t.e.S.e.s.".....$.q.o.p.i.j.i.w. .=. .[.u.i.n.t.3.2.].(.$.s.e.g.o.i.j.e. .-.r.e.p.l.a.c.e. .'.t.'.,. .'.'.).....A.I._.S.e.t.M.s.i.P.r.o.p.e.r.t.y. .".E.x.t.e.n.d.E.x.p.i.r.e.". .$.q.o.p.i.j.i.w.

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\BCUninstaller.exe

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):310928
                                                                                  Entropy (8bit):6.001677789306043
                                                                                  Encrypted:false
                                                                                  SSDEEP:3072:Zczkitvo4BpYN/6mBPry8TXROLdW5m4mURs9OOGC0kvxVCd7wANmSrvlPSIB0P+4:ZA4NCmBPry/N24OOjVxM7RNrrvEc0a
                                                                                  MD5:147B71C906F421AC77F534821F80A0C6
                                                                                  SHA1:3381128CA482A62333E20D0293FDA50DC5893323
                                                                                  SHA-256:7DCD48CEF4CC4C249F39A373A63BBA97C66F4D8AFDBE3BAB196FD452A58290B2
                                                                                  SHA-512:2FCD2127D9005D66431DD8C9BD5BC60A148D6F3DFE4B80B82672AFD0D148F308377A0C38D55CA58002E5380D412CE18BD0061CB3B12F4DAA90E0174144EA20C8
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Joe Sandbox View:
                                                                                  • Filename: K064a7Rfk7.msi, Detection: malicious, Browse
                                                                                  • Filename: Setup.msi, Detection: malicious, Browse
                                                                                  • Filename: setup.msi, Detection: malicious, Browse
                                                                                  • Filename: Setup.msi, Detection: malicious, Browse
                                                                                  • Filename: setup.msi, Detection: malicious, Browse
                                                                                  • Filename: u1XWB0BIju.msi, Detection: malicious, Browse
                                                                                  • Filename: setup.msi, Detection: malicious, Browse
                                                                                  • Filename: setup.msi, Detection: malicious, Browse
                                                                                  • Filename: Setup.msi, Detection: malicious, Browse
                                                                                  • Filename: 6a7e35.msi, Detection: malicious, Browse
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8.}|...|...|....../p....../v....../1...u.a.l....../u...|........./v....../}...Rich|...........PE..d...i..d..........".................`<.........@..........................................`.................................................t$...........S...`..@........(..............T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data........@......................@....pdata..@....`.......&..............@..@_RDATA...............<..............@..@.rsrc....S.......T...>..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\UnRar.exe

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):506008
                                                                                  Entropy (8bit):6.4284173495366845
                                                                                  Encrypted:false
                                                                                  SSDEEP:6144:yY8mmN3YWYGAj9JwXScp39ioIKzKVEKfr01//bbh3S62Wt3A3ksFqXqjh6AusDyn:yY8XiWYGAkXh3Qqia/zAot3A6AhezSpK
                                                                                  MD5:98CCD44353F7BC5BAD1BC6BA9AE0CD68
                                                                                  SHA1:76A4E5BF8D298800C886D29F85EE629E7726052D
                                                                                  SHA-256:E51021F6CB20EFBD2169F2A2DA10CE1ABCA58B4F5F30FBF4BAE931E4ECAAC99B
                                                                                  SHA-512:D6E8146A1055A59CBA5E2AAF47F6CB184ACDBE28E42EC3DAEBF1961A91CEC5904554D9D433EBF943DD3639C239EF11560FA49F00E1CFF02E11CD8D3506C4125F
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Joe Sandbox View:
                                                                                  • Filename: K064a7Rfk7.msi, Detection: malicious, Browse
                                                                                  • Filename: Setup.msi, Detection: malicious, Browse
                                                                                  • Filename: setup.msi, Detection: malicious, Browse
                                                                                  • Filename: Setup.msi, Detection: malicious, Browse
                                                                                  • Filename: setup.msi, Detection: malicious, Browse
                                                                                  • Filename: u1XWB0BIju.msi, Detection: malicious, Browse
                                                                                  • Filename: setup.msi, Detection: malicious, Browse
                                                                                  • Filename: setup.msi, Detection: malicious, Browse
                                                                                  • Filename: Setup.msi, Detection: malicious, Browse
                                                                                  • Filename: 6a7e35.msi, Detection: malicious, Browse
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g.}............|.&.....|.$.J...|.%.....H}*.....H}./....H}./.....~P.....H}./.....~D.........z...F}./....F}(.....F}./....Rich............PE..d.....@f.........."....!.b.....................@.....................................'....`.................................................|...........H........4.......(......8...0I..T....................J..(....G..@............................................text....a.......b.................. ..`.rdata...3.......4...f..............@..@.data...............................@....pdata...4.......6..................@..@_RDATA..\...........................@..@.rsrc...H...........................@..@.reloc..8...........................@..B................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-console-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):12224
                                                                                  Entropy (8bit):6.596101286914553
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:4nWYhWxWWFYg7VWQ4uWjXUtpwBqnajrmaaGJ:2WYhWvZqlQGJ
                                                                                  MD5:919E653868A3D9F0C9865941573025DF
                                                                                  SHA1:EFF2D4FF97E2B8D7ED0E456CB53B74199118A2E2
                                                                                  SHA-256:2AFBFA1D77969D0F4CEE4547870355498D5C1DA81D241E09556D0BD1D6230F8C
                                                                                  SHA-512:6AEC9D7767EB82EBC893EBD97D499DEBFF8DA130817B6BB4BCB5EB5DE1B074898F87DB4F6C48B50052D4F8A027B3A707CAD9D7ED5837A6DD9B53642B8A168932
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...Y.=i.........." .........................................................0......a.....`.........................................`...,............ ...................!..............T............................................................................rdata..P...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-console-l1-2-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):12224
                                                                                  Entropy (8bit):6.640081558424349
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:iTWYhWyWWFYg7VWQ4uWq6Cu87ZqnajgnLSyu:sWYhWi1XHllk2yu
                                                                                  MD5:7676560D0E9BC1EE9502D2F920D2892F
                                                                                  SHA1:4A7A7A99900E41FF8A359CA85949ACD828DDB068
                                                                                  SHA-256:00942431C2D3193061C7F4DC340E8446BFDBF792A7489F60349299DFF689C2F9
                                                                                  SHA-512:F1E8DB9AD44CD1AA991B9ED0E000C58978EB60B3B7D9908B6EB78E8146E9E12590B0014FC4A97BC490FFE378C0BF59A6E02109BFD8A01C3B6D0D653A5B612D15
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....y1..........." .........................................................0...........`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-datetime-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):11712
                                                                                  Entropy (8bit):6.6023398138369505
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:5WYhWYWWFYg7VWQ4SWSS/njxceXqnajLJ35H:5WYhW4gjmAlnJpH
                                                                                  MD5:AC51E3459E8FCE2A646A6AD4A2E220B9
                                                                                  SHA1:60CF810B7AD8F460D0B8783CE5E5BBCD61C82F1A
                                                                                  SHA-256:77577F35D3A61217EA70F21398E178F8749455689DB52A2B35A85F9B54C79638
                                                                                  SHA-512:6239240D4F4FA64FC771370FB25A16269F91A59A81A99A6A021B8F57CA93D6BB3B3FCECC8DEDE0EF7914652A2C85D84D774F13A4143536A3F986487A776A2EAE
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....Ab.........." .........................................................0......d.....`.........................................`................ ...................!..............T............................................................................rdata..4...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-debug-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):11720
                                                                                  Entropy (8bit):6.614262942006268
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:4WYhWFsWWFYg7VWQ4eWZzAR/BVrqnajcJH:4WYhWFMJRLlA5
                                                                                  MD5:B0E0678DDC403EFFC7CDC69AE6D641FB
                                                                                  SHA1:C1A4CE4DED47740D3518CD1FF9E9CE277D959335
                                                                                  SHA-256:45E48320ABE6E3C6079F3F6B84636920A367989A88F9BA6847F88C210D972CF1
                                                                                  SHA-512:2BADF761A0614D09A60D0ABB6289EBCBFA3BF69425640EB8494571AFD569C8695AE20130AAC0E1025E8739D76A9BFF2EFC9B4358B49EFE162B2773BE9C3E2AD4
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):11720
                                                                                  Entropy (8bit):6.654155040985372
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:imxD3vEWYhWnWWFYg7VWQ4eWMOwNbDXbBqnaj0qJm8:iIEWYhWFpLbBlwqJm
                                                                                  MD5:94788729C9E7B9C888F4E323A27AB548
                                                                                  SHA1:B0BA0C4CF1D8B2B94532AA1880310F28E87756EC
                                                                                  SHA-256:ACCDD7455FB6D02FE298B987AD412E00D0B8E6F5FB10B52826367E7358AE1187
                                                                                  SHA-512:AB65495B1D0DD261F2669E04DC18A8DA8F837B9AC622FC69FDE271FF5E6AA958B1544EDD8988F017D3DD83454756812C927A7702B1ED71247E506530A11F21C6
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....:.[.........." .........................................................0......~.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):15304
                                                                                  Entropy (8bit):6.548897063441128
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:+AuVYPvVX8rFTsRWYhWyWWFYg7VWQ4eWQBAW+JSdqnajeMoLR9au:TBPvVXLWYhWiBdlaLFAu
                                                                                  MD5:580D9EA2308FC2D2D2054A79EA63227C
                                                                                  SHA1:04B3F21CBBA6D59A61CD839AE3192EA111856F65
                                                                                  SHA-256:7CB0396229C3DA434482A5EF929D3A2C392791712242C9693F06BAA78948EF66
                                                                                  SHA-512:97C1D3F4F9ADD03F21C6B3517E1D88D1BF9A8733D7BDCA1AECBA9E238D58FF35780C4D865461CC7CD29E9480B3B3B60864ABB664DCDC6F691383D0B281C33369
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................@............`.........................................`................0...................!..............T............................................................................rdata..(...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l1-2-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):11712
                                                                                  Entropy (8bit):6.622041192039296
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:dzWYhW1sWWFYg7VWQ4yWL3sQlmqnajlD4h1N:BWYhW2e6l94h1N
                                                                                  MD5:35BC1F1C6FBCCEC7EB8819178EF67664
                                                                                  SHA1:BBCAD0148FF008E984A75937AADDF1EF6FDA5E0C
                                                                                  SHA-256:7A3C5167731238CF262F749AA46AB3BFB2AE1B22191B76E28E1D7499D28C24B7
                                                                                  SHA-512:9AB9B5B12215E57AF5B3C588ED5003D978071DC591ED18C78C4563381A132EDB7B2C508A8B75B4F1ED8823118D23C88EDA453CD4B42B9020463416F8F6832A3D
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......./....`.........................................`...L............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-file-l2-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):11720
                                                                                  Entropy (8bit):6.730719514840594
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:/VyWYhWjAWWFYg7VWQ4eWiuNwzNbDXbBqnaj0q:/VyWYhW8g+LbBlwq
                                                                                  MD5:3BF4406DE02AA148F460E5D709F4F67D
                                                                                  SHA1:89B28107C39BB216DA00507FFD8ADB7838D883F6
                                                                                  SHA-256:349A79FA1572E3538DFBB942610D8C47D03E8A41B98897BC02EC7E897D05237E
                                                                                  SHA-512:5FF6E8AD602D9E31AC88E06A6FBB54303C57D011C388F46D957AEE8CD3B7D7CCED8B6BFA821FF347ADE62F7359ACB1FBA9EE181527F349C03D295BDB74EFBACE
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-handle-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):11720
                                                                                  Entropy (8bit):6.626458901834476
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:P9RWYhWEWWFYg7VWQ4eWncTjxceXqnajLJS:LWYhWk3TjmAlnJS
                                                                                  MD5:BBAFA10627AF6DFAE5ED6E4AEAE57B2A
                                                                                  SHA1:3094832B393416F212DB9107ADD80A6E93A37947
                                                                                  SHA-256:C78A1217F8DCB157D1A66B80348DA48EBDBBEDCEA1D487FC393191C05AAD476D
                                                                                  SHA-512:D5FCBA2314FFE7FF6E8B350D65A2CDD99CA95EA36B71B861733BC1ED6B6BB4D85D4B1C4C4DE2769FBF90D4100B343C250347D9ED1425F4A6C3FE6A20AED01F17
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...>G.j.........." .........................................................0............`.........................................`...`............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-heap-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):12232
                                                                                  Entropy (8bit):6.577869728469469
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:5t6DjZlTIWYhWsWWFYg7VWQ4eW4MtkR/BVrqnajc:5t6Dll0WYhWMqkRLlA
                                                                                  MD5:3A4B6B36470BAD66621542F6D0D153AB
                                                                                  SHA1:5005454BA8E13BAC64189C7A8416ECC1E3834DC6
                                                                                  SHA-256:2E981EE04F35C0E0B7C58282B70DCC9FC0318F20F900607DAE7A0D40B36E80AF
                                                                                  SHA-512:84B00167ABE67F6B58341045012723EF4839C1DFC0D8F7242370C4AD9FABBE4FEEFE73F9C6F7953EAE30422E0E743DC62503A0E8F7449E11C5820F2DFCA89294
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......M.....`.........................................`................ ...................!..............T............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):11712
                                                                                  Entropy (8bit):6.6496318655699795
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:nWYhWNWWFYg7VWQ4uWtGDlR/BVrqnajcU8:nWYhWLJDlRLlAU8
                                                                                  MD5:A038716D7BBD490378B26642C0C18E94
                                                                                  SHA1:29CD67219B65339B637A1716A78221915CEB4370
                                                                                  SHA-256:B02324C49DD039FA889B4647331AA9AC65E5ADC0CC06B26F9F086E2654FF9F08
                                                                                  SHA-512:43CB12D715DDA4DCDB131D99127417A71A16E4491BC2D5723F63A1C6DFABE578553BC9DC8CF8EFFAE4A6BE3E65422EC82079396E9A4D766BF91681BDBD7837B1
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...*............." .........................................................0......-.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):12736
                                                                                  Entropy (8bit):6.587452239016064
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:FvuBL3BBLZWYhWxWWFYg7VWQ4uW4g0jrQYcunYqnajv9Ml:FvuBL3BPWYhWv8jYulhMl
                                                                                  MD5:D75144FCB3897425A855A270331E38C9
                                                                                  SHA1:132C9ADE61D574AA318E835EB78C4CCCDDEFDEA2
                                                                                  SHA-256:08484ED55E43584068C337281E2C577CF984BB504871B3156DE11C7CC1EEC38F
                                                                                  SHA-512:295A6699529D6B173F686C9BBB412F38D646C66AAB329EAC4C36713FDD32A3728B9C929F9DCADDE562F625FB80BC79026A52772141AD2080A0C9797305ADFF2E
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0......V`....`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-localization-l1-2-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):14280
                                                                                  Entropy (8bit):6.658205945107734
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:NOMw3zdp3bwjGzue9/0jCRrndbwNWYhW6WAulh2:NOMwBprwjGzue9/0jCRrndbw5D
                                                                                  MD5:8ACB83D102DABD9A5017A94239A2B0C6
                                                                                  SHA1:9B43A40A7B498E02F96107E1524FE2F4112D36AE
                                                                                  SHA-256:059CB23FDCF4D80B92E3DA29E9EF4C322EDF6FBA9A1837978FD983E9BDFC7413
                                                                                  SHA-512:B7ECF60E20098EA509B76B1CC308A954A6EDE8D836BF709790CE7D4BD1B85B84CF5F3AEDF55AF225D2D21FBD3065D01AA201DAE6C131B8E1E3AA80ED6FC910A4
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......._....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-memory-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):12224
                                                                                  Entropy (8bit):6.621310788423453
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:qo1aCFEWYhWwp/DEs39DHDs35FrsvYgmr0DD0ADEs3TDL2L4m2grMWaLNpDEs3OC:teWYhWVWWFYg7VWQ4yWwAKZRqnajl6x7
                                                                                  MD5:808F1CB8F155E871A33D85510A360E9E
                                                                                  SHA1:C6251ABFF887789F1F4FC6B9D85705788379D149
                                                                                  SHA-256:DADBD2204B015E81F94C537AC7A36CD39F82D7C366C193062210C7288BAA19E3
                                                                                  SHA-512:441F36CA196E1C773FADF17A0F64C2BBDC6AF22B8756A4A576E6B8469B4267E942571A0AE81F4B2230B8DE55702F2E1260E8D0AFD5447F2EA52F467F4CAA9BC6
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...f092.........." .........................................................0............`.........................................`...l............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):11720
                                                                                  Entropy (8bit):6.7263193693903345
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:cWYhWZSWWFYg7VWQ4eWkcc7ZqnajgnLSp:cWYhW84cllk2p
                                                                                  MD5:CFF476BB11CC50C41D8D3BF5183D07EC
                                                                                  SHA1:71E0036364FD49E3E535093E665F15E05A3BDE8F
                                                                                  SHA-256:B57E70798AF248F91C8C46A3F3B2952EFFAE92CA8EF9640C952467BC6726F363
                                                                                  SHA-512:7A87E4EE08169E9390D0DFE607E9A220DC7963F9B4C2CDC2F8C33D706E90DC405FBEE00DDC4943794FB502D9882B21FAAE3486BC66B97348121AE665AE58B01C
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....%..........." .........................................................0......[.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):12744
                                                                                  Entropy (8bit):6.601327134572443
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:qKWYhWbWWFYg7VWQ4eWYoWjxceXqnajLJe:qKWYhWJ4WjmAlnJe
                                                                                  MD5:F43286B695326FC0C20704F0EEBFDEA6
                                                                                  SHA1:3E0189D2A1968D7F54E721B1C8949487EF11B871
                                                                                  SHA-256:AA415DB99828F30A396CBD4E53C94096DB89756C88A19D8564F0EED0674ADD43
                                                                                  SHA-512:6EAD35348477A08F48A9DEB94D26DA5F4E4683E36F0A46117B078311235C8B9B40C17259C2671A90D1A210F73BF94C9C063404280AC5DD5C7F9971470BEAF8B7
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0.......Z....`.........................................`...H............ ...................!..............T............................................................................rdata..x...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):14272
                                                                                  Entropy (8bit):6.519411559704781
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:AWXk1JzX9cKSIvWYhWLWWFYg7VWQ4SWW0uI7oinEqnajxMyqY:AWXk1JzNcKSIvWYhW5+uOEle6
                                                                                  MD5:E173F3AB46096482C4361378F6DCB261
                                                                                  SHA1:7922932D87D3E32CE708F071C02FB86D33562530
                                                                                  SHA-256:C9A686030E073975009F993485D362CC31C7F79B683DEF713E667D13E9605A14
                                                                                  SHA-512:3AAFEFD8A9D7B0C869D0C49E0C23086115FD550B7DC5C75A5B8A8620AD37F36A4C24D2BF269043D81A7448C351FF56CB518EC4E151960D4F6BD655C38AFF547F
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...j............." .........................................................0......%C....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):12232
                                                                                  Entropy (8bit):6.659079053710614
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:NtxDfIeA6WYhW7WWFYg7VWQ4eWpB5ABzR/BVrqnajcb:NtxDfIeA6WYhWp28RLlA
                                                                                  MD5:9C9B50B204FCB84265810EF1F3C5D70A
                                                                                  SHA1:0913AB720BD692ABCDB18A2609DF6A7F85D96DB3
                                                                                  SHA-256:25A99BDF8BF4D16077DC30DD9FFEF7BB5A2CEAF9AFCEE7CF52AD408355239D40
                                                                                  SHA-512:EA2D22234E587AD9FA255D9F57907CC14327EAD917FDEDE8B0A38516E7C7A08C4172349C8A7479EC55D1976A37E520628006F5C362F6A3EC76EC87978C4469CD
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......6y....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-profile-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):11200
                                                                                  Entropy (8bit):6.7627840671368835
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:clIHyZ36WYhWulWWFYg7VWQ4yWqeQDbLtsQlmqnajlDC:clIHyZKWYhWKhlbp6l9C
                                                                                  MD5:0233F97324AAAA048F705D999244BC71
                                                                                  SHA1:5427D57D0354A103D4BB8B655C31E3189192FC6A
                                                                                  SHA-256:42F4E84073CF876BBAB9DD42FD87124A4BA10BB0B59D2C3031CB2B2DA7140594
                                                                                  SHA-512:8339F3C0D824204B541AECBD5AD0D72B35EAF6717C3F547E0FD945656BCB2D52E9BD645E14893B3F599ED8F2DE6D3BCBEBF3B23ED43203599AF7AFA5A4000311
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....f............" .........................................................0.......>....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):12224
                                                                                  Entropy (8bit):6.590253878523919
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:4GeVvXK9WYhW1WWFYg7VWQ4yWj6k50IsQlmqnajlDl:4GeVy9WYhWzVk6l9l
                                                                                  MD5:E1BA66696901CF9B456559861F92786E
                                                                                  SHA1:D28266C7EDE971DC875360EB1F5EA8571693603E
                                                                                  SHA-256:02D987EBA4A65509A2DF8ED5DD0B1A0578966E624FCF5806614ECE88A817499F
                                                                                  SHA-512:08638A0DD0FB6125F4AB56E35D707655F48AE1AA609004329A0E25C13D2E71CB3EDB319726F10B8F6D70A99F1E0848B229A37A9AB5427BFEE69CD890EDFB89D2
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...._............" .........................................................0.......S....`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-string-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):11720
                                                                                  Entropy (8bit):6.672720452347989
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:byMvQWYhW5fWWFYg7VWQ4eWio3gDwcunYqnajv9JS:byMvQWYhW/BXwulhw
                                                                                  MD5:7A15B909B6B11A3BE6458604B2FF6F5E
                                                                                  SHA1:0FEB824D22B6BEEB97BCE58225688CB84AC809C7
                                                                                  SHA-256:9447218CC4AB1A2C012629AAAE8D1C8A428A99184B011BCC766792AF5891E234
                                                                                  SHA-512:D01DD566FF906AAD2379A46516E6D060855558C3027CE3B991056244A8EDD09CE29EACEC5EE70CEEA326DED7FC2683AE04C87F0E189EBA0E1D38C06685B743C9
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....<.........." .........................................................0.......g....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-synch-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):13760
                                                                                  Entropy (8bit):6.575688560984027
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:L1dv3V0dfpkXc2MAvVaoKKDWYhWTJWWFYg7VWQ4uWoSUtpwBqnajrmaaGWpmJ:Zdv3V0dfpkXc0vVaeWYhWj/qlQGWpmJ
                                                                                  MD5:6C3FCD71A6A1A39EAB3E5C2FD72172CD
                                                                                  SHA1:15B55097E54028D1466E46FEBCA1DBB8DBEFEA4F
                                                                                  SHA-256:A31A15BED26232A178BA7ECB8C8AA9487C3287BB7909952FC06ED0D2C795DB26
                                                                                  SHA-512:EF1C14965E5974754CC6A9B94A4FA5107E89966CB2E584CE71BBBDD2D9DC0C0536CCC9D488C06FA828D3627206E7D9CC8065C45C6FB0C9121962CCBECB063D4F
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0............`.........................................`...X............ ...................!..............T............................................................................rdata..|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-synch-l1-2-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):12232
                                                                                  Entropy (8bit):6.70261983917014
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:ztZ3XWYhW3WWFYg7VWQ4eWNnpit7ZqnajgnLSl:ztZ3XWYhWVg+llk2
                                                                                  MD5:D175430EFF058838CEE2E334951F6C9C
                                                                                  SHA1:7F17FBDCEF12042D215828C1D6675E483A4C62B1
                                                                                  SHA-256:1C72AC404781A9986D8EDEB0EE5DD39D2C27CE505683CA3324C0ECCD6193610A
                                                                                  SHA-512:6076086082E3E824309BA2C178E95570A34ECE6F2339BE500B8B0A51F0F316B39A4C8D70898C4D50F89F3F43D65C5EBBEC3094A47D91677399802F327287D43B
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......G.....`.........................................`...x............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):12744
                                                                                  Entropy (8bit):6.599515320379107
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:fKIMFFyWYhW6WWFYg7VWQ4eWoVjxceXqnajLJ4:fcyWYhWKRjmAlnJ4
                                                                                  MD5:9D43B5E3C7C529425EDF1183511C29E4
                                                                                  SHA1:07CE4B878C25B2D9D1C48C462F1623AE3821FCEF
                                                                                  SHA-256:19C78EF5BA470C5B295DDDEE9244CBD07D0368C5743B02A16D375BFB494D3328
                                                                                  SHA-512:C8A1C581C3E465EFBC3FF06F4636A749B99358CA899E362EA04B3706EAD021C69AE9EA0EFC1115EAE6BBD9CF6723E22518E9BEC21F27DDAAFA3CF18B3A0034A7
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r............" .........................................................0............`.........................................`...H............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-timezone-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):12232
                                                                                  Entropy (8bit):6.690164913578267
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:4EWYhWdWWFYg7VWQ4eWvvJ6jxceXqnajLJn:4EWYhWbwYjmAlnJ
                                                                                  MD5:43E1AE2E432EB99AA4427BB68F8826BB
                                                                                  SHA1:EEE1747B3ADE5A9B985467512215CAF7E0D4CB9B
                                                                                  SHA-256:3D798B9C345A507E142E8DACD7FB6C17528CC1453ABFEF2FFA9710D2FA9E032C
                                                                                  SHA-512:40EC0482F668BDE71AEB4520A0709D3E84F093062BFBD05285E2CC09B19B7492CB96CDD6056281C213AB0560F87BD485EE4D2AEEFA0B285D2D005634C1F3AF0B
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....Y$..........." .........................................................0.......d....`.........................................`...H............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-core-util-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):11720
                                                                                  Entropy (8bit):6.615761482304143
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:dZ89WYhWFWWFYg7VWQ4eW5QLyFqnajziMOci:dZ89WYhWDnolniMOP
                                                                                  MD5:735636096B86B761DA49EF26A1C7F779
                                                                                  SHA1:E51FFBDDBF63DDE1B216DCCC753AD810E91ABC58
                                                                                  SHA-256:5EB724C51EECBA9AC7B8A53861A1D029BF2E6C62251D00F61AC7E2A5F813AAA3
                                                                                  SHA-512:3D5110F0E5244A58F426FBB72E17444D571141515611E65330ECFEABDCC57AD3A89A1A8B2DC573DA6192212FB65C478D335A86678A883A1A1B68FF88ED624659
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......Xc....`.........................................`...<............ ...................!..............T............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-conio-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):12744
                                                                                  Entropy (8bit):6.627282858694643
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:R0WYhWRWWFYg7VWQ4eWLeNxUUtpwBqnajrmaaG:R0WYhWPzjqlQG
                                                                                  MD5:031DC390780AC08F498E82A5604EF1EB
                                                                                  SHA1:CF23D59674286D3DC7A3B10CD8689490F583F15F
                                                                                  SHA-256:B119ADAD588EBCA7F9C88628010D47D68BF6E7DC6050B7E4B787559F131F5EDE
                                                                                  SHA-512:1468AD9E313E184B5C88FFD79A17C7D458D5603722620B500DBA06E5B831037CD1DD198C8CE2721C3260AB376582F5791958763910E77AA718449B6622D023C7
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d..../}..........." .........................................................0......a.....`.........................................0................ ...................!..............T............................................................................rdata.. ...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-convert-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):15816
                                                                                  Entropy (8bit):6.435326465651674
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:JM0wd8dc9cydWYhWyWWFYg7VWQ4eW9jTXfH098uXqnajH/VCf:G0wd8xydWYhWi2bXuXlTV2
                                                                                  MD5:285DCD72D73559678CFD3ED39F81DDAD
                                                                                  SHA1:DF22928E43EA6A9A41C1B2B5BFCAB5BA58D2A83A
                                                                                  SHA-256:6C008BE766C44BF968C9E91CDDC5B472110BEFFEE3106A99532E68C605C78D44
                                                                                  SHA-512:84EF0A843798FD6BD6246E1D40924BE42550D3EF239DAB6DB4D423B142FA8F691C6F0603687901F1C52898554BF4F48D18D3AEBD47DE935560CDE4906798C39A
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...x............." .........................................................@.......5....`.........................................0................0...................!..............T............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-environment-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):12232
                                                                                  Entropy (8bit):6.5874576656353145
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:6KNMWYhW6WWFYg7VWQ4eWSA5lJSdqnajeMh3:6KNMWYhWKiKdlaW
                                                                                  MD5:5CCE7A5ED4C2EBAF9243B324F6618C0E
                                                                                  SHA1:FDB5954EE91583A5A4CBB0054FB8B3BF6235EED3
                                                                                  SHA-256:AA3E3E99964D7F9B89F288DBE30FF18CBC960EE5ADD533EC1B8326FE63787AA3
                                                                                  SHA-512:FC85A3BE23621145B8DC067290BD66416B6B1566001A799975BF99F0F526935E41A2C8861625E7CFB8539CA0621ED9F46343C04B6C41DB812F58412BE9C8A0DE
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...g P..........." .........................................................0............`.........................................0..."............ ...................!..............T............................................................................rdata..R...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):13768
                                                                                  Entropy (8bit):6.645869978118917
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:CGnWlC0i5ClWYhWwWWFYg7VWQ4eWtOUtpwBqnajrmaaGN4P:9nWm5ClWYhWQ8qlQGN6
                                                                                  MD5:41FBBB054AF69F0141E8FC7480D7F122
                                                                                  SHA1:3613A572B462845D6478A92A94769885DA0843AF
                                                                                  SHA-256:974AF1F1A38C02869073B4E7EC4B2A47A6CE8339FA62C549DA6B20668DE6798C
                                                                                  SHA-512:97FB0A19227887D55905C2D622FBF5451921567F145BE7855F72909EB3027F48A57D8C4D76E98305121B1B0CC1F5F2667EF6109C59A83EA1B3E266934B2EB33C
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r..x.........." .........................................................0.......(....`.........................................0................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\avcodec-60.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):37333152
                                                                                  Entropy (8bit):6.632921864082428
                                                                                  Encrypted:false
                                                                                  SSDEEP:393216:LzyCmQCOCLheXbl4MEf+Eidgrpj3xO6FLzq2KHplhrX5:L5WLheXbl4MEf+HgrpjVF6PD5
                                                                                  MD5:32F56F3E644C4AC8C258022C93E62765
                                                                                  SHA1:06DFF5904EBBF69551DFA9F92E6CC2FFA9679BA1
                                                                                  SHA-256:85AF2FB4836145098423E08218AC381110A6519CB559FF6FC7648BA310704315
                                                                                  SHA-512:CAE2B9E40FF71DDAF76A346C20028867439B5726A16AE1AD5E38E804253DFCF6ED0741095A619D0999728D953F2C375329E86B8DE4A0FCE55A8CDC13946D5AD8
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........(........&"...&............P........................................P.......3:...`... ......................................`...........A.....p.......t...X.9.H'.......M..............................(......................P............................text...............................`..`.rodata.0........................... ..`.data...............................@....rdata....X......X.................@..@.pdata..t...........................@..@.xdata..`...........................@..@.bss...................................edata.......`.......|..............@..@.idata...A.......B..................@....CRT....`..........................@....tls...............................@....rsrc...p..........................@....reloc...M.......N..................@..B........................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\avformat-60.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):5100112
                                                                                  Entropy (8bit):6.374242928276845
                                                                                  Encrypted:false
                                                                                  SSDEEP:49152:WBUp8DPNkkup6GAx9HEekwEfG/66xcPiw+UgAnBM+sVf9d3PWKOyz/Omlc69kXOV:WB/Z16w8idUgfT0b6LnBSpytGyodUl
                                                                                  MD5:01589E66D46ABCD9ACB739DA4B542CE4
                                                                                  SHA1:6BF1BD142DF68FA39EF26E2CAE82450FED03ECB6
                                                                                  SHA-256:9BB4A5F453DA85ACD26C35969C049592A71A7EF3060BFA4EB698361F2EDB37A3
                                                                                  SHA-512:0527AF5C1E7A5017E223B3CC0343ED5D42EC236D53ECA30D6DECCEB2945AF0C1FBF8C7CE367E87BC10FCD54A77F5801A0D4112F783C3B7E829B2F40897AF8379
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........D..,....&"...&.R4...D.....P.........................................E.....r}N...`... .......................................D.0-....D.hX...PE.......?.......M.H'...`E..e............................>.(.....................D.`............................text....P4......R4.................`..`.data....3...p4..4...V4.............@....rdata...&....4..(....4.............@..@.pdata........?.......?.............@..@.xdata..8{....A..|...TA.............@..@.bss..........D..........................edata..0-....D.......C.............@..@.idata..hX....D..Z....C.............@....CRT....`....0E......XD.............@....tls.........@E......ZD.............@....rsrc........PE......\D.............@....reloc...e...`E..f...`D.............@..B................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\avutil-58.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):1089600
                                                                                  Entropy (8bit):6.535744457220272
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:NFUq9wHzADwiB0Bm3k6gz0sA+wLDZyoFNRsKYw:TUdMDwIgm3kpzsNpyoFDsKYw
                                                                                  MD5:3AAF57892F2D66F4A4F0575C6194F0F8
                                                                                  SHA1:D65C9143603940EDE756D7363AB6750F6B45AB4E
                                                                                  SHA-256:9E0D0A05B798DA5D6C38D858CE1AD855C6D68BA2F9822FA3DA16E148E97F9926
                                                                                  SHA-512:A5F595D9C48B8D5191149D59896694C6DD0E9E1AF782366162D7E3C90C75B2914F6E7AFF384F4B59CA7C5A1ECCCDBF5758E90A6A2B14A8625858A599DCCA429B
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........f..X.....&"...&.2...b......P......................................... ......?....`... ......................................0 .xC.... ....... .h.......@>...x..H'.... ............................. Z..(..................... .P............................text....1.......2..................`..`.data........P.......6..............@....rdata...,...`.......8..............@..@.pdata..@>.......@...f..............@..@.xdata...K.......L..................@..@.bss......... ...........................edata..xC...0 ..D..................@..@.idata........ ......6..............@....CRT....`..... ......N..............@....tls.......... ......P..............@....rsrc...h..... ......R..............@....reloc........ ......V..............@..B................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exe

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):57488
                                                                                  Entropy (8bit):6.382541157520703
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:eQ6XULhGj8TzwsoeZwVAsuEIBh8v6H3eQdFyN+yghK3m5rR8vSoQuSd:ECVbTGkiE/c+XA3g2L7S
                                                                                  MD5:71F796B486C7FAF25B9B16233A7CE0CD
                                                                                  SHA1:21FFC41E62CD5F2EFCC94BAF71BD2659B76D28D3
                                                                                  SHA-256:B2ACB555E6D5C6933A53E74581FD68D523A60BCD6BD53E4A12D9401579284FFD
                                                                                  SHA-512:A82EA6FC7E7096C10763F2D821081F1B1AFFA391684B8B47B5071640C8A4772F555B953445664C89A7DFDB528C5D91A9ADDB5D73F4F5E7509C6D58697ED68432
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l............uU.....x.....x.....x....{...........ox....ox9....ox....Rich...........................PE..d......d.........."......f...N......p).........@....................................2.....`.....................................................................P........(......d.......T...............................8............................................text....e.......f.................. ..`.rdata...6.......8...j..............@..@.data...............................@....pdata..P...........................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..d...........................@..B................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\iwhgjds.rar

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:RAR archive data, v5
                                                                                  Category:dropped
                                                                                  Size (bytes):435406
                                                                                  Entropy (8bit):7.999546729128828
                                                                                  Encrypted:true
                                                                                  SSDEEP:12288:nQmsP8s0SJf70d8P60PVjZmzhs//6yZqcB3PkGGaB:tsPNzz0mP6kBR8FaB
                                                                                  MD5:85AE2F49E50D3860B37A5E8148AE16C9
                                                                                  SHA1:49A99D1F2D58E0F60DDF30DBC2CC66ADCA083983
                                                                                  SHA-256:7B3C3AA6007296BA00C55F9242F0F79D3F20B087766A3BB0FD66DD2D629FA73D
                                                                                  SHA-512:D124BDEDE1B4FE7347B6B5CD6145308F2A4905ECF4BF2288A5057DDA0666F96DE16AFFC8DDDE2C8B914273E8D6D44B9602B992682CB53BEB6A08B7AD2BF666EB
                                                                                  Malicious:false
                                                                                  Preview:Rar!....lx.\!........b^v..z.Q..Y..Q.....J!...R.'..uR...x#.......t@.*.:...(..x..L.....k...K....zty*kV.N..l...8....^.g.......+...MX:...7..f.b#._<J;.hu..V/..&.z..414d3G..R..qB.......g#.b?.....QN.._x.l....Z...%pZb_g.-}.MTL.LS5.......(.8.+.-..*.z,.....}g8..#.;...e........\..).....o8KN.Q.a].........7..,)D.Rl..Db......R*W'=.t.....YD....J.^qP....5;..6....e.x...+..P..Q..".M..B....#...gm!j..}.C..C......\.p.s|r.-...RH.%.&..1s.S...w<...a..ED..=...4{;.9.7.q..@..+....$.P....7J..&......D..K...........`..x]\.....h..&.v....E..Xq'?.`..|.u......2.=..Z.Q...7n...:..._.. a2..?V...4.].c./&.L..d...!...i*%&......[..oJ.t..r..F.1.:.*i.(TZ......@....,J....3...Y..b.Kz_.H........ ....N../.(.....2& ;.4.@/..9.k.x....&......=+6...a.......S.....GG.....MP.{..x}Tc..\?QA.r\..>...W-.T.*..3..?U .^.X...1h..9.I.....n..tS....N.....8t5x....... h$.iu..H.2...\P-X..5....9..v.....o.......F_2D..M`..s....e...JIe[..%.o.\...J.&#}..f...-.U..>......M.".......^..Z.....;.5k..:H

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\msvcp140.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):566704
                                                                                  Entropy (8bit):6.494428734965787
                                                                                  Encrypted:false
                                                                                  SSDEEP:12288:M/Wn7JnU0QUgqtLe1fqSKnqEXG6IOaaal7wC/QaDWxncycIW6zuyLQEKZm+jWodj:yN59IW6zuAQEKZm+jWodEEY1u
                                                                                  MD5:6DA7F4530EDB350CF9D967D969CCECF8
                                                                                  SHA1:3E2681EA91F60A7A9EF2407399D13C1CA6AA71E9
                                                                                  SHA-256:9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA
                                                                                  SHA-512:1F77F900215A4966F7F4E5D23B4AAAD203136CB8561F4E36F03F13659FE1FF4B81CAA75FEF557C890E108F28F0484AD2BAA825559114C0DAA588CF1DE6C1AFAB
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y...................Z.........O.....O.....O.....O.....O.....O.6....O.....Rich...........................PE..d...%|.a.........." .....<...\.......)...................................................`A.........................................5..h...(...,............p...9...~...'......0.......T...............................8............P...............................text....;.......<.................. ..`.rdata..j....P.......@..............@..@.data...`:...0......................@....pdata...9...p...:...6..............@..@.rsrc................p..............@..@.reloc..0............t..............@..B................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exe

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):35656
                                                                                  Entropy (8bit):6.370522595411868
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:ixmeWkfdHAWcgj7Y7rEabyLcRwEpYinAMx1nyqaJ:pXUdg8jU7r4LcRZ7Hx1nyqa
                                                                                  MD5:D3CAC4D7B35BACAE314F48C374452D71
                                                                                  SHA1:95D2980786BC36FEC50733B9843FDE9EAB081918
                                                                                  SHA-256:4233600651FB45B9E50D2EC8B98B9A76F268893B789A425B4159675B74F802AA
                                                                                  SHA-512:21C8D73CC001EF566C1F3C7924324E553A6DCA68764ECB11C115846CA54E74BD1DFED12A65AF28D9B00DDABA04F987088AA30E91B96E050E4FC1A256FFF20880
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........D..D..D..M.3.J......F......W......N......G......F..D..l......A..D.........E...._.E......E..RichD..................PE..d................"....#.2...4......`7.........@..........................................`..................................................b..,....................d..H'......<....Z..p...........................`Y..@............P...............................text....1.......2.................. ..`.rdata..H"...P...$...6..............@..@.data...H............Z..............@....pdata...............\..............@..@.rsrc................`..............@..@.reloc..<............b..............@..B........................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\suriqk.bat

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):22
                                                                                  Entropy (8bit):3.879664004902594
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:mKDDlR+7H6U:hOD6U
                                                                                  MD5:D9324699E54DC12B3B207C7433E1711C
                                                                                  SHA1:864EB0A68C2979DCFF624118C9C0618FF76FA76C
                                                                                  SHA-256:EDFACD2D5328E4FFF172E0C21A54CC90BAF97477931B47B0A528BFE363EF7C7E
                                                                                  SHA-512:E8CC55B04A744A71157FCCA040B8365473C1165B3446E00C61AD697427221BE11271144F93F853F22906D0FEB61BC49ADFE9CBA0A1F3B3905E7AD6BD57655EB8
                                                                                  Malicious:false
                                                                                  Preview:@echo off..Start "" %1

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\swresample-4.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):158968
                                                                                  Entropy (8bit):6.4238235663554955
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:izN/1rbQ+rTccg/Lla75jjVBzYCDNzuDQr5whduOd7EKPuh9Aco6uAGUtQFUzcnX:8N/FQ+rejlaFhdrXORhjD6VGUtQWk
                                                                                  MD5:7FB892E2AC9FF6981B6411FF1F932556
                                                                                  SHA1:861B6A1E59D4CD0816F4FEC6FD4E31FDE8536C81
                                                                                  SHA-256:A45A29AECB118FC1A27ECA103EAD50EDD5343F85365D1E27211FE3903643C623
                                                                                  SHA-512:986672FBB14F3D61FFF0924801AAB3E9D6854BB3141B95EE708BF5B80F8552D5E0D57182226BABA0AE8995A6A6F613864AB0E5F26C4DCE4EB88AB82B060BDAC5
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...........O.....&"...&.h..........P.....................................................`... ...................................... .......0..T....`..........X....E..H'...p..................................(...................02...............................text....f.......h..................`..`.data................l..............@....rdata...Q.......R...n..............@..@.pdata..X...........................@..@.xdata..............................@..@.bss.....................................edata....... ......................@..@.idata..T....0......................@....CRT....X....@......................@....tls.........P......................@....rsrc........`......................@....reloc.......p......................@..B................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\swscale-7.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):707200
                                                                                  Entropy (8bit):6.610520126248797
                                                                                  Encrypted:false
                                                                                  SSDEEP:12288:hTl8xt5jEuhuoWZz8Rt5brZcXVEZMbYwepVQ0G6ddTD8qevJMLf50555555555mj:hZ8xt5jEuhuoWZz8Rt5brZcXVEZMbYJz
                                                                                  MD5:1144E36E0F8F739DB55A7CF9D4E21E1B
                                                                                  SHA1:9FA49645C0E3BAE0EDD44726138D7C72EECE06DD
                                                                                  SHA-256:65F8E4D76067C11F183C0E1670972D81E878E6208E501475DE514BC4ED8638FD
                                                                                  SHA-512:A82290D95247A67C4D06E5B120415318A0524D00B9149DDDD8B32E21BBD0EE4D86BB397778C4F137BF60DDD4167EE2E9C6490B3018031053E9FE3C0D0B3250E7
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...........-.....&"...&............P.....................................................`... ......................................P.......`..........x....P......8...H'......................................(....................c..`............................text...(...........................`..`.data...............................@....rdata...s.......t..................@..@.pdata.......P...0...&..............@..@.xdata...9.......:...V..............@..@.bss.....................................edata.......P......................@..@.idata.......`......................@....CRT....`....p......................@....tls................................@....rsrc...x...........................@....reloc..............................@..B................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\una_front\classes.jsa

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):12124160
                                                                                  Entropy (8bit):4.1175508751036585
                                                                                  Encrypted:false
                                                                                  SSDEEP:49152:opbNLHjtBKapOZoWPQ8MQvfyf3t+WpskQS+ZSZmpPwoe5GOSwleJiXACPQDk8p8j:o9NDU1eB1
                                                                                  MD5:8A13CBE402E0BBF3DA56315F0EBA7F8E
                                                                                  SHA1:EE8B33FA87D7FA04B9B7766BCF2E2C39C4F641EA
                                                                                  SHA-256:7B5E6A18A805D030779757B5B9C62721200AD899710FF930FC1C72259383278C
                                                                                  SHA-512:46B804321AB1642427572DD141761E559924AF5D015F3F1DD97795FB74B6795408DEAD5EA822D2EB8FBD88E747ECCAD9C3EE8F9884DFDB73E87FAD7B541391DA
                                                                                  Malicious:false
                                                                                  Preview:.................*.\.....................................+................................Ol.....................................">.............................d..3......................A.......@...... t.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................(#......(............... ................Java HotSpot(TM) 64-Bit Server VM (15.0.1+9-18) for windows-amd64 JRE (15.0.1+9-18), built on Sep 15 2020 14:43:54 by "mach5one" with unknown MS VC++:1925....................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\una_front\java.datatransfer.jmod

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:Java jmod module version 1.0
                                                                                  Category:dropped
                                                                                  Size (bytes):51389
                                                                                  Entropy (8bit):7.916683616123071
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:GO5DN7hkJDEnwQm0aCDOdC4Lk1eo8eNEyu/73vVjPx5S+3TYWFwSvZt6xdWDvw:GO5h7hkREnyvo8QBuDNjfvD1/3vw
                                                                                  MD5:8F4C0388762CD566EAE3261FF8E55D14
                                                                                  SHA1:B6C5AA0BBFDDE8058ABFD06637F7BEE055C79F4C
                                                                                  SHA-256:AAEFACDD81ADEEC7DBF9C627663306EF6B8CDCDF8B66E0F46590CAA95CE09650
                                                                                  SHA-512:1EF4D8A9D5457AF99171B0D70A330B702E275DCC842504579E24FC98CC0B276F8F3432782E212589FC52AA93BBBC00A236FE927BE0D832DD083E8F5EBDEB67C2
                                                                                  Malicious:false
                                                                                  Preview:JM..PK.........n/Q................classes/module-info.classeP.N.0..../.$...pAM.D.p..!!..X...m.d'.....P7...biw..Y.?._...pM.m..X.q..2.D8o...o.0.J.s...,...".'..>..F..r..M..G.L......!.je.BG....:v.;..a@...Y...3..?.Y....\.m.).CBwn......'.N..+G+^*#.j...R.A..qV.1o...p.....|._.-N$.!.;X....|....G......qi.W{PK...^0.........PK.........n/Q............-...classes/java/awt/datatransfer/Clipboard.class.X.w.W....c...-.Ii...#.P..........@(`.......3.....R...........<....h..W.z......=.=~....l..DN..............;y.@7..#....2.P.._.WR.b.Km..f......9w1T...A.....d..b.r.Ie.Gq,..U+.kcC.be.*.eTe......K3.usU.2...Pe.4T.aYz....>!..q..3.dL.Q..fh/#..P.t.;.f,.."..7..v.(..K7}.2nZ;.Mg..OuzU..c.....!wR.xz....7...tG..d.ED..3...fs.{n\...x...r.!.#X.6.Ke.v........1n.P......#..P...J....)^.dt....k...k...F5...e$.d...=~Do.*t.2....KX....B.#Ha..U2n.j...+fh&....&.zk,.....>...aQ......kj...:.h.Q.uTv.B ......N....*..r'..x..D.4.`k 76fZ....fG..#.....7.4.:w..6....#...x..>lfh.B'.....'l..V.....5..H..

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\una_front\java.instrument.jmod

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:Java jmod module version 1.0
                                                                                  Category:dropped
                                                                                  Size (bytes):41127
                                                                                  Entropy (8bit):7.961466748192397
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:L0xH2Z5C7/c8GqFsHWShYYptTpmPSB4gTQSq4Yz1jHoAsbjX:wxH66/crqiH3tTVTsSVYz1jIAsfX
                                                                                  MD5:D039093C051B1D555C8F9B245B3D7FA0
                                                                                  SHA1:C81B0DAEDAB28354DEA0634B9AE9E10EE72C4313
                                                                                  SHA-256:4A495FC5D119724F7D40699BB5D2B298B0B87199D09129AEC88BBBDBC279A68D
                                                                                  SHA-512:334FD85ACE22C90F8D4F82886EEF1E6583184369A031DCEE6E0B6624291F231D406A2CEC86397C1B94D535B36A5CF7CB632BB9149B8518B794CBFA1D18A2478F
                                                                                  Malicious:false
                                                                                  Preview:JM..PK.........n/Q................classes/module-info.classU.M..0..../..........LL...*A.$.t.\x..e,U.N.N..7o.....=B+..,.@..:.`.....`....L.,.".B.M......:...._..uBGf.5.M..g..."..8K\..B.".z..|=6.=1.KB..v,.yJ0/......[.r..OU`....Q}...kP.94oh...b..K{...].'PK........#...PK.........n/Q............2...classes/java/lang/instrument/ClassDefinition.class.SMo.@.}.8q.4M.@.h..b;... ..d.RP$.c...#g...#@.....@.G..........7o.......@.-..J.T.eT..'.......tt.=.P9.C_t.J.5... ...Y...z|*.(..TE...e.....(.......v?pg....<...I.1.:....H.U...1.)..p...P.......|...04..Q..2...%..8~.......#..p"...n..<.Uq..=..:.c..1.2...x.o.w..#....^?q.I..:..Y...6...N..c..>2.k.U...L..&V.H...%....y...[.~GJ...B/M......%...t....+.I.E....H..}....m..j_..8C...:.n...(*..z..Z.Q...$....a.}..T.xW.$....52...T.o..mSL_~.L.FM....W.z.I.]....)..e.....A..$..xH...Td...0i..."...0X....PK..X..~........PK.........n/Q............7...classes/java/lang/instrument/ClassFileTransformer.class.S.n.@.=.8.M.n..b^-/..G..

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\una_front\java.logging.jmod

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:Java jmod module version 1.0
                                                                                  Category:dropped
                                                                                  Size (bytes):113725
                                                                                  Entropy (8bit):7.928841651831531
                                                                                  Encrypted:false
                                                                                  SSDEEP:3072:6jB5A+VPT8IdtpHAUfEzhLpIrxbt2rlnH6:6ZRTPHgU2pItshH6
                                                                                  MD5:3A03EF8F05A2D0472AE865D9457DAB32
                                                                                  SHA1:7204170A08115A16A50D5A06C3DE7B0ADB6113B1
                                                                                  SHA-256:584D15427F5B0AC0CE4BE4CAA2B3FC25030A0CF292F890C6D3F35836BC97FA6D
                                                                                  SHA-512:1702C6231DAAB27700160B271C3D6171387F89DA0A97A3725B4B9D404C94713CB09BA175DE8E78A8F0CBD8DD0DD73836A38C59CE8D1BD38B4F57771CF9536E77
                                                                                  Malicious:false
                                                                                  Preview:JM..PK.........n/Q................classes/module-info.classuQ.N.1.=W......n\1.D.5$&....T...2%....\..~..3(......9.6...o....%..:L...x.=..p..L.......".Gm......*..Z9.R+...}x..$.Y,,..-..z..{.v.K..:9m[.dl....Q#t..F$:5c..h.*.^x".8 \N..A!....O....@.0.Z....p]......0_(.mB...=.J..<.k"4....g<......M$,....:Kz|..^.........8q..{...}.*G....p.S.W...l.M.....PK..R...).......PK.........n/Q................classes/java/util/logging/ConsoleHandler.class}S[o.A...KW..jk.....jy...K.b.R.mH|.......2.K....h...G..,..K...s..r......7....d.u....C...y3..j*..2...1..!wx..2T:.T...b.^..`.D[...0....n.cXy#C..e...=.E.....]..%L..<x.....W........z..u.s..a.e..Zq..-.E@n.!..)....F...\.E...<...[.;W..t.i%.mT".w.x..(.m,...r.....tZ..vPepFI_...D..b..0.U...S;....XP.@..C.#Cq..}aNy_..ZG...q#m<;..g2b.]"..Y.....[7."+..#"wOtb..-..."..@..(.>Y0......C.h...?.~..8A.Mp.....N....Z$ .E...."o.E.uz3;..m.P.z.....7...?.'.q>...2mN.gLv...q1..[}..@~..M.....K..sS.....PK....0w........PK.........n/Q............,...classes/ja

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\una_front\java.management.jmod

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:Java jmod module version 1.0
                                                                                  Category:dropped
                                                                                  Size (bytes):896846
                                                                                  Entropy (8bit):7.923431656723031
                                                                                  Encrypted:false
                                                                                  SSDEEP:12288:3xz+ej0yUGnip25kAyyrAm0G4hcpbLIWFWb4YNlgWUz4u5cnLXlAVz/Q+9Ec8zCU:3cZpcryy8mp4hpSxWUQuV//yDXX
                                                                                  MD5:C6FBB7D49CAA027010C2A817D80CA77C
                                                                                  SHA1:4191E275E1154271ABF1E54E85A4FF94F59E7223
                                                                                  SHA-256:1C8D9EFAEB087AA474AD8416C3C2E0E415B311D43BCCA3B67CBF729065065F09
                                                                                  SHA-512:FDDC31FA97AF16470EA2F93E3EF206FFB217E4ED8A5C379D69C512652987E345CB977DB84EDA233B190181C6E6E65C173062A93DB3E6BB9EE7E71472C9BBFE34
                                                                                  Malicious:false
                                                                                  Preview:JM..PK.........n/Q................classes/module-info.class.S.N.A.=-.............^PQP4F..|..]{.........S|...(cu/..i.d.z...[....'.M|`.M.GrI.).1.4...8...V.b.EE.Rg...zV.K......Os.W.S?.e.GY.Q`.od..d..Zf....2>.B.29.D.3L7...M&....8.;..2...}..n..n.g...S. ?..._V..Q..9mBo0L..~dD.t.c.ric..2r5qLvr..V....Sm..I}.}.a..Od$2e..M.v.m..w....L..s.C.;...#.f..Ln.......5..9.2....5......P......M.$V.|;...'mw.Vl.2....D..1%.l.a..o...O....!.......h...9V.L.x..?..n]/.6......iVe..{.4.K..s.[....y..|2....3,`.a.....H69.a.;09.5K.C....a_.G.`Jm...ER......9I.D.n...Wp........%..WI...tf..pg5..SN.8y..Y'.:9....U.pq.....}.]X..aE....^t..x.l...^....m.#.......a."r.l.2..Lf).y.^.h..u....PK....N.i.......PK.........n/Q............0...classes/com/sun/jmx/defaults/JmxProperties.class.UMS#U.=.aH.4.4.....J2...h..6v.L2q.......tS.)F........\.....Y..h2...*...{.......w..8Ha.....p.C.c..C;..^+S...F.0..xNt....J5.$.b.og..9l.g....Q..k......"..I....b....-..^.n..<x..4.$pY.(..,\~.F..0...Z<`X[...(p...u^.

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\utest.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):639224
                                                                                  Entropy (8bit):6.219852228773659
                                                                                  Encrypted:false
                                                                                  SSDEEP:12288:FgLcjQQPKZZK8aF4yBj3Fnx4DMDO8jalo:FggjQKuyDnxvOYaC
                                                                                  MD5:01DACEA3CBE5F2557D0816FC64FAE363
                                                                                  SHA1:566064A9CB1E33DB10681189A45B105CDD504FD4
                                                                                  SHA-256:B4C96B1E5EEE34871D9AB43BCEE8096089742032C0669DF3C9234941AAC3D502
                                                                                  SHA-512:C22BFE54894C26C0BD8A99848B33E1B9A9859B3C0C893CB6039F9486562C98AA4CEAB0D28C98C1038BD62160E03961A255B6F8627A7B2BB51B86CC7D6CBA9151
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*...D..D..D.....D.1J...D...@..D...G..D...A..D...E..D..E..D...E..D..E.O.D...A..D...D..D......D.....D...F..D.Rich..D.........PE..d.....-a.........." ...............................................................E..... .....................................................,.......@....p..xK..................`...T.......................(.......................(............................text............................... ..`.rdata..H=.......>..................@..@.data....H... ...@..................@....pdata..xK...p...L...J..............@..@.rsrc...@...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\vcruntime140.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):98224
                                                                                  Entropy (8bit):6.452201564717313
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:ywqHLG4SsAzAvadZw+1Hcx8uIYNUzUoHA4decbK/zJNuw6z5U:ytrfZ+jPYNzoHA4decbK/FNu51U
                                                                                  MD5:F34EB034AA4A9735218686590CBA2E8B
                                                                                  SHA1:2BC20ACDCB201676B77A66FA7EC6B53FA2644713
                                                                                  SHA-256:9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1
                                                                                  SHA-512:D27D5E65E8206BD7923CF2A3C4384FEC0FC59E8BC29E25F8C03D039F3741C01D1A8C82979D7B88C10B209DB31FBBEC23909E976B3EE593DC33481F0050A445AF
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...%|.a.........." .........`......p................................................{....`A.........................................B..4....J...............p..X....X...'..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\vcruntime140_1.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):37256
                                                                                  Entropy (8bit):6.297533243519742
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:5hnvMCmWEKhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+Xf0+uncS7IO5WrCKWU/tQ0g:YCm5KhUcwrHY/ntTxT6ov07b4SwY1zl
                                                                                  MD5:135359D350F72AD4BF716B764D39E749
                                                                                  SHA1:2E59D9BBCCE356F0FECE56C9C4917A5CACEC63D7
                                                                                  SHA-256:34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32
                                                                                  SHA-512:CF23513D63AB2192C78CAE98BD3FEA67D933212B630BE111FA7E03BE3E92AF38E247EB2D3804437FD0FDA70FDC87916CD24CF1D3911E9F3BFB2CC4AB72B459BA
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D_.O.>...>...>...N...>..RK...>...F^..>...>..1>..RK...>..RK...>..RK...>..RK...>..RK2..>..RK...>..Rich.>..........................PE..d...)|.a.........." .....:...6......`A....................................................`A.........................................l.......m..x....................n...#......<...(b..T............................b..8............P..X............................text...e9.......:.................. ..`.rdata.. "...P...$...>..............@..@.data... ............b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..<............l..............@..B................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\w32-pthreads.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):53576
                                                                                  Entropy (8bit):6.371750593889357
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:ij2SSS5nVoSiH/pOfv3Q3cY37Hx1nI6q:GhSSntiH/pOfvAf3
                                                                                  MD5:E1EEBD44F9F4B52229D6E54155876056
                                                                                  SHA1:052CEA514FC3DA5A23DE6541F97CD4D5E9009E58
                                                                                  SHA-256:D96F2242444A334319B4286403D4BFADAF3F9FCCF390F3DD40BE32FB48CA512A
                                                                                  SHA-512:235BB9516409A55FE7DDB49B4F3179BDCA406D62FD0EC1345ACDDF032B0F3F111C43FF957D4D09AD683D39449C0FFC4C050B387507FADF5384940BD973DAB159
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*.<.K.o.K.o.K.o.3.o.K.oK7.n.K.oK7so.K.oK7.n.K.oK7.n.K.oK7.n.K.o'9.n.K.o.K.o.K.o,6.n.K.o,6.n.K.o,6qo.K.o.K.o.K.o,6.n.K.oRich.K.o........PE..d....Q............" ...#.b...J.......f............................................../.....`............................................X...(...........................H'......8.......p...........................P...@...............@............................text...ha.......b.................. ..`.rdata..P,...........f..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..8...........................@..B........................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\zlib.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):144200
                                                                                  Entropy (8bit):6.592048391646652
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:GjxOs8gLeu4iSssNiTh9Yks32X3KqVy5SmBolzXfqLROJA0o1ZXMvr7Rn6dheIOI:I34iDsG5vm4bfqFKoDmr7h2MHTtwV6K
                                                                                  MD5:3A0DBC5701D20AA87BE5680111A47662
                                                                                  SHA1:BC581374CA1EBE8565DB182AC75FB37413220F03
                                                                                  SHA-256:D53BC4348AD6355C20F75ED16A2F4F641D24881956A7AE8A0B739C0B50CF8091
                                                                                  SHA-512:4740945606636C110AB6C365BD1BE6377A2A9AC224DE6A79AA506183472A9AD0641ECC63E5C5219EE8097ADEF6533AB35E2594D6F8A91788347FDA93CDB0440E
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...&............P....................................................`... ......................................0..|....@..8....p..................H'......................................(....................A..p............................text...............................`..`.data...............................@....rdata...W.......X..................@..@.pdata..............................@..@.xdata..............................@..@.bss......... ...........................edata..|....0......................@..@.idata..8....@......................@....CRT....X....P......................@....tls.........`......................@....rsrc........p......................@....reloc..............................@..B................................................................................................................................

                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Installer\{8373D77F-FFF1-454F-A9BC-057E48DE9D80}\icon_31.exe

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:MS Windows icon resource - 5 icons, 96x96, 32 bits/pixel, 72x72, 32 bits/pixel
                                                                                  Category:dropped
                                                                                  Size (bytes):74814
                                                                                  Entropy (8bit):4.222546221932802
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:ZjEycsRokXVkGKlrBRRRR/ur/f4C2+27g6Do:ZNcs/VkhlYf4CffG
                                                                                  MD5:32BC544E3EB5F62017DDB0E8E22F3048
                                                                                  SHA1:4CAB98A7CABD3C9D6FC99AD1E4663BC06C7D73CF
                                                                                  SHA-256:FAF4A3D5669725D2059158A4039BB03E0A599685C61794687E14D21F3F271132
                                                                                  SHA-512:294AACF59822FE78C0E6D3178988E313A3E42BE997162C77581E9BE334F926881F10A955AA337549CE5889DFA51AB188767521C3B23AD27276EDC1F97FD7D8D1
                                                                                  Malicious:false
                                                                                  Preview:......``.... .....V...HH.... ..T......00.... ..%...... .... ............... .h.......(...`......... ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Windows\Installer\4c6f13.msi

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {B33EC93A-7963-48BA-BFFE-FA8E09A16C9E}, Number of Words: 10, Subject: Joas App, Author: Barsoc Quite Sols, Name of Creating Application: Joas App, Template: x64;2057, Comments: This installer database contains the logic and data required to install Joas App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Wed Jan 15 12:32:58 2025, Last Saved Time/Date: Wed Jan 15 12:32:58 2025, Last Printed: Wed Jan 15 12:32:58 2025, Number of Pages: 450
                                                                                  Category:dropped
                                                                                  Size (bytes):60619566
                                                                                  Entropy (8bit):7.217281824722856
                                                                                  Encrypted:false
                                                                                  SSDEEP:786432:RQ2wxVmrjV7eIAte6OTZeoh7Dam7q6Zy8GVZnBXfj4h/:RQRVmrjV7eIv6OTZecaIqiy8KBXfj4N
                                                                                  MD5:FC2FCA2711E9FF2C2D5919F4C27CD1A1
                                                                                  SHA1:1D0A411878F9EBC1C5C7DA1B2FE812C295A37CBD
                                                                                  SHA-256:52341ADB87A5E79D06901A64002C494E3F431C378193982C30225EAB3B136688
                                                                                  SHA-512:1867D1B64970FFC23505BDD9BEC9F6F6E62E2EE6079C3905881C4BDEC3EDC1655E5F34C54A54C527EEDAB3A42C4B512843C07D6F4374A90C86BC532641F300FA
                                                                                  Malicious:false
                                                                                  Preview:......................>............................................2..................................................................x...............................................................................................................................................%...&...'...(...)...*...................................................Z"..."..E#..F#..G#..H#..I#..J#..K#..L#..M#..N#..O#..P#..Q#..R#..S#..T#..U#...+...+...,...,...,...,...,...,...,..-0...0../0..00...2...2...2...2...2...2...2...2..............d...........................8...............B................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-...7.../...0...1...2...3...4...5...6.......9...M...:...;...<...=...>...?...@...A...D...C...J...E...F...G...H...I...X...K...L...e...N...O...P...Q...R...S...T...U...V...W...("..""..Z...[...\...]...^..._...`...a...b...c.......~...f...g...h...i...j...k...l...m...n...o...p...q...r.......t...u...v...w...x...y...z...

                                                                                  C:\Windows\Installer\4c6f16.msi

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {B33EC93A-7963-48BA-BFFE-FA8E09A16C9E}, Number of Words: 10, Subject: Joas App, Author: Barsoc Quite Sols, Name of Creating Application: Joas App, Template: x64;2057, Comments: This installer database contains the logic and data required to install Joas App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Wed Jan 15 12:32:58 2025, Last Saved Time/Date: Wed Jan 15 12:32:58 2025, Last Printed: Wed Jan 15 12:32:58 2025, Number of Pages: 450
                                                                                  Category:dropped
                                                                                  Size (bytes):60619566
                                                                                  Entropy (8bit):7.217281824722856
                                                                                  Encrypted:false
                                                                                  SSDEEP:786432:RQ2wxVmrjV7eIAte6OTZeoh7Dam7q6Zy8GVZnBXfj4h/:RQRVmrjV7eIv6OTZecaIqiy8KBXfj4N
                                                                                  MD5:FC2FCA2711E9FF2C2D5919F4C27CD1A1
                                                                                  SHA1:1D0A411878F9EBC1C5C7DA1B2FE812C295A37CBD
                                                                                  SHA-256:52341ADB87A5E79D06901A64002C494E3F431C378193982C30225EAB3B136688
                                                                                  SHA-512:1867D1B64970FFC23505BDD9BEC9F6F6E62E2EE6079C3905881C4BDEC3EDC1655E5F34C54A54C527EEDAB3A42C4B512843C07D6F4374A90C86BC532641F300FA
                                                                                  Malicious:false
                                                                                  Preview:......................>............................................2..................................................................x...............................................................................................................................................%...&...'...(...)...*...................................................Z"..."..E#..F#..G#..H#..I#..J#..K#..L#..M#..N#..O#..P#..Q#..R#..S#..T#..U#...+...+...,...,...,...,...,...,...,..-0...0../0..00...2...2...2...2...2...2...2...2..............d...........................8...............B................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-...7.../...0...1...2...3...4...5...6.......9...M...:...;...<...=...>...?...@...A...D...C...J...E...F...G...H...I...X...K...L...e...N...O...P...Q...R...S...T...U...V...W...("..""..Z...[...\...]...^..._...`...a...b...c.......~...f...g...h...i...j...k...l...m...n...o...p...q...r.......t...u...v...w...x...y...z...

                                                                                  C:\Windows\Installer\MSI778F.tmp

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):1021792
                                                                                  Entropy (8bit):6.608727172078022
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                  MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                  SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                  SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                  SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                  C:\Windows\Installer\MSI77FE.tmp

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):1021792
                                                                                  Entropy (8bit):6.608727172078022
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                  MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                  SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                  SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                  SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                  C:\Windows\Installer\MSI783D.tmp

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):1021792
                                                                                  Entropy (8bit):6.608727172078022
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                  MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                  SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                  SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                  SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                  C:\Windows\Installer\MSI786D.tmp

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):1021792
                                                                                  Entropy (8bit):6.608727172078022
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                  MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                  SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                  SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                  SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                  C:\Windows\Installer\MSI78AD.tmp

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):1201504
                                                                                  Entropy (8bit):6.4557937684843365
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:W4FsQxRqkY1ngOktwC2Tec+4VGWSlnH/YrjPWeTIUGVUrHtAkJMsFUh29BKjxw:D2QxNwCsec+4VGWSlnfYvO3UGVUrHtAg
                                                                                  MD5:E83D774F643972B8ECCDB3A34DA135C5
                                                                                  SHA1:A58ECCFB12D723C3460563C5191D604DEF235D15
                                                                                  SHA-256:D0A6F6373CFB902FCD95BC12360A9E949F5597B72C01E0BD328F9B1E2080B5B7
                                                                                  SHA-512:CB5FF0E66827E6A1FA27ABDD322987906CFDB3CDB49248EFEE04D51FEE65E93B5D964FF78095866E197448358A9DE9EC7F45D4158C0913CBF0DBD849883A6E90
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............@G..@G..@G.yCF..@G.yEF..@G.|CF..@G.|DF..@G.|EF..@G.yDF..@G.yAF..@G..AG..@G.}IF..@G.}@F..@G.}.G..@G...G..@G.}BF..@GRich..@G........PE..L...'.$g.........."!...).~..........Pq.......................................`......0.....@A........................ ...t...............................`=.......l......p........................... ...@...............L............................text...J}.......~.................. ..`.rdata...;.......<..................@..@.data...............................@....fptable............................@....rsrc...............................@..@.reloc...l.......n..................@..B........................................................................................................................................................................................................................................................

                                                                                  C:\Windows\Installer\MSI790B.tmp

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):1021792
                                                                                  Entropy (8bit):6.608727172078022
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                  MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                  SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                  SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                  SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                  C:\Windows\Installer\MSI793B.tmp

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):1021792
                                                                                  Entropy (8bit):6.608727172078022
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                  MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                  SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                  SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                  SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                  C:\Windows\Installer\MSI9715.tmp

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):380520
                                                                                  Entropy (8bit):6.512348002260683
                                                                                  Encrypted:false
                                                                                  SSDEEP:6144:ZSXJmYiFGLzkhEFeCPGi5B8dZ6t+6bUSfcqKgAST:ZSXJ9khElPGvcttbxpAST
                                                                                  MD5:FFDAACB43C074A8CB9A608C612D7540B
                                                                                  SHA1:8F054A7F77853DE365A7763D93933660E6E1A890
                                                                                  SHA-256:7484797EA4480BC71509FA28B16E607F82323E05C44F59FFA65DB3826ED1B388
                                                                                  SHA-512:A9BD31377F7A6ECF75B1D90648847CB83D8BD65AD0B408C4F8DE6EB50764EEF1402E7ACDFF375B7C3B07AC9F94184BD399A10A22418DB474908B5E7A1ADFE263
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^..?{..?{..?{..x..?{..~..?{...x..?{......?{...~..?{.....?{..z..?{..?z..>{..r..?{..{..?{....?{..?.?{..y..?{.Rich.?{.........PE..L...>.$g.........."!...)..................... .......................................'....@A........................@3..X....3.......... ...............h:.......6..@...p...............................@............ ..(............................text...J........................... ..`.rdata...$... ...&..................@..@.data....!...P......................@....fptable.............@..............@....rsrc... ............B..............@..@.reloc...6.......8...\..............@..B........................................................................................................................................................................................................................................................

                                                                                  C:\Windows\Installer\MSI9D30.tmp

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):93971
                                                                                  Entropy (8bit):4.974083109842262
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:nYdIq+Jgw9WTDYx7jEycsRokXVkGKlrBRRRR/ur/f4C2+27g6DoM2i5:n+Iq+JL9WTDYZNcs/VkhlYf4CffG2g
                                                                                  MD5:7D66AFF56B6CC752FB663E406CD64A86
                                                                                  SHA1:8F892F387F037D4AF37115A1D5AEF15469E17EB9
                                                                                  SHA-256:1737598DFB2EFC6E368E54C9531B6CD474A3CEC40B2FDA0990A896A73FF749C4
                                                                                  SHA-512:905229BFB8309EEF2821DE6C1173AC8E2A176178E27D75221DCA5994A5C1A8E3840D45965D96859AF6D4B13383BFA6BDA44EA4F98EC8D21CABAED3C6D6A525C8
                                                                                  Malicious:false
                                                                                  Preview:...@IXOS.@.....@OQ/Z.@.....@.....@.....@.....@.....@......&.{8373D77F-FFF1-454F-A9BC-057E48DE9D80}..Joas App..setup.msi.@.....@.....@.....@......icon_31.exe..&.{B33EC93A-7963-48BA-BFFE-FA8E09A16C9E}.....@.....@.....@.....@.......@.....@.....@.......@......Joas App......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@2....@.....@.]....&.{F39C344E-A83E-4760-8DA8-F27602095B4F};.C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\.@.......@.....@.....@......&.{BC83E781-7DE2-47A8-97C3-2E6CC9BCAD82}/.21:\Software\Barsoc Quite Sols\Joas App\Version.@.......@.....@.....@......&.{279C32E3-A00A-4513-9A8B-D3984A41A6FB}D.C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\utest.dll.@.......@.....@.....@......&.{B61B35E4-8BE1-4171-B69B-E2423CE9179F}K.C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\vcruntime140.dll.@.......@.....@.....@......&.{FDDB96EE-847D-4B25-85B1

                                                                                  C:\Windows\Installer\MSI9D31.tmp

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):787808
                                                                                  Entropy (8bit):6.693392695195763
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:aE33f8zyjmfyY43pNRmkL7mh0lhSMXlEeGXDMGz+:L3fSyjmfyY43pNRp7T0eGwGz+
                                                                                  MD5:8CF47242B5DF6A7F6D2D7AF9CC3A7921
                                                                                  SHA1:B51595A8A113CF889B0D1DD4B04DF16B3E18F318
                                                                                  SHA-256:CCB57BDBB19E1AEB2C8DD3845CDC53880C1979284E7B26A1D8AE73BBEAF25474
                                                                                  SHA-512:748C4767D258BFA6AD2664AA05EF7DC16F2D204FAE40530430EF5D1F38C8F61F074C6EC6501489053195B6B6F6E02D29FDE970D74C6AE97649D8FE1FD342A288
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............m..m..m.'n..m.'h.q.m.'i..m.."i..m.."n..m.."h..m.'l..m..l..m.#d..m.#m..m.#...m.....m.#o..m.Rich.m.........PE..L.....$g.........."!...).....4............................................... ............@A........................@J.......J..........................`=......4`...~..p........................... ~..@............................................text............................... ..`.rdata..Z...........................@..@.data...D-...`.......B..............@....fptable.............^..............@....rsrc................`..............@..@.reloc..4`.......b...f..............@..B........................................................................................................................................................................................................................................................

                                                                                  C:\Windows\Installer\SourceHash{8373D77F-FFF1-454F-A9BC-057E48DE9D80}

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                  Category:dropped
                                                                                  Size (bytes):20480
                                                                                  Entropy (8bit):1.1614929551120123
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:JSbX72FjumSAGiLIlHVRpMh/7777777777777777777777777vDHFicp3Xl0i8Q:JqQI5cEe6F
                                                                                  MD5:CA02326FD7C446453CB8D9142D8751F0
                                                                                  SHA1:74B1129C0E52A920B9C7AD96E1923378B41C76F8
                                                                                  SHA-256:1FB7AC98160947348EAFA593DE1C360531D70A56BE8166286C90D47F4711EF1A
                                                                                  SHA-512:AC1F4BC34FFC5CC7A35FDA2BFC198E145F1C6B0193439A9870B2C69C3015112C1FF800458D7425CF9CF05D6DD40DF4F1968EF04C3E64BF6EFC082224A18D7B22
                                                                                  Malicious:false
                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                  Category:dropped
                                                                                  Size (bytes):20480
                                                                                  Entropy (8bit):1.5682489936742412
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:v8Ph4uRc06WXJ8nT5zCSMoAErCyqS9bXwSETa3:uh41fnTo5wCBiXwe
                                                                                  MD5:CADE4849E392AE787489E42234A3821F
                                                                                  SHA1:F6BE40E1E81FE9A708EBF5FFCE0199B0304955FC
                                                                                  SHA-256:CA4608925D13A1587320B49A56BA6351BE81F19DFC6856B1AD38202068E755E8
                                                                                  SHA-512:16C743A9064D3A37800DAEB72374B3BDE48668F47A006BD45F4AAFD2EFFAB0287135329F0EA61595579A2E9A983533F7253479894FBCA7E1F588799780393F46
                                                                                  Malicious:false
                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):364484
                                                                                  Entropy (8bit):5.365492501184466
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauK:zTtbmkExhMJCIpE5
                                                                                  MD5:B683F7A239C476001D1DEC18B2508E5A
                                                                                  SHA1:478E8A2325D05074CB1B00E6B1892A406980C79D
                                                                                  SHA-256:A8B0A1219A456BBB86607B17DE34C3DD17DC4359EDBD6A67ED456FD477AA928B
                                                                                  SHA-512:ADC18FCEFB4F584879052DF043143C85285DE49BA7C34075C15638C8ADBD69164CFD451B5F446495EA4BB7ECC47FBD4652853C0AA6ABF4FFEA3FC47AE0DB20B0
                                                                                  Malicious:false
                                                                                  Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                  C:\Windows\Temp\~DF3A92D711897EA323.TMP

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):512
                                                                                  Entropy (8bit):0.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3::
                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                  Malicious:false
                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Windows\Temp\~DF45E986A8C2542CBF.TMP

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                  Category:dropped
                                                                                  Size (bytes):32768
                                                                                  Entropy (8bit):1.256281733167795
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:uVwuuBM+CFXJTT5EdCSMoAErCyqS9bXwSETa3:CwfgrTuI5wCBiXwe
                                                                                  MD5:CCF8DC327F312C4A53E989E8654C6420
                                                                                  SHA1:D099EA246A0269D30F2945297D668791077A98E4
                                                                                  SHA-256:A53DD59CBB12A8CF3AD6A261F463AB579ADE9A5C73F631E2766799EAB3F061C0
                                                                                  SHA-512:17A3340CAD1CCA8F55B0C71A2B2E835BF84843E8F8065D56BBA4488291BF292D6AAB9C6594D643A2BF2FAA15E72F0F9B5BA9FB63D7DF2C9901A3B359FF7C5B4F
                                                                                  Malicious:false
                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Windows\Temp\~DF59217637B1B2CB4E.TMP

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                  Category:dropped
                                                                                  Size (bytes):20480
                                                                                  Entropy (8bit):1.5682489936742412
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:v8Ph4uRc06WXJ8nT5zCSMoAErCyqS9bXwSETa3:uh41fnTo5wCBiXwe
                                                                                  MD5:CADE4849E392AE787489E42234A3821F
                                                                                  SHA1:F6BE40E1E81FE9A708EBF5FFCE0199B0304955FC
                                                                                  SHA-256:CA4608925D13A1587320B49A56BA6351BE81F19DFC6856B1AD38202068E755E8
                                                                                  SHA-512:16C743A9064D3A37800DAEB72374B3BDE48668F47A006BD45F4AAFD2EFFAB0287135329F0EA61595579A2E9A983533F7253479894FBCA7E1F588799780393F46
                                                                                  Malicious:false
                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Windows\Temp\~DF6A3EA6C66735F5E9.TMP

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):512
                                                                                  Entropy (8bit):0.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3::
                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                  Malicious:false
                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Windows\Temp\~DF98411967D65CC1BA.TMP

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):512
                                                                                  Entropy (8bit):0.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3::
                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                  Malicious:false
                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Windows\Temp\~DFA06D146AD808222A.TMP

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):512
                                                                                  Entropy (8bit):0.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3::
                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                  Malicious:false
                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Windows\Temp\~DFA08FED2D3C677D89.TMP

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):32768
                                                                                  Entropy (8bit):0.06882939355479753
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOiCCyVky6l3X:2F0i8n0itFzDHFi93X
                                                                                  MD5:49F97E52053066B2F3B6BCD8A148B449
                                                                                  SHA1:FD6007DCEA122716BCFBAF0CB2E8B67D94E378A9
                                                                                  SHA-256:352D053743AF56D446FCE63190ED623EC097EDFEBB59C8DE12EF8F468ADB6747
                                                                                  SHA-512:15C974523A7EC6F947AF9BAE30C3A6EAF99C6DF91D57277DC6749F5AB4765720BF60B37AA78E9B05A2A82DD824E82B822F727AD448C9D808F71010019E1F1E11
                                                                                  Malicious:false
                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Windows\Temp\~DFB5D9A40EAB102F10.TMP

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                  Category:dropped
                                                                                  Size (bytes):32768
                                                                                  Entropy (8bit):1.256281733167795
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:uVwuuBM+CFXJTT5EdCSMoAErCyqS9bXwSETa3:CwfgrTuI5wCBiXwe
                                                                                  MD5:CCF8DC327F312C4A53E989E8654C6420
                                                                                  SHA1:D099EA246A0269D30F2945297D668791077A98E4
                                                                                  SHA-256:A53DD59CBB12A8CF3AD6A261F463AB579ADE9A5C73F631E2766799EAB3F061C0
                                                                                  SHA-512:17A3340CAD1CCA8F55B0C71A2B2E835BF84843E8F8065D56BBA4488291BF292D6AAB9C6594D643A2BF2FAA15E72F0F9B5BA9FB63D7DF2C9901A3B359FF7C5B4F
                                                                                  Malicious:false
                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Windows\Temp\~DFBC8FAD77BCD6580F.TMP

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                  Category:dropped
                                                                                  Size (bytes):20480
                                                                                  Entropy (8bit):1.5682489936742412
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:v8Ph4uRc06WXJ8nT5zCSMoAErCyqS9bXwSETa3:uh41fnTo5wCBiXwe
                                                                                  MD5:CADE4849E392AE787489E42234A3821F
                                                                                  SHA1:F6BE40E1E81FE9A708EBF5FFCE0199B0304955FC
                                                                                  SHA-256:CA4608925D13A1587320B49A56BA6351BE81F19DFC6856B1AD38202068E755E8
                                                                                  SHA-512:16C743A9064D3A37800DAEB72374B3BDE48668F47A006BD45F4AAFD2EFFAB0287135329F0EA61595579A2E9A983533F7253479894FBCA7E1F588799780393F46
                                                                                  Malicious:false
                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Windows\Temp\~DFC92DB81CE005BA7D.TMP

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):512
                                                                                  Entropy (8bit):0.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3::
                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                  Malicious:false
                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Windows\Temp\~DFCB553BB883741C22.TMP

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                  Category:dropped
                                                                                  Size (bytes):32768
                                                                                  Entropy (8bit):1.256281733167795
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:uVwuuBM+CFXJTT5EdCSMoAErCyqS9bXwSETa3:CwfgrTuI5wCBiXwe
                                                                                  MD5:CCF8DC327F312C4A53E989E8654C6420
                                                                                  SHA1:D099EA246A0269D30F2945297D668791077A98E4
                                                                                  SHA-256:A53DD59CBB12A8CF3AD6A261F463AB579ADE9A5C73F631E2766799EAB3F061C0
                                                                                  SHA-512:17A3340CAD1CCA8F55B0C71A2B2E835BF84843E8F8065D56BBA4488291BF292D6AAB9C6594D643A2BF2FAA15E72F0F9B5BA9FB63D7DF2C9901A3B359FF7C5B4F
                                                                                  Malicious:false
                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Windows\Temp\~DFF3C7A797E5A0F76F.TMP

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):73728
                                                                                  Entropy (8bit):0.13865103930815698
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:VPJZRvTx0VipV0703MoAEV0yjCyqipV0sVQwGcr808U+j:t3JTQS5MoAErCyqS9bXVU
                                                                                  MD5:C67C4220A28BF83A20926DB0D4A0BA2B
                                                                                  SHA1:1BD88B229DD4C6B2A1C4033790706F8B0039AA5F
                                                                                  SHA-256:F4B5771AA92A4A15CA0E9CC058FC17CA85C84F94F1FAA0A579C9DF66B6EEA7C3
                                                                                  SHA-512:BFBD0ADD6DB85F2CA5E518B0E9A00F8E7A8549CA6E39E180C7792537E665AA4D18C91E6EE8FA5F194D7B74890A4535D117DC9C422A5230611B87742FE3079C9F
                                                                                  Malicious:false
                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  \Device\ConDrv

                                                                                  Download File
                                                                                  Process:C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exe
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):638
                                                                                  Entropy (8bit):4.751962275036146
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:ku/L92WF4gx9l+jsPczo/CdaD0gwiSrlEX6OPkRVdoaQLeU4wv:ku/h5F4Bs0oCdalwisCkRVKVeU4wv
                                                                                  MD5:15CA959638E74EEC47E0830B90D0696E
                                                                                  SHA1:E836936738DCB6C551B6B76054F834CFB8CC53E5
                                                                                  SHA-256:57F2C730C98D62D6C84B693294F6191FD2BEC7D7563AD9963A96AE87ABEBF9EE
                                                                                  SHA-512:101390C5D2FA93162804B589376CF1E4A1A3DD4BDF4B6FE26D807AFC3FF80DA26EE3BAEB731D297A482165DE7CA48508D6EAA69A5509168E9CEF20B4A88A49FD
                                                                                  Malicious:false
                                                                                  Preview:[createdump] createdump [options] pid..-f, --name - dump path and file name. The default is '%TEMP%\dump.%p.dmp'. These specifiers are substituted with following values:.. %p PID of dumped process... %e The process executable filename... %h Hostname return by gethostname()... %t Time of dump, expressed as seconds since the Epoch, 1970-01-01 00:00:00 +0000 (UTC)...-n, --normal - create minidump...-h, --withheap - create minidump with heap (default)...-t, --triage - create triage minidump...-u, --full - create full core dump...-d, --diag - enable diagnostic messages...-v, --verbose - enable verbose diagnostic messages...

                                                                                  Static File Info

                                                                                  General

                                                                                  File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {B33EC93A-7963-48BA-BFFE-FA8E09A16C9E}, Number of Words: 10, Subject: Joas App, Author: Barsoc Quite Sols, Name of Creating Application: Joas App, Template: x64;2057, Comments: This installer database contains the logic and data required to install Joas App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Wed Jan 15 12:32:58 2025, Last Saved Time/Date: Wed Jan 15 12:32:58 2025, Last Printed: Wed Jan 15 12:32:58 2025, Number of Pages: 450
                                                                                  Entropy (8bit):7.217281824722856
                                                                                  TrID:
                                                                                  • Windows SDK Setup Transform Script (63028/2) 88.73%
                                                                                  • Generic OLE2 / Multistream Compound File (8008/1) 11.27%
                                                                                  File name:setup.msi
                                                                                  File size:60'619'566 bytes
                                                                                  MD5:fc2fca2711e9ff2c2d5919f4c27cd1a1
                                                                                  SHA1:1d0a411878f9ebc1c5c7da1b2fe812c295a37cbd
                                                                                  SHA256:52341adb87a5e79d06901a64002c494e3f431c378193982c30225eab3b136688
                                                                                  SHA512:1867d1b64970ffc23505bdd9bec9f6f6e62e2ee6079c3905881c4bdec3edc1655e5f34c54a54c527eedab3a42c4b512843c07d6f4374a90c86bc532641f300fa
                                                                                  SSDEEP:786432:RQ2wxVmrjV7eIAte6OTZeoh7Dam7q6Zy8GVZnBXfj4h/:RQRVmrjV7eIv6OTZecaIqiy8KBXfj4N
                                                                                  TLSH:A8D76C01B3FA4148F2F75E717EBA45A594BABD521B30C0EF1244A60E1B72BC25BB1763
                                                                                  File Content Preview:........................>............................................2..................................................................x......................................................................................................................

                                                                                  File Icon

                                                                                  Icon Hash:2d2e3797b32b2b99

                                                                                  Network Behavior

                                                                                  Suricata IDS Alerts

                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                  2025-01-15T16:10:28.604111+01002829202ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA1192.168.2.549704188.114.96.3443TCP

                                                                                  Network Port Distribution

                                                                                  TCP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Jan 15, 2025 16:10:28.089534998 CET49704443192.168.2.5188.114.96.3
                                                                                  Jan 15, 2025 16:10:28.089560032 CET44349704188.114.96.3192.168.2.5
                                                                                  Jan 15, 2025 16:10:28.089639902 CET49704443192.168.2.5188.114.96.3
                                                                                  Jan 15, 2025 16:10:28.091662884 CET49704443192.168.2.5188.114.96.3
                                                                                  Jan 15, 2025 16:10:28.091675043 CET44349704188.114.96.3192.168.2.5
                                                                                  Jan 15, 2025 16:10:28.561186075 CET44349704188.114.96.3192.168.2.5
                                                                                  Jan 15, 2025 16:10:28.561302900 CET49704443192.168.2.5188.114.96.3
                                                                                  Jan 15, 2025 16:10:28.601450920 CET49704443192.168.2.5188.114.96.3
                                                                                  Jan 15, 2025 16:10:28.601471901 CET44349704188.114.96.3192.168.2.5
                                                                                  Jan 15, 2025 16:10:28.601818085 CET44349704188.114.96.3192.168.2.5
                                                                                  Jan 15, 2025 16:10:28.601965904 CET49704443192.168.2.5188.114.96.3
                                                                                  Jan 15, 2025 16:10:28.603910923 CET49704443192.168.2.5188.114.96.3
                                                                                  Jan 15, 2025 16:10:28.604057074 CET49704443192.168.2.5188.114.96.3
                                                                                  Jan 15, 2025 16:10:28.604084969 CET44349704188.114.96.3192.168.2.5
                                                                                  Jan 15, 2025 16:10:29.007054090 CET44349704188.114.96.3192.168.2.5
                                                                                  Jan 15, 2025 16:10:29.007143974 CET49704443192.168.2.5188.114.96.3
                                                                                  Jan 15, 2025 16:10:29.007145882 CET44349704188.114.96.3192.168.2.5
                                                                                  Jan 15, 2025 16:10:29.007210016 CET49704443192.168.2.5188.114.96.3
                                                                                  Jan 15, 2025 16:10:29.007819891 CET49704443192.168.2.5188.114.96.3
                                                                                  Jan 15, 2025 16:10:29.007819891 CET49704443192.168.2.5188.114.96.3
                                                                                  Jan 15, 2025 16:10:29.007847071 CET44349704188.114.96.3192.168.2.5
                                                                                  Jan 15, 2025 16:10:29.008016109 CET49704443192.168.2.5188.114.96.3

                                                                                  UDP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Jan 15, 2025 16:10:27.844758987 CET5978353192.168.2.51.1.1.1
                                                                                  Jan 15, 2025 16:10:28.084088087 CET53597831.1.1.1192.168.2.5

                                                                                  DNS Queries

                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                  Jan 15, 2025 16:10:27.844758987 CET192.168.2.51.1.1.10x453Standard query (0)staticmaxepress.comA (IP address)IN (0x0001)false

                                                                                  DNS Answers

                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                  Jan 15, 2025 16:10:28.084088087 CET1.1.1.1192.168.2.50x453No error (0)staticmaxepress.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                  Jan 15, 2025 16:10:28.084088087 CET1.1.1.1192.168.2.50x453No error (0)staticmaxepress.com188.114.97.3A (IP address)IN (0x0001)false

                                                                                  HTTP Request Dependency Graph

                                                                                  • staticmaxepress.com

                                                                                  HTTPS Proxied Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  0192.168.2.549704188.114.96.34432888C:\Windows\SysWOW64\msiexec.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2025-01-15 15:10:28 UTC198OUTPOST /updater2.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded; charset=utf-8
                                                                                  User-Agent: AdvancedInstaller
                                                                                  Host: staticmaxepress.com
                                                                                  Content-Length: 71
                                                                                  Cache-Control: no-cache
                                                                                  2025-01-15 15:10:28 UTC71OUTData Raw: 44 61 74 65 3d 31 35 25 32 46 30 31 25 32 46 32 30 32 35 26 54 69 6d 65 3d 31 30 25 33 41 31 30 25 33 41 32 36 26 42 75 69 6c 64 56 65 72 73 69 6f 6e 3d 39 2e 31 2e 34 26 53 6f 72 6f 71 56 69 6e 73 3d 54 72 75 65
                                                                                  Data Ascii: Date=15%2F01%2F2025&Time=10%3A10%3A26&BuildVersion=9.1.4&SoroqVins=True
                                                                                  2025-01-15 15:10:29 UTC835INHTTP/1.1 500 Internal Server Error
                                                                                  Date: Wed, 15 Jan 2025 15:10:28 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Cache-Control: no-store
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SKgE22i8dsrPP4DPHsscSsepLBm2CwZBevhaf64OjIbOd0sGKtaHCHoXV0GMfgfq8z9vEo%2BnZ%2F%2BpnMrCMyLmydI1umCfZKwHUHrvNPecoumVQMAgPGbj%2BK06quRJGGgwrcNNmUKa"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 9026caf51dbe43d3-EWR
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1590&min_rtt=1583&rtt_var=608&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2846&recv_bytes=929&delivery_rate=1779402&cwnd=238&unsent_bytes=0&cid=0cf53c5f53d647c9&ts=463&x=0"
                                                                                  2025-01-15 15:10:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Statistics

                                                                                  CPU Usage

                                                                                  Click to jump to process

                                                                                  Memory Usage

                                                                                  Click to jump to process

                                                                                  High Level Behavior Distribution

                                                                                  Click to dive into process behavior distribution

                                                                                  Behavior

                                                                                  Click to jump to process

                                                                                  System Behavior

                                                                                  General

                                                                                  Target ID:0
                                                                                  Start time:10:10:16
                                                                                  Start date:15/01/2025
                                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi"
                                                                                  Imagebase:0x7ff6fe830000
                                                                                  File size:69'632 bytes
                                                                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:1
                                                                                  Start time:10:10:16
                                                                                  Start date:15/01/2025
                                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                  Imagebase:0x7ff6fe830000
                                                                                  File size:69'632 bytes
                                                                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:3
                                                                                  Start time:10:10:18
                                                                                  Start date:15/01/2025
                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding B91CBCAFE99AE17FCB8B82C57B495F0F
                                                                                  Imagebase:0x5d0000
                                                                                  File size:59'904 bytes
                                                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:4
                                                                                  Start time:10:10:28
                                                                                  Start date:15/01/2025
                                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss9DE7.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi9DD4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr9DD5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr9DD6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
                                                                                  Imagebase:0x90000
                                                                                  File size:433'152 bytes
                                                                                  MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:5
                                                                                  Start time:10:10:28
                                                                                  Start date:15/01/2025
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff6d64d0000
                                                                                  File size:862'208 bytes
                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:7
                                                                                  Start time:10:10:35
                                                                                  Start date:15/01/2025
                                                                                  Path:C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\obs-ffmpeg-mux.exe"
                                                                                  Imagebase:0x7ff65ee10000
                                                                                  File size:35'656 bytes
                                                                                  MD5 hash:D3CAC4D7B35BACAE314F48C374452D71
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Antivirus matches:
                                                                                  • Detection: 0%, ReversingLabs
                                                                                  Reputation:moderate
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:8
                                                                                  Start time:10:10:35
                                                                                  Start date:15/01/2025
                                                                                  Path:C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Users\user\AppData\Roaming\Barsoc Quite Sols\Joas App\createdump.exe"
                                                                                  Imagebase:0x7ff71baa0000
                                                                                  File size:57'488 bytes
                                                                                  MD5 hash:71F796B486C7FAF25B9B16233A7CE0CD
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Antivirus matches:
                                                                                  • Detection: 0%, ReversingLabs
                                                                                  Reputation:moderate
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:9
                                                                                  Start time:10:10:35
                                                                                  Start date:15/01/2025
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff6d64d0000
                                                                                  File size:862'208 bytes
                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:10
                                                                                  Start time:10:10:35
                                                                                  Start date:15/01/2025
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff6d64d0000
                                                                                  File size:862'208 bytes
                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  Disassembly

                                                                                  Reset < >

                                                                                    Executed Functions

                                                                                    Function 073D1B50 Relevance: 4.0, Strings: 3, Instructions: 203COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2241984424.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_73d0000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: $p$$p$$p
                                                                                    • API String ID: 0-4193490398
                                                                                    • Opcode ID: 937548983778792c3be2d6177882a21aa394ac5bdb7d65b2d9659069cb86e9de
                                                                                    • Instruction ID: 7431eab8f07da5e9fbab98ea5ca11572b4865667ef12ee7109fa1e768cb01793
                                                                                    • Opcode Fuzzy Hash: 937548983778792c3be2d6177882a21aa394ac5bdb7d65b2d9659069cb86e9de
                                                                                    • Instruction Fuzzy Hash: 7C6118B270821A9FEB259F68E4406BA7BE6AF85310F19807AE549CB251DB31CD40C7A1
                                                                                    Function 073D1B35 Relevance: 2.6, Strings: 2, Instructions: 90COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2241984424.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_73d0000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: $p$$p
                                                                                    • API String ID: 0-580715581
                                                                                    • Opcode ID: ee36cc0e474816e26d133ff271fe6fca08fa6fb7f251b132e548b2eda0d2d4e7
                                                                                    • Instruction ID: 2f37f7397c95f5dd6c028449334aba5b51017ab08cf2bc642d4670dea4195379
                                                                                    • Opcode Fuzzy Hash: ee36cc0e474816e26d133ff271fe6fca08fa6fb7f251b132e548b2eda0d2d4e7
                                                                                    • Instruction Fuzzy Hash: EA31CEF2A0420EDFEB24CF25E5807A9B7F6AF41210F1A80A6E44D8B151E375DD84CB91
                                                                                    Function 068B8460 Relevance: .3, Instructions: 266COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2240095063.00000000068B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_68b0000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b412864ad5d98db5c7b1b890a7e2d03dca591fbd876f8f6d8e3eff1d9099e606
                                                                                    • Instruction ID: 5f2aefa8b430ff45b24f49f0aed0e396fb9e9649995bbc9ad3e2d4d9060c029a
                                                                                    • Opcode Fuzzy Hash: b412864ad5d98db5c7b1b890a7e2d03dca591fbd876f8f6d8e3eff1d9099e606
                                                                                    • Instruction Fuzzy Hash: 8BA18A75E002088FDB54DFA4D944AAEBBF6FF84314F258558E902EB364DB74AD49CB80
                                                                                    Function 068B8BB0 Relevance: .2, Instructions: 200COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2240095063.00000000068B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_68b0000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1a1a9ffa23a5572528a376ae4dfffa401f916b1895d8446a0c26798afb95debc
                                                                                    • Instruction ID: a57d74410cde2388b7d4f5f572ee76f4577fb650300b78117a913b4ad647b5d5
                                                                                    • Opcode Fuzzy Hash: 1a1a9ffa23a5572528a376ae4dfffa401f916b1895d8446a0c26798afb95debc
                                                                                    • Instruction Fuzzy Hash: C871EE70A00649CFCB14DF68C884A9EBBF6EF85314F18856AD516DB751DB70AC42CB90
                                                                                    Function 068B8D1E Relevance: .2, Instructions: 188COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2240095063.00000000068B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_68b0000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c2dd088832f9f438888bb6c42bd78aa6d6915da244f148c6b745459c1cc35ec3
                                                                                    • Instruction ID: 4d1db5b517a6928d02f21e9d99409db5ef2702fb9598294e644d93d1e4ad94c2
                                                                                    • Opcode Fuzzy Hash: c2dd088832f9f438888bb6c42bd78aa6d6915da244f148c6b745459c1cc35ec3
                                                                                    • Instruction Fuzzy Hash: 85714A70E006489FDB58DFA4D494BAEBBF6BF88304F248529D512EB351DB70AD45CB80
                                                                                    Function 068B8941 Relevance: .1, Instructions: 140COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2240095063.00000000068B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_68b0000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f224055c639c7a28bc6584d7e24866cb6b79975440f153740fc60e88fde7892c
                                                                                    • Instruction ID: da7c3bb20490026bf1b5175af45ad15a66c5bbb11af1089fe66560ce765d45c0
                                                                                    • Opcode Fuzzy Hash: f224055c639c7a28bc6584d7e24866cb6b79975440f153740fc60e88fde7892c
                                                                                    • Instruction Fuzzy Hash: 3151CE79B402008FDB18DB74C855BAE7BF6EF89750F185569D502EB3A0CB34AC41CB90
                                                                                    Function 068B8B9B Relevance: .1, Instructions: 115COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2240095063.00000000068B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_68b0000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 896bf9f405239ffc1a63fed24cc57f22f34e40d8aa182215bd41075cc8637871
                                                                                    • Instruction ID: 9bbb6f514dee17e84219a6e47dccb8d66d05d3b8f32f55d042945f3d8c904b7f
                                                                                    • Opcode Fuzzy Hash: 896bf9f405239ffc1a63fed24cc57f22f34e40d8aa182215bd41075cc8637871
                                                                                    • Instruction Fuzzy Hash: 8B418EB0E00648CFDB58DFA5C89479EBBF6BF84304F14856AD406EB751DB70A845CB80
                                                                                    Function 068B3D08 Relevance: .1, Instructions: 111COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2240095063.00000000068B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_68b0000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cde6b77be2ca07486a3a635976a1a05e261d0001614e1388659b24e3110c2940
                                                                                    • Instruction ID: 4390ce581917c26b6371600c67de95530e33129842a3c281d8ef1da4c2943959
                                                                                    • Opcode Fuzzy Hash: cde6b77be2ca07486a3a635976a1a05e261d0001614e1388659b24e3110c2940
                                                                                    • Instruction Fuzzy Hash: 724136B4A006099FCB05CF59D594AEEFBB1FF48310B25826AD915AB365C732FC51CBA0
                                                                                    Function 02C1D005 Relevance: .0, Instructions: 45COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2236776867.0000000002C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C1D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_2c1d000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 78c264b05210f761ae527a798fa17dec90220ff02d5a1eca1cad8d428d75cefb
                                                                                    • Instruction ID: f74d721677d9b7e780065622fd5030c95629c51109a7fa0cf44a45495a099690
                                                                                    • Opcode Fuzzy Hash: 78c264b05210f761ae527a798fa17dec90220ff02d5a1eca1cad8d428d75cefb
                                                                                    • Instruction Fuzzy Hash: 7E01406140E3C05FD7128B258894B52BFB4DF43224F1980DBD9888F1A7C2699849DBB2
                                                                                    Function 02C1D01D Relevance: .0, Instructions: 45COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2236776867.0000000002C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C1D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_2c1d000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 078b39fa4467f73435a33aa1b21f652b45aa8f4a916adc70828c41b88ecebdf8
                                                                                    • Instruction ID: 36b525eee175b99e139b387c6cde78fdda3cfd64058548ec1f7d7922453473bd
                                                                                    • Opcode Fuzzy Hash: 078b39fa4467f73435a33aa1b21f652b45aa8f4a916adc70828c41b88ecebdf8
                                                                                    • Instruction Fuzzy Hash: E001A7715093409EE7204E2ACD85B67BF98DF82364F18C41AED4A0A246C779D946DAF1
                                                                                    Function 068B88D5 Relevance: .0, Instructions: 24COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2240095063.00000000068B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_68b0000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fafc605d5461516eca8981335047e9cd04b7f64a2b7c0c55daa17de505dcbff4
                                                                                    • Instruction ID: 79edc0d2acea662bfda956311749e2a6c5c288e54eac9857db7e81730f202b42
                                                                                    • Opcode Fuzzy Hash: fafc605d5461516eca8981335047e9cd04b7f64a2b7c0c55daa17de505dcbff4
                                                                                    • Instruction Fuzzy Hash: D9F01C74B4034A8FDB04DBA4C5A5BAE7BB2EB85344F104954D502DF3A8CB789A488BC0

                                                                                    Non-executed Functions

                                                                                    Function 073D1658 Relevance: 15.3, Strings: 12, Instructions: 263COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2241984424.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_73d0000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 84Uk$84Uk$tPp$tPp$tPp$tPp$$p$$p$$p$$p$Mk$Mk
                                                                                    • API String ID: 0-2547966830
                                                                                    • Opcode ID: 9be5e86f6f9cf25aeff3e8c31969a534997758e4ad193283393534ab2a6d03a3
                                                                                    • Instruction ID: aee47021ff05acfe30b95fb90a60b232f169891c2e3ea2d0b6a65ac1e043f8a2
                                                                                    • Opcode Fuzzy Hash: 9be5e86f6f9cf25aeff3e8c31969a534997758e4ad193283393534ab2a6d03a3
                                                                                    • Instruction Fuzzy Hash: C2815CB37083559FE7218768E81066ABFE6AFC5320F1980ABD549CB351CB71DC41C7A2
                                                                                    Function 073D0898 Relevance: 10.2, Strings: 8, Instructions: 180COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2241984424.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_73d0000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 4'p$4'p$$p$$p$$p$$p$$p$$p
                                                                                    • API String ID: 0-2834719986
                                                                                    • Opcode ID: 35193240542b415a884a8de20094d19128c1d26469c320da88a4220e2692700c
                                                                                    • Instruction ID: dac17b8440474f6b4fec7e6ba5a7c243983c87d64b96af5d40a8b55b7942680a
                                                                                    • Opcode Fuzzy Hash: 35193240542b415a884a8de20094d19128c1d26469c320da88a4220e2692700c
                                                                                    • Instruction Fuzzy Hash: 815125B3704206CFFB284A29E4406AABBA6EFD5A20F24806BD55D87251DB32CC51C7A1
                                                                                    Function 073D044D Relevance: 7.6, Strings: 6, Instructions: 77COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2241984424.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_73d0000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 4'p$4'p$4'p$4'p$$p$$p
                                                                                    • API String ID: 0-724797342
                                                                                    • Opcode ID: 27cea1ea8e0071f772853c7ba6242cdd5d2d8ecff98afeb5b1cc6de86f6c9cbd
                                                                                    • Instruction ID: c149139d222bf702354aba13724fbc6f3db8a143462ee192c7edb5f97fbebdf4
                                                                                    • Opcode Fuzzy Hash: 27cea1ea8e0071f772853c7ba6242cdd5d2d8ecff98afeb5b1cc6de86f6c9cbd
                                                                                    • Instruction Fuzzy Hash: 2E215EF370C7524FE72E113874215B96BA35FD2A60B2D40ABC489DB346DF658C028793
                                                                                    Function 073D0E88 Relevance: 6.3, Strings: 5, Instructions: 79COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2241984424.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_73d0000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 4Tk$4Tk$$p$$p$$p
                                                                                    • API String ID: 0-421947537
                                                                                    • Opcode ID: fabe661acea9719a8b5a9d424a59b5997065c9abe26fdab06916b954097059b2
                                                                                    • Instruction ID: 05446c7caffb6561244912ef965a99e22cec5ba654f846e2201065f1d9e3104c
                                                                                    • Opcode Fuzzy Hash: fabe661acea9719a8b5a9d424a59b5997065c9abe26fdab06916b954097059b2
                                                                                    • Instruction Fuzzy Hash: 5A11D5F23142069BE6285579F8507BBAACA9BC5A51F24803EE559C6282DF75CC018372

                                                                                    Non-executed Functions

                                                                                    Function 00007FF8A7D6B840 Relevance: 372.3, APIs: 121, Strings: 91, Instructions: 1269libraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: AddressProc$Library$_aligned_free$ByteCharFreeHandleLoadModuleMultiWidefree$_errnocalloc
                                                                                    • String ID: Cannot load %s$Cannot load optional %s$Loaded lib: %s$Loaded sym: %s$SetDefaultDllDirectories$cuArray3DCreate_v2$cuArrayCreate_v2$cuArrayDestroy$cuCtxCreate_v2$cuCtxDestroy_v2$cuCtxGetDevice$cuCtxPopCurrent_v2$cuCtxPushCurrent_v2$cuCtxSetLimit$cuD3D11GetDevice$cuD3D11GetDevices$cuDestroyExternalMemory$cuDestroyExternalSemaphore$cuDeviceComputeCapability$cuDeviceGet$cuDeviceGetAttribute$cuDeviceGetCount$cuDeviceGetName$cuDeviceGetUuid$cuDevicePrimaryCtxGetState$cuDevicePrimaryCtxRelease$cuDevicePrimaryCtxReset$cuDevicePrimaryCtxRetain$cuDevicePrimaryCtxSetFlags$cuEGLStreamConsumerDisconnect$cuEGLStreamProducerConnect$cuEGLStreamProducerDisconnect$cuEGLStreamProducerPresentFrame$cuEGLStreamProducerReturnFrame$cuEventCreate$cuEventDestroy_v2$cuEventQuery$cuEventRecord$cuEventSynchronize$cuExternalMemoryGetMappedBuffer$cuExternalMemoryGetMappedMipmappedArray$cuGLGetDevices_v2$cuGetErrorName$cuGetErrorString$cuGraphicsD3D11RegisterResource$cuGraphicsGLRegisterImage$cuGraphicsMapResources$cuGraphicsResourceGetMappedPointer_v2$cuGraphicsSubResourceGetMappedArray$cuGraphicsUnmapResources$cuGraphicsUnregisterResource$cuImportExternalMemory$cuImportExternalSemaphore$cuInit$cuLaunchKernel$cuLinkAddData$cuLinkComplete$cuLinkCreate$cuLinkDestroy$cuMemAllocManaged$cuMemAllocPitch_v2$cuMemAlloc_v2$cuMemFree_v2$cuMemcpy$cuMemcpy2DAsync_v2$cuMemcpy2D_v2$cuMemcpyAsync$cuMemcpyDtoDAsync_v2$cuMemcpyDtoD_v2$cuMemcpyDtoHAsync_v2$cuMemcpyDtoH_v2$cuMemcpyHtoDAsync_v2$cuMemcpyHtoD_v2$cuMemsetD8Async$cuMipmappedArrayDestroy$cuMipmappedArrayGetLevel$cuModuleGetFunction$cuModuleGetGlobal$cuModuleLoadData$cuModuleUnload$cuSignalExternalSemaphoresAsync$cuStreamAddCallback$cuStreamCreate$cuStreamDestroy_v2$cuStreamQuery$cuStreamSynchronize$cuTexObjectCreate$cuTexObjectDestroy$cuWaitExternalSemaphoresAsync$kernel32.dll$nvcuda.dll
                                                                                    • API String ID: 3405737670-3447704524
                                                                                    • Opcode ID: 4af3281c0e25db81b3078cec52e73783fda2d96fdf649ea0d565a5970141e5c3
                                                                                    • Instruction ID: 1341b2ee6c015f463db0d471f253f65acdd73e7ea1e50d6dfacd8d0f2a624bf9
                                                                                    • Opcode Fuzzy Hash: 4af3281c0e25db81b3078cec52e73783fda2d96fdf649ea0d565a5970141e5c3
                                                                                    • Instruction Fuzzy Hash: EED21731A1BA47A0EA41EF20E8612ED2395EF94BC4F844532E91D4B3A9DE3CF515E391
                                                                                    Function 00007FF8A7D6FDF0 Relevance: 140.7, APIs: 62, Strings: 18, Instructions: 667libraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: AddressProc$ByteCharMultiWide_aligned_free$LibraryLoad$DesktopWindow_errno$atoi
                                                                                    • String ID: &$DXVA2CreateDirect3DDeviceManager9$Direct3DCreate9$Direct3DCreate9Ex$Failed to bind Direct3D device to device manager$Failed to create Direct3D device$Failed to create Direct3D device manager$Failed to create IDirect3D object$Failed to load D3D9 library$Failed to load DXVA2 library$Failed to locate DXVA2CreateDirect3DDeviceManager9$Failed to locate Direct3DCreate9$Failed to open device handle$SetDefaultDllDirectories$Using D3D9Ex device.$d3d9.dll$dxva2.dll$kernel32.dll
                                                                                    • API String ID: 1760633067-2418308259
                                                                                    • Opcode ID: 1b8f3b45278436593ea4620b683ff6dcafb812b761b95205c1ba724c4eb98057
                                                                                    • Instruction ID: 30c3ac21540d95e4003d1fe1a5976fa0b0042d2a3ca559b36e5c1c7a975163e4
                                                                                    • Opcode Fuzzy Hash: 1b8f3b45278436593ea4620b683ff6dcafb812b761b95205c1ba724c4eb98057
                                                                                    • Instruction Fuzzy Hash: 62528E31A0AB82A2EB50DF11E4143AE67A0FF88BD4F448636D99D4B7D9DF7CE504A740
                                                                                    Function 00007FF65EE12A10 Relevance: 65.0, APIs: 32, Strings: 5, Instructions: 209stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2294622948.00007FF65EE11000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF65EE10000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2294598232.00007FF65EE10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294667462.00007FF65EE15000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294698930.00007FF65EE16000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294724582.00007FF65EE19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff65ee10000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strncmp$__acrt_iob_func$av_dict_freeav_strerrorfprintfprintf$av_dict_getos_event_init$__stdio_common_vfprintf_errnoav_dict_countav_dict_parse_stringav_mallocavformat_write_headeravio_alloc_contextavio_openbreallocmemmovepthread_createpthread_mutex_initstrerror
                                                                                    • String ID: %s=%s$Couldn't open '%s', %s$Error opening '%s': %s$Failed to parse muxer settings: %s%s$Using muxer settings:
                                                                                    • API String ID: 2783795328-2826353358
                                                                                    • Opcode ID: 0ced714b6d2bafb841ab697dc7cb68e417ab27a254e86fbca716fd3c82a395c5
                                                                                    • Instruction ID: aba0e0e9f4052f1f10ee3980999fe8beaefc2fe253cc0fbdfd75a9ac65eb974e
                                                                                    • Opcode Fuzzy Hash: 0ced714b6d2bafb841ab697dc7cb68e417ab27a254e86fbca716fd3c82a395c5
                                                                                    • Instruction Fuzzy Hash: 33A1A621F24B9295EF18DBA1DA503F86360FB68784F485136FA4DA7645EFBCE1D48340
                                                                                    Function 00007FF65EE12EE0 Relevance: 54.6, APIs: 29, Strings: 2, Instructions: 313COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2294622948.00007FF65EE11000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF65EE10000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2294598232.00007FF65EE10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294667462.00007FF65EE15000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294698930.00007FF65EE16000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294724582.00007FF65EE19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff65ee10000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: __acrt_iob_func$freemalloc$fprintf$ByteCharMultiWideav_rescale_q_rndrealloc$ErrorMode__stdio_common_vfprintf_fileno_setmodeav_interleaved_write_frameav_strerrormemsetsetvbuf
                                                                                    • String ID: Couldn't initialize muxer$av_interleaved_write_frame failed: %d: %s
                                                                                    • API String ID: 4192084208-164389310
                                                                                    • Opcode ID: 90e4d641eae2122b72088982d14054dbbcc6ef952270b6c02c8a2abd6878b3b9
                                                                                    • Instruction ID: 217d04ba00869e42dd7c0dd86ac8bff33c8b5a33c8400dc0ad2f1577e9f7d297
                                                                                    • Opcode Fuzzy Hash: 90e4d641eae2122b72088982d14054dbbcc6ef952270b6c02c8a2abd6878b3b9
                                                                                    • Instruction Fuzzy Hash: 4FE1F422B28A9286EF24CFA1D9403BD67A1FB69B84F094139EE4DA7754DF7CD585C300
                                                                                    Function 00007FF8A7D5C2F0 Relevance: 51.3, APIs: 25, Strings: 4, Instructions: 582stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _aligned_free$strcmp$strchrstrtol
                                                                                    • String ID: channels$%d channels (%[^)]$ambisonic $mono
                                                                                    • API String ID: 6235670-221731140
                                                                                    • Opcode ID: 9a9eb1e0a00dde1935faf8ff688298a0d262cbf1e4cfcb0e70de2c1dca8238e4
                                                                                    • Instruction ID: edf661514844e0f1d4ec2025ec7cab96e3e7e127f7639e5d0c025a6af10da5f3
                                                                                    • Opcode Fuzzy Hash: 9a9eb1e0a00dde1935faf8ff688298a0d262cbf1e4cfcb0e70de2c1dca8238e4
                                                                                    • Instruction Fuzzy Hash: 13427173A0A6C3A6EB608F15E44037E67A1FB80BC4F54A131DA9D47B99DE7CE441EB40
                                                                                    Function 00007FF8A7D82D90 Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 203COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _close_read$clock
                                                                                    • String ID: /dev/random$/dev/urandom$Assertion %s failed at %s:%d$Microsoft Primitive Provider$N$RNG$sizeof(tmp) >= av_sha_size$src/libavutil/random_seed.c
                                                                                    • API String ID: 3077350862-4220122895
                                                                                    • Opcode ID: 42a263d787bb1900c231adad2bae4144787def7db549a8d8b5a27e8b710399cc
                                                                                    • Instruction ID: 66506005b97db970dcd364378813ac9bb35b25c904c7f50deba4176dc2aaa889
                                                                                    • Opcode Fuzzy Hash: 42a263d787bb1900c231adad2bae4144787def7db549a8d8b5a27e8b710399cc
                                                                                    • Instruction Fuzzy Hash: 76713872B0A64665FB189F34E4512BD3691FF84BC0F405236EA0E97A99EEBCF404D700
                                                                                    Function 00007FF8A7D7F2C0 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 461COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _errno
                                                                                    • String ID: %H%M%S$%H:%M$%H:%M:%S$%J:%M:%S$%M:%S$%Y - %m - %d$%Y%m%d$+$AliceBlue$now
                                                                                    • API String ID: 2918714741-785088730
                                                                                    • Opcode ID: 8cc4219109180221a37125365c6cb82e6481bf229ae85591e8e1ba171042397c
                                                                                    • Instruction ID: c6da002aa06a91edb96e9d9e12781ba221d723ca3d3fe74ddc782a87a9cb59c0
                                                                                    • Opcode Fuzzy Hash: 8cc4219109180221a37125365c6cb82e6481bf229ae85591e8e1ba171042397c
                                                                                    • Instruction Fuzzy Hash: E5023972B1E29656FB348F25E44073EAB91EB407C4F548231DA5D07BE8DE3DE506AB00
                                                                                    Function 00007FF8A7D5D9B0 Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 272COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: abort
                                                                                    • String ID: Assertion %s failed at %s:%d$av_crc_init(av_crc_table[AV_CRC_16_CCITT], 0, 16, 0x1021, sizeof(av_crc_table[AV_CRC_16_CCITT])) >= 0$av_crc_init(av_crc_table[AV_CRC_24_IEEE], 0, 24, 0x864CFB, sizeof(av_crc_table[AV_CRC_24_IEEE])) >= 0$av_crc_init(av_crc_table[AV_CRC_32_IEEE], 0, 32, 0x04C11DB7, sizeof(av_crc_table[AV_CRC_32_IEEE])) >= 0$av_crc_init(av_crc_table[AV_CRC_8_ATM], 0, 8, 0x07, sizeof(av_crc_table[AV_CRC_8_ATM])) >= 0$src/libavutil/crc.c
                                                                                    • API String ID: 4206212132-2611614167
                                                                                    • Opcode ID: 92c9e43b5e3701d523069e98b3d843c3635d7b65042acc036af35ff1e6a13f27
                                                                                    • Instruction ID: 1f7b16c087b95d5b935ac5ac19ed859044df8f08543d8bfdd11f836615296200
                                                                                    • Opcode Fuzzy Hash: 92c9e43b5e3701d523069e98b3d843c3635d7b65042acc036af35ff1e6a13f27
                                                                                    • Instruction Fuzzy Hash: FDA10573F1AA8653E700AF64D8823ED3690EB98788F888235D61DC7695DE3CE159E710
                                                                                    Function 00007FF8A7D6ED32 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 176libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: LibraryLoad
                                                                                    • String ID: DXGIGetDebugInterface$Failed to create Direct3D device (%lx)$Failed to load D3D11 library or its functions$Using device %04x:%04x (%ls).$d3d11_1sdklayers.dll$debug$dxgidebug.dll
                                                                                    • API String ID: 1029625771-4247103231
                                                                                    • Opcode ID: 5e2a214d2a33974e5b6e87ebf4458333bd18d13c46bc31c7c438c065be5d4816
                                                                                    • Instruction ID: fefaffd522aadb5ef96e0532315ed4569dcdfe421a7d7d64a00367f6d265b617
                                                                                    • Opcode Fuzzy Hash: 5e2a214d2a33974e5b6e87ebf4458333bd18d13c46bc31c7c438c065be5d4816
                                                                                    • Instruction Fuzzy Hash: DD715936B1AA46A2EB10DF26E45076E6360FB84BC8F445232EE5D477A8DF3DE405E740
                                                                                    Function 00007FF8A7D7C650 Relevance: 16.8, APIs: 1, Strings: 10, Instructions: 299COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: %d%*1[:/]%d%c$-$The "%s" option is deprecated: %s$Unable to parse option value "%s"$all$const_values array too small for %s$default$max$min$none
                                                                                    • API String ID: 0-679463259
                                                                                    • Opcode ID: 9d9d9a3b7a0190a60b3e1d7de4052083c20cc3d048e1b11ee78faf5db607be51
                                                                                    • Instruction ID: bbdcf072baba761c6da50d7c7347162bf30a999a8dba7306f49b540a28fb52db
                                                                                    • Opcode Fuzzy Hash: 9d9d9a3b7a0190a60b3e1d7de4052083c20cc3d048e1b11ee78faf5db607be51
                                                                                    • Instruction Fuzzy Hash: 06E1C533A0AB819AD761CF14E4407AFB7A8FB85788F144236EA9D57688DF3CD144EB40
                                                                                    Function 00007FF8A7D74C80 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 398COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Last message repeated %d times$ Last message repeated %d times$%s%s%s%s$8$?$[%s @ %p] $[%s]
                                                                                    • API String ID: 0-179686365
                                                                                    • Opcode ID: ce54885c60954f378c52401b716c70c516f3c7c7a1fae476ce4e39e9d3599150
                                                                                    • Instruction ID: c169a583e46653ef7a322497a85a291213f6a69c4f4b0d0908a3b44ded0003de
                                                                                    • Opcode Fuzzy Hash: ce54885c60954f378c52401b716c70c516f3c7c7a1fae476ce4e39e9d3599150
                                                                                    • Instruction Fuzzy Hash: 5BF11432A0A686A5FB618F11A4103BD7B91FF86BC4F844636DE9D0738ADE3DE444E741
                                                                                    Function 00007FF8A7D724D0 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 442COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: memcpy$abort
                                                                                    • String ID: Assertion %s failed at %s:%d$ret >= 0$src/libavutil/imgutils.c
                                                                                    • API String ID: 3629556515-2504023021
                                                                                    • Opcode ID: 2312a6da2723e7e0594906141bd6e79322ef9e88a15247b0ee1471fd6e159ad7
                                                                                    • Instruction ID: a2a869594d3d677d0c4d77e358d5ca2fa24a4c368d9abc7e254fd1c9e9f41e85
                                                                                    • Opcode Fuzzy Hash: 2312a6da2723e7e0594906141bd6e79322ef9e88a15247b0ee1471fd6e159ad7
                                                                                    • Instruction Fuzzy Hash: CA02D032A096C196E760CF15E4403AEB7A1FB89BD4F54423ADA9D83B98DF3DE445DB00
                                                                                    Function 00007FF65EE13C5C Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2294622948.00007FF65EE11000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF65EE10000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2294598232.00007FF65EE10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294667462.00007FF65EE15000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294698930.00007FF65EE16000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294724582.00007FF65EE19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff65ee10000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 313767242-0
                                                                                    • Opcode ID: 8e29f9cfb3282d508510f87b074f2afb23630758b427b43b81c2847ae2e7d6a0
                                                                                    • Instruction ID: e85620c5b91d25f116f0f3c5f28a07c18dcc061880cf16755ec88019d00c034d
                                                                                    • Opcode Fuzzy Hash: 8e29f9cfb3282d508510f87b074f2afb23630758b427b43b81c2847ae2e7d6a0
                                                                                    • Instruction Fuzzy Hash: 23318372619B9185EF648FA0E8403ED7361FB94744F48403AEA8D97B88DF7CD688C710
                                                                                    Function 00007FF8BFAB6CBC Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2301259236.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2301134546.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301373372.00007FF8BFAB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301404788.00007FF8BFAB9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301429850.00007FF8BFABC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8bfab0000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 313767242-0
                                                                                    • Opcode ID: 13250969f5b2de30470bf22d6d750f243ba906d20c34ed2405166bb0a67cfad5
                                                                                    • Instruction ID: 95ba3001a2a509f2eca0cc7b75fb56652af3c0992a9424e93460a7d8475f6264
                                                                                    • Opcode Fuzzy Hash: 13250969f5b2de30470bf22d6d750f243ba906d20c34ed2405166bb0a67cfad5
                                                                                    • Instruction Fuzzy Hash: C8316D72609E8186EB649FA8E8413ED7364FB88788F44543ADB4E47B99EF3CD548C700
                                                                                    Function 00007FF8A7D75980 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 408COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: abort
                                                                                    • String ID: ?$Assertion %s failed at %s:%d$[$cnt >= 0$src/libavutil/lzo.c
                                                                                    • API String ID: 4206212132-2884727783
                                                                                    • Opcode ID: 7011ca950fc2a7db3eb286879491971854b83ca07a450eddb1490616219303e7
                                                                                    • Instruction ID: d1cc4b05d3136d5888a89781c9b29788577f39647060b93599afce51174ba0fd
                                                                                    • Opcode Fuzzy Hash: 7011ca950fc2a7db3eb286879491971854b83ca07a450eddb1490616219303e7
                                                                                    • Instruction Fuzzy Hash: C8E11972B1F66291EB608E11818477D6A92FB447C0F99CA31CE2F07788EA7DF605E701
                                                                                    Function 00007FF8A7D5BE20 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 216COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: abort
                                                                                    • String ID: Assertion %s failed at %s:%d$ambisonic %d$channel_layout->order == AV_CHANNEL_ORDER_CUSTOM$src/libavutil/channel_layout.c
                                                                                    • API String ID: 4206212132-610793534
                                                                                    • Opcode ID: 4154b1103f2502a80824f1cfea4b5c08add524b0e9befcb9efd5374d9646e1ef
                                                                                    • Instruction ID: 03ce6fef4d5358cc9b83379f1e7f3daf9b6f064a1ae89fb83a03462077f99431
                                                                                    • Opcode Fuzzy Hash: 4154b1103f2502a80824f1cfea4b5c08add524b0e9befcb9efd5374d9646e1ef
                                                                                    • Instruction Fuzzy Hash: 2C713AA3F2A98643E7154F34D80237C5182EB957E0F4CD331E91AD6B85EE3DE9819B01
                                                                                    Function 00007FF8A7DD46C0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 85COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: abort
                                                                                    • String ID: (state[4] & 3) == 3$Assertion %s failed at %s:%d$n$src/libavutil/utils.c
                                                                                    • API String ID: 4206212132-3394967418
                                                                                    • Opcode ID: f745146a8868629358c2eef4edc24f02b811a2bcba902581bbe48fb0424e79ec
                                                                                    • Instruction ID: 19e9b997e55f3e3b16e3eccdb11a2659f5fdc5cec4b59e03bc7f4d2c2af1a37d
                                                                                    • Opcode Fuzzy Hash: f745146a8868629358c2eef4edc24f02b811a2bcba902581bbe48fb0424e79ec
                                                                                    • Instruction Fuzzy Hash: 45218C6391F98271F7209E3888402BE3792EB42BE5F950332E9BEC25DACA3DD5859140
                                                                                    Function 00007FF8A7D5BA70 Relevance: 7.8, Strings: 6, Instructions: 250COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: %d channels$%d channels ($@%s$AMBI%d$NONE$USR%d
                                                                                    • API String ID: 0-1306170362
                                                                                    • Opcode ID: b58385b35ee8c0576a5674ace7b060eb4fb2608f8c8b053f2f6c87950b102242
                                                                                    • Instruction ID: 31fd7bfa8bd7113537f0b875a9606cf4fd6843df6aa3a6591cf9f0e8c1a0490f
                                                                                    • Opcode Fuzzy Hash: b58385b35ee8c0576a5674ace7b060eb4fb2608f8c8b053f2f6c87950b102242
                                                                                    • Instruction Fuzzy Hash: 9F913562F1B1DA63EB648E159841A3D2641EF54BE0F88E231CD2E0778DDD3CA941E740
                                                                                    Function 00007FF8A7DFDAA0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 331COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: pow
                                                                                    • API String ID: 0-2276729525
                                                                                    • Opcode ID: 4e4d1c9717f4655b5bbf70594396bdc5da546f85907a2c9caf3bda01d7e980ea
                                                                                    • Instruction ID: 83c0bd5206e53fb66742569c1f9d1b26bad89ce044b2d89f1a589c724044c34d
                                                                                    • Opcode Fuzzy Hash: 4e4d1c9717f4655b5bbf70594396bdc5da546f85907a2c9caf3bda01d7e980ea
                                                                                    • Instruction Fuzzy Hash: BFD1F822D0EA42B1E6225F34542427E6715EF567C8F208332E9AD362CDDFEDB491F280
                                                                                    Function 00007FF8A7D95B00 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 253COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: abort
                                                                                    • String ID: '$Assertion %s failed at %s:%d$src/libavutil/tx.c
                                                                                    • API String ID: 4206212132-3565471776
                                                                                    • Opcode ID: ec47289fc772912451eea82ccb2b1043ae62ca5012e7b26885c9d820250d193f
                                                                                    • Instruction ID: 40443e12a133477309f03903d9f6fbc95989315ef4c2de693cc5bf41948f7d48
                                                                                    • Opcode Fuzzy Hash: ec47289fc772912451eea82ccb2b1043ae62ca5012e7b26885c9d820250d193f
                                                                                    • Instruction Fuzzy Hash: 7FA11872A0AA8196D760CF18E44036EB7A1FB897C4F545635EA5F43B98DF3DE844CB00
                                                                                    Function 00007FF8A7D5D5C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: Process$AffinityCurrentMask
                                                                                    • String ID: detected %d logical cores$overriding to %d logical cores
                                                                                    • API String ID: 1231390398-3421371979
                                                                                    • Opcode ID: 2e9904b101b569c18024893eab007079966040748388d549111c530203c0def7
                                                                                    • Instruction ID: ef61637981105a577dacfa9af6640d3400b94cbaf661f982ed21f0b63d53f1c0
                                                                                    • Opcode Fuzzy Hash: 2e9904b101b569c18024893eab007079966040748388d549111c530203c0def7
                                                                                    • Instruction Fuzzy Hash: A32128A3B2A84613E7144E29EC0136D1291FBA87A4F4DD236DE0EC7B59ED3CE602C341
                                                                                    Function 00007FF8A7D51C30 Relevance: 4.2, APIs: 3, Instructions: 497COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: memcpy
                                                                                    • String ID:
                                                                                    • API String ID: 3510742995-0
                                                                                    • Opcode ID: 403baa3e1a488a5a0e7543da01e81e3aaffd6a2fe1ed6e15f3cbc0658172d83e
                                                                                    • Instruction ID: d2ea0b308cd0a136e5a4650d2e704b11e9623e79f66576479643bd0968d0e999
                                                                                    • Opcode Fuzzy Hash: 403baa3e1a488a5a0e7543da01e81e3aaffd6a2fe1ed6e15f3cbc0658172d83e
                                                                                    • Instruction Fuzzy Hash: 5532F273A0DBC097E7658F29E4403AEBBA1F795384F059226DBD943A5ACB3CE164D700
                                                                                    Function 00007FF8A7E00640 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 155COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _errno
                                                                                    • String ID: __powi
                                                                                    • API String ID: 2918714741-2331859415
                                                                                    • Opcode ID: 1ed4b1acd7149e56c63c0e5b63662fa1acdc3d18d69be49f294a8596855a1eb9
                                                                                    • Instruction ID: b7e00cbda6afd77a07f3d4a8ca15ee44ad8abed389050c3b6ae38535784e4126
                                                                                    • Opcode Fuzzy Hash: 1ed4b1acd7149e56c63c0e5b63662fa1acdc3d18d69be49f294a8596855a1eb9
                                                                                    • Instruction Fuzzy Hash: 8751B234E5FA0694FA565E28585477E2354EF66FC8F188336D80E3A4C0EF1DBCA3A500
                                                                                    Function 00007FF8A7D53B87 Relevance: 3.5, APIs: 2, Instructions: 484COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 238db13e466d98e71d78f61cae172d4804caeca104bc3b3bb4d467ddbb97d8ec
                                                                                    • Instruction ID: bef084bae350b138055503ae81ebf5e4ade9782a9c255e0a4b893c983a73abd7
                                                                                    • Opcode Fuzzy Hash: 238db13e466d98e71d78f61cae172d4804caeca104bc3b3bb4d467ddbb97d8ec
                                                                                    • Instruction Fuzzy Hash: 0322C262A0F7D5A6D6208E15A0403BEBBA1FB55BC0F545236DAAD53B8CCF3CE440E742
                                                                                    Function 00007FF8A7D5B030 Relevance: 3.1, APIs: 2, Instructions: 87stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _errnomemcmpstrlenstrtol
                                                                                    • String ID:
                                                                                    • API String ID: 1078869015-0
                                                                                    • Opcode ID: 4e62ed5a4916453a6424c7a293e756ef9a25259ab9570582f9bd8a4894d05afe
                                                                                    • Instruction ID: 06c32d5cb908e4c3091ca3dcaca57f844584ab5033deca3582fb53f404d453e9
                                                                                    • Opcode Fuzzy Hash: 4e62ed5a4916453a6424c7a293e756ef9a25259ab9570582f9bd8a4894d05afe
                                                                                    • Instruction Fuzzy Hash: 9A21B2A3F2A54603EB5C8939DC2233D52C397947B0F4CD239DE1AC6789E93C99918701
                                                                                    Function 00007FF8A7DF9720 Relevance: 3.0, APIs: 2, Instructions: 39timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: Time$FileInformationSystemZone
                                                                                    • String ID:
                                                                                    • API String ID: 2921752741-0
                                                                                    • Opcode ID: a6735fc188ae2be04b6747e7321527e39212664d39bbfa2ed8a26b191bdbbc72
                                                                                    • Instruction ID: 11f135a1aece7f79fea728f3de400f685867a549f0036b1e0e8a2ad2c2fa76ed
                                                                                    • Opcode Fuzzy Hash: a6735fc188ae2be04b6747e7321527e39212664d39bbfa2ed8a26b191bdbbc72
                                                                                    • Instruction Fuzzy Hash: A301D4B2B1964682DF68DF21F41037DA2A1EB547D4F08C231DAEE86798EE2CD945D700
                                                                                    Function 00007FF8A7D96350 Relevance: 1.7, Strings: 1, Instructions: 449COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: %i:
                                                                                    • API String ID: 0-3112360579
                                                                                    • Opcode ID: 56225696255aec5cf75f5aaaa0dab9d34a63c7dc86180539428f912345232fc3
                                                                                    • Instruction ID: e130b2eb8a21b40b74ff84e84cf61c94bc8c154708dbd186cd417530ef18fee3
                                                                                    • Opcode Fuzzy Hash: 56225696255aec5cf75f5aaaa0dab9d34a63c7dc86180539428f912345232fc3
                                                                                    • Instruction Fuzzy Hash: 7102E072A0AB92A6DB248F28C42067C73A0FB44BC8F554236CB7D07B98DF79E951D740
                                                                                    Function 00007FF8A7D95350 Relevance: 1.6, Strings: 1, Instructions: 329COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID: 0-399585960
                                                                                    • Opcode ID: 32d18d1ae2b9536030ec3fb165465a0a39662cd1298dc4829aec3954e2195451
                                                                                    • Instruction ID: 9da75725c9a31fde72e50a7ef8a84e3f5d27f7d17b28f7285e21ff1f33d67b8f
                                                                                    • Opcode Fuzzy Hash: 32d18d1ae2b9536030ec3fb165465a0a39662cd1298dc4829aec3954e2195451
                                                                                    • Instruction Fuzzy Hash: 42E19E32A09A8697E7209F16E040BAE7760FB84BC4F514536DF9E43B99DF39E502DB00
                                                                                    Function 00007FF8A7DD4840 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 0123456789abcdef
                                                                                    • API String ID: 0-1757737011
                                                                                    • Opcode ID: 067b04213758aebbec89ab64825b0ea9af463173314dc67680d0fe0a86fcad37
                                                                                    • Instruction ID: 3d499239d5603da63e6844bb4fb43047674f78cc5a196cd14946289c185271ee
                                                                                    • Opcode Fuzzy Hash: 067b04213758aebbec89ab64825b0ea9af463173314dc67680d0fe0a86fcad37
                                                                                    • Instruction Fuzzy Hash: 4B61C8977292F19ED72247A9A810F9CBE52D266B45F1D4289D7C10BF93C212C0B2FB21
                                                                                    Function 00007FF8A7D5B150 Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: %d channels
                                                                                    • API String ID: 0-1351059727
                                                                                    • Opcode ID: fb37549d1e1a87d1845128c91bcf027e9804e02a172115fddd54d2ad187c1367
                                                                                    • Instruction ID: d2b5f4f488aa03342cf55f2f6e78516c5c21b42bcf4b1c3ba16071e33f709a20
                                                                                    • Opcode Fuzzy Hash: fb37549d1e1a87d1845128c91bcf027e9804e02a172115fddd54d2ad187c1367
                                                                                    • Instruction Fuzzy Hash: AE4119A3F0B88A22EB558E05BC0167D4242EBA5BF5F8CE132DD1947B48ED3C9986D301
                                                                                    Function 00007FF8A7D92B60 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: %02u:%02u:%02u%c%02u
                                                                                    • API String ID: 0-3773705257
                                                                                    • Opcode ID: 05e44b18eb7a4dcf895f83e0c2975131c3305643ef67c3862a7710349e35a628
                                                                                    • Instruction ID: 43b7e5b870580dd3b36abc754322a478944ce047edb5a7445887451c153d63c9
                                                                                    • Opcode Fuzzy Hash: 05e44b18eb7a4dcf895f83e0c2975131c3305643ef67c3862a7710349e35a628
                                                                                    • Instruction Fuzzy Hash: 55316EB3F2A9556AEB65CE159C4076E2242F7447C9F888330ED1A4BB4CEA3CF948D340
                                                                                    Function 00007FF8A7D5E9A0 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 9%lld
                                                                                    • API String ID: 0-1067827528
                                                                                    • Opcode ID: 4bf4b89b430cf95bf7994c152801e5258dcff788620b942f10691eac737950a8
                                                                                    • Instruction ID: ed96ed3921cbda4188cc32473884c75439e44e96ea112891c65d691fe2142cff
                                                                                    • Opcode Fuzzy Hash: 4bf4b89b430cf95bf7994c152801e5258dcff788620b942f10691eac737950a8
                                                                                    • Instruction Fuzzy Hash: 2231D4A373594053E697DE66A8552ED2752F3497CAF84B031FE0B8B348E67DDD05E100
                                                                                    Function 00007FF8A7D5E820 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 9%lld
                                                                                    • API String ID: 0-1067827528
                                                                                    • Opcode ID: b7dcea320b78e429be7da6e3a51ac97eece9d04196250d78cf97526035406e98
                                                                                    • Instruction ID: 50f0eff986847ad27e8d360f7cd13e8e47102f6ac8c5b1d469446281d8f2f410
                                                                                    • Opcode Fuzzy Hash: b7dcea320b78e429be7da6e3a51ac97eece9d04196250d78cf97526035406e98
                                                                                    • Instruction Fuzzy Hash: 8631E66373199153E682DEA6A4516EC2751F38D7CAFC46132FE0AC7308EA78CD09E200
                                                                                    Function 00007FF8A7D92CC0 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: %02u:%02u:%02u%c%02u
                                                                                    • API String ID: 0-3773705257
                                                                                    • Opcode ID: fdd9d13a151395552cd65e209512f394c3a647e9cf21eb926f75bca4cb5d8e29
                                                                                    • Instruction ID: ea7c74c2232787e23e19fc237259ec047e82f5b8fbc523ec50b299910801517e
                                                                                    • Opcode Fuzzy Hash: fdd9d13a151395552cd65e209512f394c3a647e9cf21eb926f75bca4cb5d8e29
                                                                                    • Instruction Fuzzy Hash: FE116A7353844446DB49DF1A88106AD7290F390BC4BC84235E95BCF748DE3CE709D704
                                                                                    Function 00007FF8A7D5B6A0 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: front left
                                                                                    • API String ID: 0-959785498
                                                                                    • Opcode ID: 23cad181ecbb07febb14ec29e22a05d1089456614179c0b502e2ad97e0cb5eae
                                                                                    • Instruction ID: 9910e460b2a431a6c2066b8bf6dc9aae8d5fb8bd48568e3af4fc900220aeec04
                                                                                    • Opcode Fuzzy Hash: 23cad181ecbb07febb14ec29e22a05d1089456614179c0b502e2ad97e0cb5eae
                                                                                    • Instruction Fuzzy Hash: 7511CAD7F3659A43EF604A6DCC0275802C2D3A57B074CE231E859C6B49FC3DE6529642
                                                                                    Function 00007FF8A7D787F0 Relevance: 1.3, APIs: 1, Instructions: 66COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: memset
                                                                                    • String ID:
                                                                                    • API String ID: 2221118986-0
                                                                                    • Opcode ID: 30d0097c098d0a2c9e6ec4e870c0f712385f61fe009233d20c93c0c5dbd3fad9
                                                                                    • Instruction ID: a054c8d83336187ec6ba6e55cb659c39e13b16403d55bc8a806fd3f1567b037e
                                                                                    • Opcode Fuzzy Hash: 30d0097c098d0a2c9e6ec4e870c0f712385f61fe009233d20c93c0c5dbd3fad9
                                                                                    • Instruction Fuzzy Hash: 5411B2A2751B4C53AD08C7AAA8B68B9925AA3ADFD4718F032CE0D4B354DD3CE092C340
                                                                                    Function 00007FF8A7D84920 Relevance: 1.0, Instructions: 994COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e651fe4c88c82812c6238caf3bdcde6ab459b46390ea8f8b4a9699f07545262f
                                                                                    • Instruction ID: 1bda1fb4674d5b31257bf7ffee1b08a0ed086879fa134946f1178f46d8c42b44
                                                                                    • Opcode Fuzzy Hash: e651fe4c88c82812c6238caf3bdcde6ab459b46390ea8f8b4a9699f07545262f
                                                                                    • Instruction Fuzzy Hash: 6572EAB7B251204BE354CF2AE844E46BB92F7D8748B56A114EE56E7F04D23DEA06CF40
                                                                                    Function 00007FF8A7D83C00 Relevance: 1.0, Instructions: 989COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f1d4f91dbcd3920678f56ce2ea7d672d73a39a89e5afe551f032633b1d0d58bd
                                                                                    • Instruction ID: 964c822f9f187339aa42b2d0479b64a4cd5d221fa53f8ffe4ad9e35da9718a6b
                                                                                    • Opcode Fuzzy Hash: f1d4f91dbcd3920678f56ce2ea7d672d73a39a89e5afe551f032633b1d0d58bd
                                                                                    • Instruction Fuzzy Hash: A0720977B282244B9318CF26E809D4AB796F7D4704B469128EF16D7F08E67DEA058F84
                                                                                    Function 00007FF8A7D73580 Relevance: .7, Instructions: 727COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a118a507555301ea384540139cf8e1fb3b65300ff54bfeb7e4b20e0f2e86e279
                                                                                    • Instruction ID: 4a26795e8fd587acb0dee775d063cee7e80a4bbd879a2b5e48fac3114f320ddc
                                                                                    • Opcode Fuzzy Hash: a118a507555301ea384540139cf8e1fb3b65300ff54bfeb7e4b20e0f2e86e279
                                                                                    • Instruction Fuzzy Hash: DF52176361D2E187E3648F69A400B7EF6E1FBD4781F10A225EAD993B98E73CD540DB10
                                                                                    Function 00007FF8A7D76820 Relevance: .6, Instructions: 593COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 36dddfe8cf3ff9be88c3b72cff50abe549f3a298be1906c93472ea6cf2cfdb2f
                                                                                    • Instruction ID: db5489a259d735a862c19cc01f8f159e13eb80069366eb804d258b2fd0a75bd5
                                                                                    • Opcode Fuzzy Hash: 36dddfe8cf3ff9be88c3b72cff50abe549f3a298be1906c93472ea6cf2cfdb2f
                                                                                    • Instruction Fuzzy Hash: 4F12B377B6016047D76CCF36E816F993796E399758389E12C9A02D7F08DA3DD90ACB80
                                                                                    Function 00007FF8A7D93560 Relevance: .5, Instructions: 518COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8160ea691a23e1b632a407eca822979379531e44aeec8686b9d2442b5e3ae57d
                                                                                    • Instruction ID: 3ce4356e1aa423a5e481f54ee0d8e92a0e1c0cd78afef7eac3db6a4ad8dad467
                                                                                    • Opcode Fuzzy Hash: 8160ea691a23e1b632a407eca822979379531e44aeec8686b9d2442b5e3ae57d
                                                                                    • Instruction Fuzzy Hash: 59229172B2AF4592DA60DF16E444A2E6769FB84FC4B558235DF6E9BB48DF38D400E300
                                                                                    Function 00007FF8A7D9CBE0 Relevance: .5, Instructions: 505COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ff40ba625cf61736bb64c8bdf5840a366f4253e3d55665abfb5f43b414cbf64c
                                                                                    • Instruction ID: caaa6ff81cdddfe693f1aae14aa938755ba628adbc9b0deab8f6d9d76b5930e5
                                                                                    • Opcode Fuzzy Hash: ff40ba625cf61736bb64c8bdf5840a366f4253e3d55665abfb5f43b414cbf64c
                                                                                    • Instruction Fuzzy Hash: 7422C462E29F904ED253CE75945223E6B58FFAA7C4B41D313EE5B76B12DB34E1878200
                                                                                    Function 00007FF8A7D809B0 Relevance: .5, Instructions: 497COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5d0debf0142da6a9273804bc82d00e17f960341957d4bf9a7368440b236c8168
                                                                                    • Instruction ID: 9b76c943aab5b676243b2cd259dce3da6911b32d3a9b23c6af6bc255ac81cf7a
                                                                                    • Opcode Fuzzy Hash: 5d0debf0142da6a9273804bc82d00e17f960341957d4bf9a7368440b236c8168
                                                                                    • Instruction Fuzzy Hash: 93020373F1A691A6FB754F10E101E7C7FA0FB50B85F45923AC76E17B88DA38A915A300
                                                                                    Function 00007FF8A7DB2B80 Relevance: .5, Instructions: 495COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5050afa32f6ddfb6a114996f9f218715255f7c7b544984919c9caa6235c0bb16
                                                                                    • Instruction ID: ce9a441d17a950cd35e1922249928e291d9bf06999e76e4b96ccd20dbee61707
                                                                                    • Opcode Fuzzy Hash: 5050afa32f6ddfb6a114996f9f218715255f7c7b544984919c9caa6235c0bb16
                                                                                    • Instruction Fuzzy Hash: FB220532E29A8C57C612CE77948117D7B20FBAE7C4B59DB16EE05726A2DB34F0849700
                                                                                    Function 00007FF8A7D57260 Relevance: .5, Instructions: 471COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 81a7950f2253a1c48c8c137fbc100e25f2fe9e5a0653b74c0b8ed70f9fb77fc6
                                                                                    • Instruction ID: 4972b1dd6833cd9337ab7e9be222d1640362417749ca48f8584a8a86915778ae
                                                                                    • Opcode Fuzzy Hash: 81a7950f2253a1c48c8c137fbc100e25f2fe9e5a0653b74c0b8ed70f9fb77fc6
                                                                                    • Instruction Fuzzy Hash: 0E1284732108148BD391CF5EE8C0E5DB7D1F798B4EB629324EB4693B61D632A863D790
                                                                                    Function 00007FF8A7D81160 Relevance: .3, Instructions: 310COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6f7b787218cfe6dc98328e18f40f484bb36194aafcb0adaf6dc1dee95f7ee729
                                                                                    • Instruction ID: 034750beaf22d256c6442ea54c7db6be4a259d13e5b38267ffa4ae35f888ba3a
                                                                                    • Opcode Fuzzy Hash: 6f7b787218cfe6dc98328e18f40f484bb36194aafcb0adaf6dc1dee95f7ee729
                                                                                    • Instruction Fuzzy Hash: 08B106B3F1668096EB704F54E002F7D7BB0FF50B84F45927DCB1A57B84E6296519A380
                                                                                    Function 00007FF8A7D59D50 Relevance: .3, Instructions: 304COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1b431d04f8cfd326d065826c0ea4a07768d4831b2dc7686569c959b8d95ae5da
                                                                                    • Instruction ID: 66a9cdfb3ee6b28060d8278634c7ce4afe095ae3da8e23f2dd1dd8d70d7782e2
                                                                                    • Opcode Fuzzy Hash: 1b431d04f8cfd326d065826c0ea4a07768d4831b2dc7686569c959b8d95ae5da
                                                                                    • Instruction Fuzzy Hash: FBB1C15260A5C16AEB198F769910AEF6BA0EB5DBC4F44F122DFDD4B74ACE28D241D300
                                                                                    Function 00007FF8A7D5A520 Relevance: .3, Instructions: 299COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bd04e1f6e5b77fd235431d6daf680498f867f8c369b5541b7e47b1bcb3da3638
                                                                                    • Instruction ID: 27cab42b70a46c01e054adac927cce4fccd8248fb1e0c49a6298cf32200a2dcb
                                                                                    • Opcode Fuzzy Hash: bd04e1f6e5b77fd235431d6daf680498f867f8c369b5541b7e47b1bcb3da3638
                                                                                    • Instruction Fuzzy Hash: 95B1BC735006588FD348DF6AD95843E7BA2F7D8B59B9B0229DB4317380EB706826DB90
                                                                                    Function 00007FF8A7D5A1B0 Relevance: .3, Instructions: 293COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c26bc9e0afa6a36dad590029bfac38e6475024b67d277dcd255fc33b8d7af121
                                                                                    • Instruction ID: fcaca9ce64cb4d151a134b680d44fd9c03959f9d0bbc5aee5cb66ef673e786cd
                                                                                    • Opcode Fuzzy Hash: c26bc9e0afa6a36dad590029bfac38e6475024b67d277dcd255fc33b8d7af121
                                                                                    • Instruction Fuzzy Hash: 6AB16E33A001A48FD788CF6ED89887D37A3E7C871179B832ADB4553389DA746819DBC0
                                                                                    Function 00007FF8A7D72F20 Relevance: .3, Instructions: 274COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 99f169184c6d2b13734529f87c174bec29b0316c2a188a1d7a05902af3d816c2
                                                                                    • Instruction ID: d79924a71646e02d241fe9ddc312112257f7b1a94f2eaec089d8029a109d3be2
                                                                                    • Opcode Fuzzy Hash: 99f169184c6d2b13734529f87c174bec29b0316c2a188a1d7a05902af3d816c2
                                                                                    • Instruction Fuzzy Hash: 36918C91B3E1A2A3F7798E4D840173EA595FF10BC0F40A235ED5E67B88DA2EE550D700
                                                                                    Function 00007FF8A7D56E70 Relevance: .2, Instructions: 220COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c8a701fd31c154d2dc192229eb25d8d25638208f0de1ecaa09b169f4e8a8f8eb
                                                                                    • Instruction ID: 5ecff00a341bd34dbe8412c3541c4df4444f7e048cbc0b7a87d7250357c9fd73
                                                                                    • Opcode Fuzzy Hash: c8a701fd31c154d2dc192229eb25d8d25638208f0de1ecaa09b169f4e8a8f8eb
                                                                                    • Instruction Fuzzy Hash: 45A130720198148BE34BCF5E948021EB3E1FB48A9FB616710EF4F87661D636AE63D750
                                                                                    Function 00007FF8A7D944D0 Relevance: .2, Instructions: 203COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 90b32cb7f7fc63c6fb00127071f37436bbba4780064a9dd077ecd279716693df
                                                                                    • Instruction ID: 2f7d40e72870da43b8136103e1533accb0bd59183e78ea78eefd1213d7a6048a
                                                                                    • Opcode Fuzzy Hash: 90b32cb7f7fc63c6fb00127071f37436bbba4780064a9dd077ecd279716693df
                                                                                    • Instruction Fuzzy Hash: 9A91C3231092E0AED306CF3A96449AE7FE0F71E788B99D151DB954BB47C338E612D750
                                                                                    Function 00007FF8A7D59A50 Relevance: .2, Instructions: 198COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 76ca8846758f7279c89c706cb55d4a6c794990205b94bc84ef3eb9dab7f83264
                                                                                    • Instruction ID: b00eafbf808867b5ca5a722ba1467998c39353de8e02f81ccbdd3e16573ec5cc
                                                                                    • Opcode Fuzzy Hash: 76ca8846758f7279c89c706cb55d4a6c794990205b94bc84ef3eb9dab7f83264
                                                                                    • Instruction Fuzzy Hash: 0C618DA27064A457EE98DF368D612AE1395BB4CBC1F81F832DD4D87389DE38D842C741
                                                                                    Function 00007FF8A7D830A0 Relevance: .2, Instructions: 170COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a01a8d336d240b66a520b8f76eca36f64ac119a91bb538f3d36a02399c46787c
                                                                                    • Instruction ID: e4da04b6f1c1405c8b720a9a249309b78209aca115888c2a93f4cb60b34286b1
                                                                                    • Opcode Fuzzy Hash: a01a8d336d240b66a520b8f76eca36f64ac119a91bb538f3d36a02399c46787c
                                                                                    • Instruction Fuzzy Hash: F9510A22B1F7E555EA348E2A7900BAEA6C9FB58FC4F4991359D0D5BF84EA3CE4425300
                                                                                    Function 00007FF8A7D5E4C0 Relevance: .2, Instructions: 163COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5d77631254022a2564090f98b8bfa30d20299f2ed0b727a65807a914737ba4ae
                                                                                    • Instruction ID: ef270208bf083759fe775fe54e4ad04e35967ca5cd3e5631789d421dab90c000
                                                                                    • Opcode Fuzzy Hash: 5d77631254022a2564090f98b8bfa30d20299f2ed0b727a65807a914737ba4ae
                                                                                    • Instruction Fuzzy Hash: 50419766F0654213FF19ED7AEC5502E5286BBC87D47046239EE2F8BB8DED78E481D240
                                                                                    Function 00007FF8A7D91E10 Relevance: .1, Instructions: 149COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: afccfe9f3e014e08196aad724a937f91ef825408217a78f00344b29ce58b4f81
                                                                                    • Instruction ID: ba873a4754f721b7da333c582952175187784af25b3fbc66f965cf64dbf0328d
                                                                                    • Opcode Fuzzy Hash: afccfe9f3e014e08196aad724a937f91ef825408217a78f00344b29ce58b4f81
                                                                                    • Instruction Fuzzy Hash: 64511533B0A6C06AD71A8F31A9046ADBFE0F719788B488139DF9D43B49C63CE551D710
                                                                                    Function 00007FF8A7D5D210 Relevance: .1, Instructions: 145COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 925e7221762b452499bd5f1cd8d4647ae936fd8bfb8d6f0e8219c8ca6ea31777
                                                                                    • Instruction ID: c997f7ff852280191f447f3a4eae77f41268ff200e7d3e8103b652bf3f3ddd39
                                                                                    • Opcode Fuzzy Hash: 925e7221762b452499bd5f1cd8d4647ae936fd8bfb8d6f0e8219c8ca6ea31777
                                                                                    • Instruction Fuzzy Hash: 82412473F1B48657F7684D29D881B3D1680EB64BECB08A235ED2AC77C8D82CE9819351
                                                                                    Function 00007FF8A7D82B40 Relevance: .1, Instructions: 139COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1da0fa7538a61e1ec26d81ef3ee2e77181907d7570b22cc55868e0e260c2f721
                                                                                    • Instruction ID: f47a9af7519f3c5146d2280ee710eef5902eb86a8e0100cbf84bb395b0200cdb
                                                                                    • Opcode Fuzzy Hash: 1da0fa7538a61e1ec26d81ef3ee2e77181907d7570b22cc55868e0e260c2f721
                                                                                    • Instruction Fuzzy Hash: F9414602F1A2E10BC7924EFF4DD922DADD2158E44638CC77AA7D4C52DFD86CE20E6614
                                                                                    Function 00007FF8A7D5CCE0 Relevance: .1, Instructions: 138COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1bbb289327d116bb0d3926814ce134dcf89bf85936bb88c31896ce7583001f71
                                                                                    • Instruction ID: 46e00b9eafc158b1b63296de119c750ea843388c567c891be879d6552ee5718b
                                                                                    • Opcode Fuzzy Hash: 1bbb289327d116bb0d3926814ce134dcf89bf85936bb88c31896ce7583001f71
                                                                                    • Instruction Fuzzy Hash: 7241A4E3F3A84603DB6D8629CC057285183A7E57B175CE235D92ED6FCCE83CDA159502
                                                                                    Function 00007FF8A7D828B0 Relevance: .1, Instructions: 137COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8289133b11807aa708dee106fcce6d7ef6ccc2dac79a51c200281d0fae8d85f5
                                                                                    • Instruction ID: 0a24dedc9a0a57ffe617537608a8400275a41b98e14bb4ea312f375e18c72059
                                                                                    • Opcode Fuzzy Hash: 8289133b11807aa708dee106fcce6d7ef6ccc2dac79a51c200281d0fae8d85f5
                                                                                    • Instruction Fuzzy Hash: 8741A2522380F00AC76E1F3D293AA39BE92725664774EE36EFE8342AC7D41D8910A714
                                                                                    Function 00007FF8A7D513A0 Relevance: .1, Instructions: 131COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e751435a9f45e6580fe7b108adce3f96b0c8069535fb2d3307a909beff15caba
                                                                                    • Instruction ID: 1b465f0f8aef780524d189f0c20a77e8d58fa526eba53b4613253a1a1bf12749
                                                                                    • Opcode Fuzzy Hash: e751435a9f45e6580fe7b108adce3f96b0c8069535fb2d3307a909beff15caba
                                                                                    • Instruction Fuzzy Hash: FB318A93F622AB13FF198F596C01BB89441AF447D8F44A235ED2E5BBC9E43DD946E200
                                                                                    Function 00007FF8A7D5D030 Relevance: .1, Instructions: 127COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 66cb80125cf637f8d0b0a114fc56422192b4e9792f88120ada6a7116402668c2
                                                                                    • Instruction ID: 91e1f7b7f43fa15b6faa4d3e4638223654d2558f253c804f0ea386f19a15174c
                                                                                    • Opcode Fuzzy Hash: 66cb80125cf637f8d0b0a114fc56422192b4e9792f88120ada6a7116402668c2
                                                                                    • Instruction Fuzzy Hash: 1B31A0E7B364B943EB7C0639C855F280181D7657B4B8CE139DD1AC2F80E81EE6418F52
                                                                                    Function 00007FF8A7D51990 Relevance: .1, Instructions: 120COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f50bf9d45b07f9fed7a8078693abee7f23351cad672a747608ffeb063cebe12d
                                                                                    • Instruction ID: de43a97df98475cc3a909f1b5038e294f9a74bc440bfd1b00bf7be7a697fbe09
                                                                                    • Opcode Fuzzy Hash: f50bf9d45b07f9fed7a8078693abee7f23351cad672a747608ffeb063cebe12d
                                                                                    • Instruction Fuzzy Hash: 96515E33509AE18AD792DB64D448BED3BA8F71D388FA64471CBAD83702DBB5D990D700
                                                                                    Function 00007FF8A7D51730 Relevance: .1, Instructions: 116COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 860bab9d395cf43ed3b1cf56782110bfed2c0c3dddb8109515e6473b81413bd7
                                                                                    • Instruction ID: a5f7834a4676d7b53773c2cb6bf43bca7a35c965d06e00c94bd2c027d15d5167
                                                                                    • Opcode Fuzzy Hash: 860bab9d395cf43ed3b1cf56782110bfed2c0c3dddb8109515e6473b81413bd7
                                                                                    • Instruction Fuzzy Hash: 58519E73109AE186E792DB64D448BEE3BA4F719384FA68571CBEC83702DBB5C890C700
                                                                                    Function 00007FF8A7D733E0 Relevance: .1, Instructions: 114COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bf754ad211c098a8f34c6fa0d70b3b75da22e1392d81fac143d3245663dd1af9
                                                                                    • Instruction ID: 9492821b6de2a70161d2300d422c6ae39868de26929bedbb96f0026dc36eff24
                                                                                    • Opcode Fuzzy Hash: bf754ad211c098a8f34c6fa0d70b3b75da22e1392d81fac143d3245663dd1af9
                                                                                    • Instruction Fuzzy Hash: 2C41B4A673C0F263F3354B18E002E2EF7A1EB52FC5B546310DBA422E58D66AD558EF10
                                                                                    Function 00007FF8A7D94330 Relevance: .1, Instructions: 109COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 51b6c65e6f8fbbfa1a7d368a2725116908e408c53695cc2cda4a45b28fc02054
                                                                                    • Instruction ID: 0af5007090373f5916cb96a79c9dd56dd7f7daea4f31fd02fd82f195c5f6ff10
                                                                                    • Opcode Fuzzy Hash: 51b6c65e6f8fbbfa1a7d368a2725116908e408c53695cc2cda4a45b28fc02054
                                                                                    • Instruction Fuzzy Hash: 88417E731046648BD301CF2AE981A9AB7E2F398B4CFA5D225DF4257356D739A907CB80
                                                                                    Function 00007FF8A7D5B460 Relevance: .1, Instructions: 96COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1b83fdb0131200dfce48832797b5ce1ee65e01df28847898595a6ba08a50e8d6
                                                                                    • Instruction ID: 4a4d85f755a89dd5500a4242924a5abcd7abb3e05055d26e331ea4249f7cc796
                                                                                    • Opcode Fuzzy Hash: 1b83fdb0131200dfce48832797b5ce1ee65e01df28847898595a6ba08a50e8d6
                                                                                    • Instruction Fuzzy Hash: D0217FE7F3186A03EB78423DEC16F1404C251B977434CE135E916C6F85F42EEA424A83
                                                                                    Function 00007FF8A7D72D20 Relevance: .1, Instructions: 93COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9accf3f83477c77ce7ab5b6679156a875be267288f965f0b915796913070d0d7
                                                                                    • Instruction ID: 7eed5754b1834e89ad7b281dee9995115732208a055216060500222a49c2bc36
                                                                                    • Opcode Fuzzy Hash: 9accf3f83477c77ce7ab5b6679156a875be267288f965f0b915796913070d0d7
                                                                                    • Instruction Fuzzy Hash: 1121299B7315F903FB010ABE6D056759982A188BF73499732ECA8E77CDC478DC519290
                                                                                    Function 00007FF8A7D72BF0 Relevance: .1, Instructions: 91COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a414ea0c491aecb8e1acee4f50acb857c601688e8d49eddf1fb7be55f6bcb7eb
                                                                                    • Instruction ID: 7a5d0e89ee220409aea0cd3b8462f96d225d0e593cd00c887ba69c6791ff7a16
                                                                                    • Opcode Fuzzy Hash: a414ea0c491aecb8e1acee4f50acb857c601688e8d49eddf1fb7be55f6bcb7eb
                                                                                    • Instruction Fuzzy Hash: 7F213E9FF656BA03FB1846AF6C412786280E648BF63489732DDDDE77CAD47C890291D0
                                                                                    Function 00007FF8A7D5C1A0 Relevance: .1, Instructions: 85COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 13f149c23a356f76f238516a0c29d6d6da4b78dcaf03ebe63ea6bb4be2698659
                                                                                    • Instruction ID: cf7048e9f5a91fb3f0db852140eadc0e1a8b1777aaa0120cfe479e01e0342cce
                                                                                    • Opcode Fuzzy Hash: 13f149c23a356f76f238516a0c29d6d6da4b78dcaf03ebe63ea6bb4be2698659
                                                                                    • Instruction Fuzzy Hash: 152197FBF3A0E653DB754B6DD500F282941A361BF4698F134C91E83E84E916D641EF02
                                                                                    Function 00007FF8A7D5D700 Relevance: .1, Instructions: 77COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b6e375ad6e9128b21d2b8073199f54bc1e05150e57f45dacb5095166fe167bd8
                                                                                    • Instruction ID: 82092c33702a046718b8fdbeb0818a1abccd445aafa638c22f056e74509d14ac
                                                                                    • Opcode Fuzzy Hash: b6e375ad6e9128b21d2b8073199f54bc1e05150e57f45dacb5095166fe167bd8
                                                                                    • Instruction Fuzzy Hash: 1F216673B708EA07D7508779E846F946A90E3A1B4CF98E631E725D3E80D13EE092C740
                                                                                    Function 00007FF8A7D5D8D0 Relevance: .1, Instructions: 71COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 333bc48ed0cd00a2d1b15b774f25581d7625ddc281499ec81eb7566562b50259
                                                                                    • Instruction ID: bf58ea62bdeea5a3c1e28ef6ad64e244a25949ec396abc3ecb626000a4bf6a79
                                                                                    • Opcode Fuzzy Hash: 333bc48ed0cd00a2d1b15b774f25581d7625ddc281499ec81eb7566562b50259
                                                                                    • Instruction Fuzzy Hash: E51160B3B324B20BD7489AB8CC063A932C3D3C8746F9CC534E755CAA89D53CE2519604
                                                                                    Function 00007FF8A7D5B790 Relevance: .1, Instructions: 65COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 921da5e6bee8a79c60022e540b3013bc24987b6f10c9384b169f9994f4f13c7f
                                                                                    • Instruction ID: fcb4ffdad874078331f276a2f255bd002654dc4e6c2deed0333fc39fee4ab596
                                                                                    • Opcode Fuzzy Hash: 921da5e6bee8a79c60022e540b3013bc24987b6f10c9384b169f9994f4f13c7f
                                                                                    • Instruction Fuzzy Hash: 46115EF7F360AA03EB7C055AE822F7809419375BA898CF13DDE1B12F81E81E56405B42
                                                                                    Function 00007FF8A7D5B5C0 Relevance: .1, Instructions: 65COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 48c7e682ef6fe0021f165804b69b7812e3084bd1803e36f36abadd25f99cf90a
                                                                                    • Instruction ID: 08dd8caaf8fade23febe0e2ba36b9dc3dab9647f4b81b1857dc8b1110168b319
                                                                                    • Opcode Fuzzy Hash: 48c7e682ef6fe0021f165804b69b7812e3084bd1803e36f36abadd25f99cf90a
                                                                                    • Instruction Fuzzy Hash: 5911A5D7F379AA03EB60493DCC427180182D7A57B178CE632EC19CAF49E83DE6519A42
                                                                                    Function 00007FF8A7D5DEF0 Relevance: .1, Instructions: 62COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5b8c63fbc3d1884eef626a7aef42dd066a5768f9b76b144cbd0180c709170efd
                                                                                    • Instruction ID: 9ba0978b847245e524e66be69e8f98e32f980fdc44fdb1f9c7caa73938d69153
                                                                                    • Opcode Fuzzy Hash: 5b8c63fbc3d1884eef626a7aef42dd066a5768f9b76b144cbd0180c709170efd
                                                                                    • Instruction Fuzzy Hash: D4112972A070D15BEA95CF29D498ABC33D1E784388FC59236DB158768CD73CE941E760
                                                                                    Function 00007FF8A7D5B8D0 Relevance: .1, Instructions: 54COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 87362e0b0484954b111388de62736d52838e743fda6cb01bb5a4730a87f793d9
                                                                                    • Instruction ID: e0c60cfb44f26627243deb9d7f859b8837e238aaeb6784e604fd187a9cf79d19
                                                                                    • Opcode Fuzzy Hash: 87362e0b0484954b111388de62736d52838e743fda6cb01bb5a4730a87f793d9
                                                                                    • Instruction Fuzzy Hash: ED017CE3F328A903DB64867DCC0670400C396F877178CE131B914C6F89F83EE6418A42
                                                                                    Function 00007FF8A7D5B380 Relevance: .0, Instructions: 44COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7b36b57bc46747f380974be252968c61105f93df6c2abcd15431a709e92770c1
                                                                                    • Instruction ID: 14bd2cacf1174b1c4f3da44626b05ac20a3ec18444f4115fae820648a13c1207
                                                                                    • Opcode Fuzzy Hash: 7b36b57bc46747f380974be252968c61105f93df6c2abcd15431a709e92770c1
                                                                                    • Instruction Fuzzy Hash: 43F0B7D7F3685A03EB5C456DDC1631401C391E823238DD13ABA47C6B8AF839EA968643
                                                                                    Function 00007FF8A7D599C0 Relevance: .0, Instructions: 30COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3dde2236b060dd472fafee045e56aa39d7b712360777964fc0ed02c3a9815e90
                                                                                    • Instruction ID: a6d6364920ed2d541e5cd8914c60f6f20c110aefc493042eb7db3851c6d05d0c
                                                                                    • Opcode Fuzzy Hash: 3dde2236b060dd472fafee045e56aa39d7b712360777964fc0ed02c3a9815e90
                                                                                    • Instruction Fuzzy Hash: 92F0AFD9231BB64BE911A69990D07D69721F30DBC6B70A622DE4D27335CA17A10BCA00
                                                                                    Function 00007FF65EE13E04 Relevance: .0, Instructions: 2COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2294622948.00007FF65EE11000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF65EE10000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2294598232.00007FF65EE10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294667462.00007FF65EE15000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294698930.00007FF65EE16000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294724582.00007FF65EE19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff65ee10000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9511fbd7afa4ad21328c4c2650442df0d5d07feab4356b821a062b44ea0b29a4
                                                                                    • Instruction ID: 7876544f4ecf0b60c8542d4784aa446bb2815bd5508bce6a792e89e6ac78254b
                                                                                    • Opcode Fuzzy Hash: 9511fbd7afa4ad21328c4c2650442df0d5d07feab4356b821a062b44ea0b29a4
                                                                                    • Instruction Fuzzy Hash: 37A0016192CA2290EA088BC0AA601256330AB70300B8A0075E04DA11659EACA9958652
                                                                                    Function 00007FF65EE125C0 Relevance: 51.0, APIs: 6, Strings: 23, Instructions: 206COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00007FF65EE12570: printf.MSPDB140-MSVCRT ref: 00007FF65EE12587
                                                                                      • Part of subcall function 00007FF65EE12530: atoi.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,?,?,00000000,00007FF65EE12617,?,?,?,00007FF65EE11BD6,?,?,?,00007FF65EE11A02), ref: 00007FF65EE12552
                                                                                    • puts.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,00007FF65EE11BD6,?,?,?,00007FF65EE11A02), ref: 00007FF65EE128DF
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2294622948.00007FF65EE11000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF65EE10000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2294598232.00007FF65EE10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294667462.00007FF65EE15000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294698930.00007FF65EE16000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294724582.00007FF65EE19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff65ee10000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: atoiprintfputs
                                                                                    • String ID: Invalid number of audio tracks$Invalid number of video tracks$Must have at least 1 audio track or 1 video track$audio codec$audio track count$file name$muxer settings$stream key$video bitrate$video chroma sample location$video codec$video codec tag$video color primaries$video color range$video color trc$video colorspace$video fps den$video fps num$video height$video max luminance$video track count$video width${stream_key}
                                                                                    • API String ID: 3402752964-4246942696
                                                                                    • Opcode ID: bbb72588bee9787a683502761444138c14bf0f1375247d53f9cdc5c5b4da8170
                                                                                    • Instruction ID: 7ec37c3f61f153e3d3be1307ffd138af240f1ecff68bf87476cea40271660274
                                                                                    • Opcode Fuzzy Hash: bbb72588bee9787a683502761444138c14bf0f1375247d53f9cdc5c5b4da8170
                                                                                    • Instruction Fuzzy Hash: 27818F64928A6291FE1CDBD1BB545F82351AF2D7C0F895032FD4DA7285AFBCE18AD300
                                                                                    Function 00007FF65EE11C50 Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 215COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2294622948.00007FF65EE11000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF65EE10000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2294598232.00007FF65EE10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294667462.00007FF65EE15000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294698930.00007FF65EE16000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294724582.00007FF65EE19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff65ee10000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: memcpy$__acrt_iob_func__stdio_common_vfprintffclosefprintfmallocos_event_signalos_event_waitpthread_mutex_lock
                                                                                    • String ID: Error allocating memory for output$Error writing to '%s', %s
                                                                                    • API String ID: 2637689336-4070097938
                                                                                    • Opcode ID: a31c7b85b8c0d82d0157cb35a6e72543ed071c06804e902690462ed57beb3fc0
                                                                                    • Instruction ID: 77d85e9b47b3a92f40a7d86b1866cd5a9c05482480975952bf5fc5116facc697
                                                                                    • Opcode Fuzzy Hash: a31c7b85b8c0d82d0157cb35a6e72543ed071c06804e902690462ed57beb3fc0
                                                                                    • Instruction Fuzzy Hash: F3A18132A28B9285DB15DFA1E6003FD6361FB68B88F480035EE8DA7759DFB8D585C310
                                                                                    Function 00007FF8A7D60410 Relevance: 36.1, APIs: 24, Instructions: 131COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _aligned_free
                                                                                    • String ID:
                                                                                    • API String ID: 2229574080-0
                                                                                    • Opcode ID: b1b7e4f8b11abefead583c2dde418006ab1f199e84be47299285f48100eacfdc
                                                                                    • Instruction ID: 113f56245a2420ac218a3722ea0a57201ecef0604e937b687a5231beda99f334
                                                                                    • Opcode Fuzzy Hash: b1b7e4f8b11abefead583c2dde418006ab1f199e84be47299285f48100eacfdc
                                                                                    • Instruction Fuzzy Hash: F2514526B2650163DA50EF12D895A7E2329FF84FD5F014A76DE6D4B399CE38F401E380
                                                                                    Function 00007FF8A7D88800 Relevance: 34.6, APIs: 12, Strings: 11, Instructions: 88stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strcmp
                                                                                    • String ID: dbl$dblp$flt$fltp$s16$s16p$s32$s32p$s64$s64p$u8p
                                                                                    • API String ID: 1004003707-1774405992
                                                                                    • Opcode ID: c5f0c382e97445bf1fdad9ea523356781cb8596a76fcd8cb5a790a5f3faa4372
                                                                                    • Instruction ID: 0c9923773d8adccf841351dcf8b76e990dafda6a483c9b045cfbd21c05f9a89a
                                                                                    • Opcode Fuzzy Hash: c5f0c382e97445bf1fdad9ea523356781cb8596a76fcd8cb5a790a5f3faa4372
                                                                                    • Instruction Fuzzy Hash: 2D31D070B6E003B1FE50AF22D96527E1241EF44BC1F844531E86DAA1D9EE2CFA61E312
                                                                                    Function 00007FF8A7D66890 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 201COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _errno$ByteCharFullMultiNamePathWidewcscatwcscpywcslen$_sopen_wsopen
                                                                                    • String ID: \\?\$\\?\UNC\
                                                                                    • API String ID: 2611099503-3019864461
                                                                                    • Opcode ID: 8b58886237893d285495af4019e8dee8374e10659ea7d6d5ad0572367657074e
                                                                                    • Instruction ID: b58275f52e340699a412c935b544b24ceeb4bf74b1ed7420c4d0b42e68d2288f
                                                                                    • Opcode Fuzzy Hash: 8b58886237893d285495af4019e8dee8374e10659ea7d6d5ad0572367657074e
                                                                                    • Instruction Fuzzy Hash: 5871D721A2A642A1EB60AF55A42477E66D0FF44BE0F449635FE6E077D8EF7CE444E300
                                                                                    Function 00007FF8A7D6E100 Relevance: 30.1, APIs: 2, Strings: 15, Instructions: 302stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strtol
                                                                                    • String ID: -> %s: %s$%s failed$Calling %s$Could not dynamically load CUDA$Disabling use of CUDA primary device context$Primary context already active with incompatible flags.$Using CUDA primary device context$cu->cuCtxCreate(&hwctx->cuda_ctx, desired_flags, hwctx->internal->cuda_device)$cu->cuCtxPopCurrent(&dummy)$cu->cuDeviceGet(&hwctx->internal->cuda_device, device_idx)$cu->cuDevicePrimaryCtxGetState(hwctx->internal->cuda_device, &dev_flags, &dev_active)$cu->cuDevicePrimaryCtxRetain(&hwctx->cuda_ctx, hwctx->internal->cuda_device)$cu->cuDevicePrimaryCtxSetFlags(hwctx->internal->cuda_device, desired_flags)$cu->cuInit(0)$primary_ctx
                                                                                    • API String ID: 76114499-3193254869
                                                                                    • Opcode ID: b1d8503496d87b39853df48a8e21de1adfc12c32e64f3833a9af2b5287376059
                                                                                    • Instruction ID: ac2fde5d93e653b3c43dbaf10ebeecce8cd94fe665089d96c717a074a8796951
                                                                                    • Opcode Fuzzy Hash: b1d8503496d87b39853df48a8e21de1adfc12c32e64f3833a9af2b5287376059
                                                                                    • Instruction Fuzzy Hash: BCD1703561AA42A2EA54EF21E4107EE2361FF88BD8F804532EE5E17798DF3DE545E340
                                                                                    Function 00007FF8A7D58700 Relevance: 28.9, APIs: 12, Strings: 7, Instructions: 414stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strchr
                                                                                    • String ID: $&amp;$&apos;$&gt;$&lt;$&quot;$'\''
                                                                                    • API String ID: 2830005266-2908976646
                                                                                    • Opcode ID: 58878a93e8017a577d70043575bf448a998ddca24cee1ed7eb6ac7db7c468040
                                                                                    • Instruction ID: 77a20027812c86fa66231ec7d7a11d43bdd868055c6894bb0193e438538238f6
                                                                                    • Opcode Fuzzy Hash: 58878a93e8017a577d70043575bf448a998ddca24cee1ed7eb6ac7db7c468040
                                                                                    • Instruction Fuzzy Hash: 5BE1BE20F0F2D266FA649E1255513BE2B81EF42FC5F986235DD2D2A3CECD2EB541A341
                                                                                    Function 00007FF8A7D60BA0 Relevance: 28.6, APIs: 19, Instructions: 115COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _aligned_free
                                                                                    • String ID:
                                                                                    • API String ID: 2229574080-0
                                                                                    • Opcode ID: d09f3d952e3eb66ce5eccd33bd3b0168fb06931170680be69507253bbd36f74d
                                                                                    • Instruction ID: 778bf3796a079199de7c9be1e110a1a3eafb946ac9d56ab6e7a6505a1431b602
                                                                                    • Opcode Fuzzy Hash: d09f3d952e3eb66ce5eccd33bd3b0168fb06931170680be69507253bbd36f74d
                                                                                    • Instruction Fuzzy Hash: EC418526B2650163DA40EF11D895E7E2719FF84FD5B024A72EE6D4B399CE38E441E380
                                                                                    Function 00007FF8A7D66650 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 111fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: ByteCharFileFullMultiNamePathWide_close_errno$CloseCreateHandleMappingView_fstat64_get_osfhandle_sopen_wsopenwcslen
                                                                                    • String ID: Cannot read file '%s': %s$Error occurred in CreateFileMapping()$Error occurred in MapViewOfFile()$Error occurred in fstat(): %s
                                                                                    • API String ID: 741575255-3109280323
                                                                                    • Opcode ID: 7267cfeadb9c871bf9fb2dec6a57e72c4003b2fad726f8657ee3e356bb816377
                                                                                    • Instruction ID: b395d035e105526ba454181e84714f7484a0acf05b04e1e961478b721d428b9d
                                                                                    • Opcode Fuzzy Hash: 7267cfeadb9c871bf9fb2dec6a57e72c4003b2fad726f8657ee3e356bb816377
                                                                                    • Instruction Fuzzy Hash: 9E419231A1AB86A2F7549F61F4207AE62A4FF84BC8F404135E95E07B98DF7CE505E740
                                                                                    Function 00007FF65EE11A40 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 87stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF65EE11A6D
                                                                                      • Part of subcall function 00007FF65EE12030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF65EE123A2), ref: 00007FF65EE1204A
                                                                                      • Part of subcall function 00007FF65EE12030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF65EE123A2), ref: 00007FF65EE12065
                                                                                      • Part of subcall function 00007FF65EE12030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF65EE123A2), ref: 00007FF65EE12080
                                                                                      • Part of subcall function 00007FF65EE12030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF65EE123A2), ref: 00007FF65EE1209B
                                                                                      • Part of subcall function 00007FF65EE12030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF65EE123A2), ref: 00007FF65EE120B6
                                                                                    • avformat_network_init.AVFORMAT-60 ref: 00007FF65EE11A85
                                                                                    • av_guess_format.AVFORMAT-60 ref: 00007FF65EE11AAF
                                                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF65EE11ABC
                                                                                    • fprintf.MSPDB140-MSVCRT ref: 00007FF65EE11AD0
                                                                                    • avformat_alloc_output_context2.AVFORMAT-60 ref: 00007FF65EE11AEC
                                                                                    • av_strerror.AVUTIL-58 ref: 00007FF65EE11B19
                                                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF65EE11B23
                                                                                    • fprintf.MSPDB140-MSVCRT ref: 00007FF65EE11B38
                                                                                      • Part of subcall function 00007FF65EE12910: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF65EE11B4C), ref: 00007FF65EE12939
                                                                                      • Part of subcall function 00007FF65EE12370: avcodec_free_context.AVCODEC-60 ref: 00007FF65EE12388
                                                                                      • Part of subcall function 00007FF65EE12370: av_free.AVUTIL-58 ref: 00007FF65EE123B1
                                                                                      • Part of subcall function 00007FF65EE12370: avio_context_free.AVFORMAT-60 ref: 00007FF65EE123BD
                                                                                      • Part of subcall function 00007FF65EE12370: avformat_free_context.AVFORMAT-60 ref: 00007FF65EE123CC
                                                                                      • Part of subcall function 00007FF65EE12370: avcodec_free_context.AVCODEC-60 ref: 00007FF65EE12402
                                                                                      • Part of subcall function 00007FF65EE12370: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF65EE12415
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2294622948.00007FF65EE11000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF65EE10000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2294598232.00007FF65EE10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294667462.00007FF65EE15000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294698930.00007FF65EE16000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294724582.00007FF65EE19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff65ee10000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strncmp$__acrt_iob_funcavcodec_free_contextfprintf$av_freeav_guess_formatav_strerroravformat_alloc_output_context2avformat_free_contextavformat_network_initavio_context_freecallocfree
                                                                                    • String ID: Couldn't find an appropriate muxer for '%s'$Couldn't initialize output context: %s$http$mpegts$video/M2PT
                                                                                    • API String ID: 3777911973-2524251934
                                                                                    • Opcode ID: 078559d49e555ef7517477361438487f95b7fa6d5945ffa6822e70d97715306d
                                                                                    • Instruction ID: 2ae9c6e99cb47465e2eb7d668e68cc7e4cc92e9e32b0e619ca9dd3d2f1f07b8d
                                                                                    • Opcode Fuzzy Hash: 078559d49e555ef7517477361438487f95b7fa6d5945ffa6822e70d97715306d
                                                                                    • Instruction Fuzzy Hash: 2F311711F3876382FE189BA5AE002B92350AFA9794F585235FD4DE72D5EFACE4C48700
                                                                                    Function 00007FF8A7D7EA60 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 176stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strlen$strchrstrtoul
                                                                                    • String ID: 0123456789ABCDEFabcdef$Cannot find color '%s'$Invalid 0xRRGGBB[AA] color string: '%s'$Invalid alpha value specifier '%s' in '%s'$bikeshed$random
                                                                                    • API String ID: 643661298-1323625105
                                                                                    • Opcode ID: 05b314dcd31ff43a5f327d01538bb3f4bf05cbc92719439464dceff93f7a60bd
                                                                                    • Instruction ID: 2cd84c15166e3756a987f4f939cfceb7f7e80e7f57afac72be06237c0d7465d5
                                                                                    • Opcode Fuzzy Hash: 05b314dcd31ff43a5f327d01538bb3f4bf05cbc92719439464dceff93f7a60bd
                                                                                    • Instruction Fuzzy Hash: 85712622E1F68265FB619F21941177E6B91EF81BC4F488732E9AE077C9DE7CE440A340
                                                                                    Function 00007FF65EE114B0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 164COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2294622948.00007FF65EE11000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF65EE10000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2294598232.00007FF65EE10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294667462.00007FF65EE15000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294698930.00007FF65EE16000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294724582.00007FF65EE19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff65ee10000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: __acrt_iob_funcav_content_light_metadata_allocav_mastering_display_metadata_allocav_memdupav_stream_add_side_dataavcodec_alloc_context3avcodec_descriptor_get_by_name
                                                                                    • String ID: 2$Couldn't find codec '%s'$E
                                                                                    • API String ID: 3726879996-2734579634
                                                                                    • Opcode ID: 984bf621481a9a25f05ee9f8f0874bf5fd16c3df77fd558344dbfddc274f0f6a
                                                                                    • Instruction ID: beb2183725623dc8549ee29c87eca011627f9168a8851317c6c5a2884cb11bd6
                                                                                    • Opcode Fuzzy Hash: 984bf621481a9a25f05ee9f8f0874bf5fd16c3df77fd558344dbfddc274f0f6a
                                                                                    • Instruction Fuzzy Hash: 1381E376609B808BDB54CF65E64435DBBB0F789B88F14402AEB8C87B58DF7AD854CB00
                                                                                    Function 00007FF65EE11250 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 144COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2294622948.00007FF65EE11000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF65EE10000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2294598232.00007FF65EE10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294667462.00007FF65EE15000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294698930.00007FF65EE16000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294724582.00007FF65EE19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff65ee10000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: __acrt_iob_func$avcodec_descriptor_get_by_nameavcodec_find_encoder
                                                                                    • String ID: Couldn't find codec '%s'$Couldn't find codec descriptor '%s'$title
                                                                                    • API String ID: 3715327632-3279048111
                                                                                    • Opcode ID: c9720edbb9d548ebec2452977bce4eb4d803eed367fb80ba86fd3ea18017a218
                                                                                    • Instruction ID: 9d1f22f9773089adbbb983d168b5c751582fc58c8dd98b598cbe082b3906a006
                                                                                    • Opcode Fuzzy Hash: c9720edbb9d548ebec2452977bce4eb4d803eed367fb80ba86fd3ea18017a218
                                                                                    • Instruction Fuzzy Hash: 4C61BD72614B8186DB08CF56EA903AD7761FB98B94F094039EF4E97758DFB8E095C700
                                                                                    Function 00007FF8A7D93CB0 Relevance: 21.1, APIs: 14, Instructions: 123COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _aligned_free
                                                                                    • String ID:
                                                                                    • API String ID: 2229574080-0
                                                                                    • Opcode ID: 9507d53f166a1d0254cdadf622783abd4b684d210657e614246861b7e6ebef3c
                                                                                    • Instruction ID: 73c9118972d6a7b44dbd2007fa270e0fb592ceca103154343984fd836bbd4854
                                                                                    • Opcode Fuzzy Hash: 9507d53f166a1d0254cdadf622783abd4b684d210657e614246861b7e6ebef3c
                                                                                    • Instruction Fuzzy Hash: 75411C11B1BC6261E945EF13C46657E176CEF85FD0B068A32DE6D4B78ACF38E845A380
                                                                                    Function 00007FF65EE117A0 Relevance: 19.6, APIs: 13, Instructions: 72COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2294622948.00007FF65EE11000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF65EE10000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2294598232.00007FF65EE10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294667462.00007FF65EE15000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294698930.00007FF65EE16000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294724582.00007FF65EE19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff65ee10000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: bfreefreeos_event_destroy$av_packet_freeav_write_traileros_event_signalpthread_joinpthread_mutex_destroypthread_mutex_lockpthread_mutex_unlock
                                                                                    • String ID:
                                                                                    • API String ID: 3736584056-0
                                                                                    • Opcode ID: 8bdf6fd2e92e54ef71616242ce810bf52dd6c25259264d2bdbef31b8de60417c
                                                                                    • Instruction ID: 9c0fc18083849f650c53012ba2ff50fc7f0386a5f2ab88c47dbdcee3784429f1
                                                                                    • Opcode Fuzzy Hash: 8bdf6fd2e92e54ef71616242ce810bf52dd6c25259264d2bdbef31b8de60417c
                                                                                    • Instruction Fuzzy Hash: 75315222E2869281EB49EF70C9513F82361FFA4B48F4C4131EE4DAA19ADFA8D5C58351
                                                                                    Function 00007FF8A7D5AE10 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 151stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: memcmpstrlen
                                                                                    • String ID: mono
                                                                                    • API String ID: 3108337309-2381334079
                                                                                    • Opcode ID: 4442f9bb683f4af6272261eaf8af414874aa53633c76ffc30400c404e096c1e0
                                                                                    • Instruction ID: 3ebeffe04cb56ba0af8e240599d747b2fe4853ac1a698799b2674a19fc1ed66f
                                                                                    • Opcode Fuzzy Hash: 4442f9bb683f4af6272261eaf8af414874aa53633c76ffc30400c404e096c1e0
                                                                                    • Instruction Fuzzy Hash: FC51E462B0B59367FA609F15D4142BE6B90EB45BC0F8D5132EE1D4B388DE3CE455A300
                                                                                    Function 00007FF8A7D5F360 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 170stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _aligned_free$strlen$memcpy$_aligned_realloc
                                                                                    • String ID: %lld
                                                                                    • API String ID: 3853940031-1962030014
                                                                                    • Opcode ID: 8ef0d90d922d738ed908a9e8d1ebc5c3fb02acdd9b45e12231443154cef6d25c
                                                                                    • Instruction ID: f575d9919c380d861bd158112361129c35cde5752a2e690ee95b88744d28b95a
                                                                                    • Opcode Fuzzy Hash: 8ef0d90d922d738ed908a9e8d1ebc5c3fb02acdd9b45e12231443154cef6d25c
                                                                                    • Instruction Fuzzy Hash: 10618122A0B68262EA64DE15E51077E6391FF44BE4F045B31EEAD4B789EF3CE550E340
                                                                                    Function 00007FF8A7E0AF60 Relevance: 16.7, APIs: 11, Instructions: 159sleepCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateEventSleep
                                                                                    • String ID:
                                                                                    • API String ID: 3100162736-0
                                                                                    • Opcode ID: e5aaf2775736aee3134771c4ec912a0918e928d2149e6c1679b1ab5e8eb6a53e
                                                                                    • Instruction ID: d182754fb074bd4c67aad5ac4d4a8f74bccfb73cb6d8a61f0189cb052f3683b7
                                                                                    • Opcode Fuzzy Hash: e5aaf2775736aee3134771c4ec912a0918e928d2149e6c1679b1ab5e8eb6a53e
                                                                                    • Instruction Fuzzy Hash: 5751AF32A4A64296E7618F20E858BAF32A5FB44BF4F054335DE29473D4DF3C9896E300
                                                                                    Function 00007FF8A7DF9990 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 155COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _errno
                                                                                    • String ID: -
                                                                                    • API String ID: 2918714741-2547889144
                                                                                    • Opcode ID: f978b8ec28ce8a6f9b5e47dd2052fece94246ae97b2b9cc28d4a0647f4bf6175
                                                                                    • Instruction ID: 340172ab97ae67e58869a8b5999b09af2a33c052079651ce175c4dbb520f07df
                                                                                    • Opcode Fuzzy Hash: f978b8ec28ce8a6f9b5e47dd2052fece94246ae97b2b9cc28d4a0647f4bf6175
                                                                                    • Instruction Fuzzy Hash: 4B51E132E0F25761FA254F2554503BD2A81EF01BEAF494730CD7F8A2C9DEACE841A300
                                                                                    Function 00007FF8A7DF9BF0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 147COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _errno
                                                                                    • String ID: -$ambisonic
                                                                                    • API String ID: 2918714741-2876420257
                                                                                    • Opcode ID: c1d0ba877cb9a5e33fb598b34b3d9939bb9d6dbd7a5e029ec6c2859871519c45
                                                                                    • Instruction ID: f59e22ed3c1ffa79065d6ae8fe9a45a1902a764eb74646fd236c05dcfa7924e4
                                                                                    • Opcode Fuzzy Hash: c1d0ba877cb9a5e33fb598b34b3d9939bb9d6dbd7a5e029ec6c2859871519c45
                                                                                    • Instruction Fuzzy Hash: 18411362E0F15221FB644F2548583BD26C5EF017E6F594B32DD3F8A2C8EDACE441A710
                                                                                    Function 00007FF8A7D7D3D0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 110stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _aligned_free$strlenstrspn
                                                                                    • String ID: Key '%s' not found.$Missing key or no key/value separator found after key '%s'$Setting entry with key '%s' to value '%s'
                                                                                    • API String ID: 1832283230-2858522012
                                                                                    • Opcode ID: 6858625f83de9048fadb2900624906809c4cd63edab14c6c68f5989beb2d347c
                                                                                    • Instruction ID: 4e672a5b0b9d495f11e1f4fd91cc4adddafa3e739dabd51b7c804f2560a91c3b
                                                                                    • Opcode Fuzzy Hash: 6858625f83de9048fadb2900624906809c4cd63edab14c6c68f5989beb2d347c
                                                                                    • Instruction Fuzzy Hash: AB41F551A0E68275FA61AE12A8017BE5750FF85BD8F944A35EDAE0779ACD3CE044E340
                                                                                    Function 00007FF8A7D79900 Relevance: 15.3, APIs: 1, Strings: 9, Instructions: 317stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strcmp
                                                                                    • String ID: %-15s $ %s%-17s $ %s$ (default $ (from $ I$ to $%-12s $%c%c%c%c%c%c%c%c%c%c%c
                                                                                    • API String ID: 1004003707-1704579004
                                                                                    • Opcode ID: 2ea16860b3427611d439ee252ee5f1f96aacb857c5cfc9ddd7f0c0fe524bede6
                                                                                    • Instruction ID: 984d3b79a39030cb51e96d3963431e7e4d33f2e13e7812c7a156606ff396f899
                                                                                    • Opcode Fuzzy Hash: 2ea16860b3427611d439ee252ee5f1f96aacb857c5cfc9ddd7f0c0fe524bede6
                                                                                    • Instruction Fuzzy Hash: 9BC1F473B0AA42AAEB149F25E4407BE2761FB80BD5F548235DA1E47B98EF3CE440D740
                                                                                    Function 00007FF8A7D5F640 Relevance: 15.2, APIs: 10, Instructions: 244stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _aligned_free$strlenstrspn
                                                                                    • String ID:
                                                                                    • API String ID: 1832283230-0
                                                                                    • Opcode ID: 26bc88a9fd69d679ea30a0b0f13b4c0f719b999fe5c0e19c8c29863e318b563f
                                                                                    • Instruction ID: 1a433cc82f495f7f622b28a35f8fb0b491ce0da5812c94409b7a5673d56a4025
                                                                                    • Opcode Fuzzy Hash: 26bc88a9fd69d679ea30a0b0f13b4c0f719b999fe5c0e19c8c29863e318b563f
                                                                                    • Instruction Fuzzy Hash: 24A15F62A0BB82A2EA10DF11E45037EA795EF84BD0F445635EA9D4B79DDE3CE440E740
                                                                                    Function 00007FF8A7D609B0 Relevance: 15.1, APIs: 10, Instructions: 135COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _aligned_free
                                                                                    • String ID:
                                                                                    • API String ID: 2229574080-0
                                                                                    • Opcode ID: 5319d01e5d1025e7fc0068ae3d94082f79af11993daff4612deb7ef89ba06dda
                                                                                    • Instruction ID: d00c84c32248b9732b696238a022dd9d7e7a8b5844c0309bdfd93128df80da44
                                                                                    • Opcode Fuzzy Hash: 5319d01e5d1025e7fc0068ae3d94082f79af11993daff4612deb7ef89ba06dda
                                                                                    • Instruction Fuzzy Hash: B641C922B2670662EA51AF15C545F7F2799EF84BD4F054A36ED2D07389DE78E840E380
                                                                                    Function 00007FF8A7E09840 Relevance: 15.1, APIs: 10, Instructions: 100COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: Value
                                                                                    • String ID:
                                                                                    • API String ID: 3702945584-0
                                                                                    • Opcode ID: de550876fdf94b650e17a9c6284cbc8fe7517bb1ab88a7b2ec8df1b363e153e6
                                                                                    • Instruction ID: 9cc005283bfc8dac00ae3c4e17252225c5d9a2916f728bbca48e8f86705ca59b
                                                                                    • Opcode Fuzzy Hash: de550876fdf94b650e17a9c6284cbc8fe7517bb1ab88a7b2ec8df1b363e153e6
                                                                                    • Instruction Fuzzy Hash: 34316672A0AA42AAEB509F31E80476E36A0FB44BE9F041239DD0D073E4DF3CE955D710
                                                                                    Function 00007FF65EE12030 Relevance: 15.0, APIs: 5, Strings: 5, Instructions: 41stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF65EE123A2), ref: 00007FF65EE1204A
                                                                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF65EE123A2), ref: 00007FF65EE12065
                                                                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF65EE123A2), ref: 00007FF65EE12080
                                                                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF65EE123A2), ref: 00007FF65EE1209B
                                                                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF65EE123A2), ref: 00007FF65EE120B6
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2294622948.00007FF65EE11000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF65EE10000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2294598232.00007FF65EE10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294667462.00007FF65EE15000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294698930.00007FF65EE16000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294724582.00007FF65EE19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff65ee10000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strncmp
                                                                                    • String ID: http$rist$srt$tcp$udp
                                                                                    • API String ID: 1114863663-504309389
                                                                                    • Opcode ID: d2521f5543573ed7a9b47c763349208ce3ea302e6d5c14a99d4cb2250db2cd2e
                                                                                    • Instruction ID: 0033f9eacd7e10fb62ef411f774c2438286117cf6cbde9c731e681f5648671ea
                                                                                    • Opcode Fuzzy Hash: d2521f5543573ed7a9b47c763349208ce3ea302e6d5c14a99d4cb2250db2cd2e
                                                                                    • Instruction Fuzzy Hash: 02013091B2452380FF654FD2DA402241360AF6DB95F886139D94EE7254DFADE6DEC320
                                                                                    Function 00007FF8A7D71E20 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 248COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: memcpy
                                                                                    • String ID: ((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth$((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth$Assertion %s failed at %s:%d$av_image_get_linesize failed$src/libavutil/imgutils.c
                                                                                    • API String ID: 3510742995-882259572
                                                                                    • Opcode ID: 0f20995bfb48e77148fec557d5fbaa226202661854b0129ced2db76bb94dc692
                                                                                    • Instruction ID: af89ffcdcc9e038fc7612dc5ff7853e9c0a6fd74cc1e2315fc1610efe7cf7cf3
                                                                                    • Opcode Fuzzy Hash: 0f20995bfb48e77148fec557d5fbaa226202661854b0129ced2db76bb94dc692
                                                                                    • Instruction Fuzzy Hash: 52A1AF73A0A79596EA148F15A94026EB7A1FB84BD0F084235EF9D17B98DF3CF441E700
                                                                                    Function 00007FF8A7D71A70 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 243COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: memcpy$abort
                                                                                    • String ID: ((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth$((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth$Assertion %s failed at %s:%d$av_image_get_linesize failed$src/libavutil/imgutils.c
                                                                                    • API String ID: 3629556515-882259572
                                                                                    • Opcode ID: 720129b710e5ed98a497ce0c61193de95d3f52df19d8a310f2021f8bda355e19
                                                                                    • Instruction ID: 45d3cca364380d271d7dce8030d138b35f9462454047371bd2b07851000f89cc
                                                                                    • Opcode Fuzzy Hash: 720129b710e5ed98a497ce0c61193de95d3f52df19d8a310f2021f8bda355e19
                                                                                    • Instruction Fuzzy Hash: 58A1A632A0AB8596DB648F15E54036EB7A0FB85BD0F184239DE9D43B98EF3DE441DB00
                                                                                    Function 00007FF8A7D7D5B0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 145COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _aligned_free$strspn$memcpystrchr
                                                                                    • String ID: No option name near '%s'$Option '%s' not found$Setting '%s' to value '%s'$Unable to parse '%s': %s
                                                                                    • API String ID: 2931229598-2003673103
                                                                                    • Opcode ID: 5496a8e94afb4b653dcbea0521884cd186c85a6990d9a2e756bf1473de833a0d
                                                                                    • Instruction ID: 14b382954762daabbacde6a1924630e7f82413e7f123ce251b7747057d915003
                                                                                    • Opcode Fuzzy Hash: 5496a8e94afb4b653dcbea0521884cd186c85a6990d9a2e756bf1473de833a0d
                                                                                    • Instruction Fuzzy Hash: 9E519132609B86A1E7609F11E8507AEA7A0FB847D8F404236EEDD4BB98DF7CD444E740
                                                                                    Function 00007FF8A7DD44C0 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 142COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: abort
                                                                                    • String ID: !"valid element size"$. -_$Assertion %s failed at %s:%d$D$[%d]$src/libavutil/utils.c
                                                                                    • API String ID: 4206212132-1952739643
                                                                                    • Opcode ID: 8dda062a40ab2f67f05643896e4bd6b922d436051c7bb03a64cbc94b01d14da1
                                                                                    • Instruction ID: 64d30f9d6154166f906c69a06bd953ab97c7668096aaf31b9f15f27f632e3873
                                                                                    • Opcode Fuzzy Hash: 8dda062a40ab2f67f05643896e4bd6b922d436051c7bb03a64cbc94b01d14da1
                                                                                    • Instruction Fuzzy Hash: C351F6B6E0B65A65EA209F51A500A7D3F90FB55FC4F494334CE1E43789EE3CB495D200
                                                                                    Function 00007FF8BFAB63B0 Relevance: 13.7, APIs: 9, Instructions: 230COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2301259236.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2301134546.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301373372.00007FF8BFAB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301404788.00007FF8BFAB9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301429850.00007FF8BFABC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8bfab0000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                    • String ID:
                                                                                    • API String ID: 349153199-0
                                                                                    • Opcode ID: 05d8b91213d8a4974e84562f7c7d5bb031e6d637f96e7ddce6b44401f1817edf
                                                                                    • Instruction ID: 21e9dfce17f3cdeba8a57b3991693f031a222c3ea2927797eb642a60758b971a
                                                                                    • Opcode Fuzzy Hash: 05d8b91213d8a4974e84562f7c7d5bb031e6d637f96e7ddce6b44401f1817edf
                                                                                    • Instruction Fuzzy Hash: 12816E21E0CE4385FA5CABED98532B96790AF89BC8F086175DB0D43397DE3DE8458700
                                                                                    Function 00007FF8A7D5FAD0 Relevance: 13.7, APIs: 9, Instructions: 221COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _aligned_free
                                                                                    • String ID:
                                                                                    • API String ID: 2229574080-0
                                                                                    • Opcode ID: bb8437b69a084f07a8ed3204e31c2741436194e29f9f638b4584538b28a8ba08
                                                                                    • Instruction ID: 1f5faf374961e819af09377e2c558d5affebd544e8c429ac47bcc02d523082d5
                                                                                    • Opcode Fuzzy Hash: bb8437b69a084f07a8ed3204e31c2741436194e29f9f638b4584538b28a8ba08
                                                                                    • Instruction Fuzzy Hash: CA819032A0B682A2EB109F12E55077E6790FF84BD0F445A35EEAD4B789DE3CE450E740
                                                                                    Function 00007FF8A7D5F080 Relevance: 13.7, APIs: 9, Instructions: 181COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _aligned_free
                                                                                    • String ID:
                                                                                    • API String ID: 2229574080-0
                                                                                    • Opcode ID: 01f721f6df29f9dd6bf7ef2f97b91fefc10836ccc23b581315bb421e2c98f023
                                                                                    • Instruction ID: d8b7c3269a645da5fba282cb723567235bbb5fb562665614cc2d4c19a3bacc82
                                                                                    • Opcode Fuzzy Hash: 01f721f6df29f9dd6bf7ef2f97b91fefc10836ccc23b581315bb421e2c98f023
                                                                                    • Instruction Fuzzy Hash: 72618F26A0BA8263EA249E16E45077E6790FF48BD8F045731DEAD4F7C9DE2CE441A340
                                                                                    Function 00007FF8A7D79D80 Relevance: 13.6, APIs: 2, Strings: 7, Instructions: 146stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strcmp
                                                                                    • String ID: %-15s $%lld$I64_MAX$I64_MIN$INT_MAX$INT_MIN$UINT32_MAX
                                                                                    • API String ID: 1004003707-1419900426
                                                                                    • Opcode ID: 60724dc2eec3de23298e2ae44bcb11fdf03ae2348c3838bc2f08ec1f1516dc3e
                                                                                    • Instruction ID: 7388702a39707a035f802d69fa87f2f68a28c5e6e1ba51604924ae6fbdac4d1a
                                                                                    • Opcode Fuzzy Hash: 60724dc2eec3de23298e2ae44bcb11fdf03ae2348c3838bc2f08ec1f1516dc3e
                                                                                    • Instruction Fuzzy Hash: 67517F32A0F642AAEB64AE15A1003BE2360EF817D5F945332DA2D576D9DF3DF450E381
                                                                                    Function 00007FF65EE12160 Relevance: 13.6, APIs: 9, Instructions: 98COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2294622948.00007FF65EE11000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF65EE10000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2294598232.00007FF65EE10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294667462.00007FF65EE15000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294698930.00007FF65EE16000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294724582.00007FF65EE19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff65ee10000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: memcpypthread_mutex_lockpthread_mutex_unlock$os_event_resetos_event_signalos_event_wait
                                                                                    • String ID:
                                                                                    • API String ID: 2918620995-0
                                                                                    • Opcode ID: 2ecd02ec26d4cc9ba7addf2ffba6d2c38598a6939d4a4f97ceb40f02c73610ba
                                                                                    • Instruction ID: 7e4f7b1ce07ace2f1bf73b1400e67cffdb593a4e35d9b73b16e08166c4576e60
                                                                                    • Opcode Fuzzy Hash: 2ecd02ec26d4cc9ba7addf2ffba6d2c38598a6939d4a4f97ceb40f02c73610ba
                                                                                    • Instruction Fuzzy Hash: 7F415232A28A9181DA14DF61E5503AD6761FBA9B98F480032FF8D57B5ACF7CD5D4C700
                                                                                    Function 00007FF8A7E07C30 Relevance: 13.6, APIs: 9, Instructions: 96COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00007FF8A7E07B90: EnterCriticalSection.KERNEL32(?,?,?,?,00007FF8A7E07EA7,?,?,?,?,?,?,?,?,00007FF8A7D91502), ref: 00007FF8A7E07BB6
                                                                                      • Part of subcall function 00007FF8A7E07B90: LeaveCriticalSection.KERNEL32(?,?,00007FF8A7E07EA7,?,?,?,?,?,?,?,?,00007FF8A7D91502), ref: 00007FF8A7E07BDB
                                                                                    • TryEnterCriticalSection.KERNEL32 ref: 00007FF8A7E07CB0
                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,00007FF8A7D91817), ref: 00007FF8A7E07CF8
                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,00007FF8A7D91817), ref: 00007FF8A7E07D02
                                                                                    • LeaveCriticalSection.KERNEL32 ref: 00007FF8A7E07D07
                                                                                    • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,00007FF8A7D91817), ref: 00007FF8A7E07D17
                                                                                    • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,00007FF8A7D91817), ref: 00007FF8A7E07D1C
                                                                                    • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,00007FF8A7D91817), ref: 00007FF8A7E07D23
                                                                                    • free.MSVCRT ref: 00007FF8A7E07D28
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: CriticalSection$Delete$CloseEnterHandleLeave$free
                                                                                    • String ID:
                                                                                    • API String ID: 3899327206-0
                                                                                    • Opcode ID: 2505bcbe3cd4d1a469b291fb81c03ba1909a3890b205137eb9b30536ece67948
                                                                                    • Instruction ID: e84f6f121b03fae05c259eba654987b26a75a56a871ee608b84c8f92f1b05b05
                                                                                    • Opcode Fuzzy Hash: 2505bcbe3cd4d1a469b291fb81c03ba1909a3890b205137eb9b30536ece67948
                                                                                    • Instruction Fuzzy Hash: FA314931B4A942A1EA509B62D8587AE2794FF45FE9F844631DD2E432D1CE3CD953A300
                                                                                    Function 00007FF65EE135E4 Relevance: 13.6, APIs: 9, Instructions: 94COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2294622948.00007FF65EE11000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF65EE10000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2294598232.00007FF65EE10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294667462.00007FF65EE15000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294698930.00007FF65EE16000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294724582.00007FF65EE19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff65ee10000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: __p___argc__p___wargv__scrt_acquire_startup_lock__scrt_initialize_crt__scrt_release_startup_lock_cexit_exit_get_initial_wide_environment_register_thread_local_exe_atexit_callback
                                                                                    • String ID:
                                                                                    • API String ID: 1184979102-0
                                                                                    • Opcode ID: d1267e791b308d50114738cb6d3fcce0682459912f5f90b2ba963487117e6561
                                                                                    • Instruction ID: e2d96a701b445b4710fa7a6ea274e8a72518ae49e530c2ab89a68ce36d4c5f24
                                                                                    • Opcode Fuzzy Hash: d1267e791b308d50114738cb6d3fcce0682459912f5f90b2ba963487117e6561
                                                                                    • Instruction Fuzzy Hash: 30314C61E2822241FE1CABA196513B92291AF71784F4D4034F64EF73D7DEECECC58611
                                                                                    Function 00007FF8A7DF87A0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 167COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: QueryVirtual
                                                                                    • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
                                                                                    • API String ID: 1804819252-1534286854
                                                                                    • Opcode ID: a8cae70abf7ffee8518c3ea9921427e896fff9301f328d805a1cc0052b195cee
                                                                                    • Instruction ID: 9bac1f51b6695f4615d6078dc86f9d5a64278ad9125deb841015a0f9231e3700
                                                                                    • Opcode Fuzzy Hash: a8cae70abf7ffee8518c3ea9921427e896fff9301f328d805a1cc0052b195cee
                                                                                    • Instruction Fuzzy Hash: B061CF72B1AB42A6EB108F25E88426D77A0FB45BD0F544235EAAD17398EE7CE541E301
                                                                                    Function 00007FF8A7D6D650 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 101COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: FreeLibraryfree
                                                                                    • String ID: -> %s: %s$%s failed$Calling %s$cu->cuCtxDestroy(hwctx->cuda_ctx)$cu->cuDevicePrimaryCtxRelease(hwctx->internal->cuda_device)
                                                                                    • API String ID: 155010425-3275200884
                                                                                    • Opcode ID: 5bf74a7dc137a0c155993daea2b6d87e70908d77a28ad94112a4fe68d911b2e3
                                                                                    • Instruction ID: 1ce8b05bfe9d6d24a7069b9b705586926ced893cffb375dbc52ff0960e75ea4f
                                                                                    • Opcode Fuzzy Hash: 5bf74a7dc137a0c155993daea2b6d87e70908d77a28ad94112a4fe68d911b2e3
                                                                                    • Instruction Fuzzy Hash: 59418235A1BA86A1EA58EF61E4107AE2351FF44BD8F444132EE6E17358CF3CE955D340
                                                                                    Function 00007FF8A7DF9860 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 89stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _errno$_sopenrandstrlen
                                                                                    • String ID: XXXX$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
                                                                                    • API String ID: 1081397658-1416102993
                                                                                    • Opcode ID: 7ac93ad39a8cb676dc86535b40274021b571b1fd82cfda16182900e2eb2af889
                                                                                    • Instruction ID: be50bab725f0da3e5d6f856525a80c8832eae713f259cfbbe1416be0adff2af4
                                                                                    • Opcode Fuzzy Hash: 7ac93ad39a8cb676dc86535b40274021b571b1fd82cfda16182900e2eb2af889
                                                                                    • Instruction Fuzzy Hash: D8318B73E0A55276E6219F249D0417C1A90EB45BE5F498331CD1E8B7C8EE7DE441A710
                                                                                    Function 00007FF8A7D7C1D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 89stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strspn$memcpystrchr
                                                                                    • String ID: $ambisonic
                                                                                    • API String ID: 2918080867-3257024572
                                                                                    • Opcode ID: 0f5482def2ad202852d1b32bcf54bb77238b5e8d6a621b367dc68f81b01bffa8
                                                                                    • Instruction ID: dc61103daa7d5e79446ff43e1327ec627b6c63ee40c44149b1c3e67231523d38
                                                                                    • Opcode Fuzzy Hash: 0f5482def2ad202852d1b32bcf54bb77238b5e8d6a621b367dc68f81b01bffa8
                                                                                    • Instruction Fuzzy Hash: C4312C33B0A542A5EA209F6599543BD3799EF49BD4F488632ED2D47389DE3CD151E300
                                                                                    Function 00007FF8A7D60D30 Relevance: 12.2, APIs: 8, Instructions: 150COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _aligned_free$memcpy
                                                                                    • String ID:
                                                                                    • API String ID: 2399556850-0
                                                                                    • Opcode ID: 3c9d650dbb13996a3ec22da08a15398705cb45436fe499cb8ebfbe706efbcf1e
                                                                                    • Instruction ID: b3e6c494ce3b22c83c44f61847f39262bba928813b5976decbf70ad0993fcb18
                                                                                    • Opcode Fuzzy Hash: 3c9d650dbb13996a3ec22da08a15398705cb45436fe499cb8ebfbe706efbcf1e
                                                                                    • Instruction Fuzzy Hash: DE51D526B2B65596EA50CF15E444B7D67A0FB88BC4F084635FE5E07B99DF3CE441A300
                                                                                    Function 00007FF8A7E0BC90 Relevance: 12.1, APIs: 8, Instructions: 89timethreadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: CurrentPerformanceProcessQueryThreadTimeTimes$CounterFileFrequencySystem_errno
                                                                                    • String ID:
                                                                                    • API String ID: 3786581644-0
                                                                                    • Opcode ID: d139243207ebbece3588048b73cc12c1a18ec046571d34b62e2ee2edf8e95ea4
                                                                                    • Instruction ID: dd676133da851c4689465b446b4253732cb69f83522fb2b069dfc7915067bd23
                                                                                    • Opcode Fuzzy Hash: d139243207ebbece3588048b73cc12c1a18ec046571d34b62e2ee2edf8e95ea4
                                                                                    • Instruction Fuzzy Hash: 8531E3B2B19A8692EF548F25E81017EA365FB80BC4F109136EA8E47B68DF3CD515DB00
                                                                                    Function 00007FF8A7D81C90 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 85stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strcmp
                                                                                    • String ID: %s%s$bgr32$bgra$rgb32$rgba$yuv420p
                                                                                    • API String ID: 1004003707-3566121812
                                                                                    • Opcode ID: 98d685d57b4154a566717737cbd7b33df6296256410a4f9ae653ec1de5376476
                                                                                    • Instruction ID: 161a23e5d96ebff4cb45158e4fd63f16671f5c3c220fc1de65057b547d447f31
                                                                                    • Opcode Fuzzy Hash: 98d685d57b4154a566717737cbd7b33df6296256410a4f9ae653ec1de5376476
                                                                                    • Instruction Fuzzy Hash: 5D316B21F0A50275FF609F1299107BD1359EF50BC4F4C023ADE2E1B298EE6DE519E380
                                                                                    Function 00007FF8A7D56810 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 226COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Assertion %s failed at %s:%d$src/libavutil/avstring.c$tail_len <= 5
                                                                                    • API String ID: 0-789252298
                                                                                    • Opcode ID: 329d394584cb3486badaf9e4265f6a7098fb55d9a784c86af4291aec6c9427e0
                                                                                    • Instruction ID: 108c4b2ddadea581bdc7c3b8706023123f4ade2defcce79a69759a8ca82b68ea
                                                                                    • Opcode Fuzzy Hash: 329d394584cb3486badaf9e4265f6a7098fb55d9a784c86af4291aec6c9427e0
                                                                                    • Instruction Fuzzy Hash: F9710673A0B6C263EA624E24652077D6591FB05FE4F44A332DE3D067C8ED7DA580E600
                                                                                    Function 00007FF8A7D6AF20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 189COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Assertion %s failed at %s:%d$Failed to map frame into derived frame context: %d.$Invalid mapping found when attempting unmap.$orig_dst_frames == ((void *)0) || orig_dst_frames == dst->hw_frames_ctx$src/libavutil/hwcontext.c
                                                                                    • API String ID: 0-1886799933
                                                                                    • Opcode ID: 7de98eef6f36daff8acd38367cc58669d168e51f435deb3ddf0eda039419a1c9
                                                                                    • Instruction ID: 6be846cd3e878c769489a6b54e596fcacd427521c28d7e4df4ad463d1f2550ec
                                                                                    • Opcode Fuzzy Hash: 7de98eef6f36daff8acd38367cc58669d168e51f435deb3ddf0eda039419a1c9
                                                                                    • Instruction Fuzzy Hash: 5D71B272A2A646A1EB60DF16D840B6E27A0FB44BD4F544236FE6D47398EF3CE441E740
                                                                                    Function 00007FF8A7D7535D Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strcmpstrcpystrlen
                                                                                    • String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $trace
                                                                                    • API String ID: 895318938-1090435506
                                                                                    • Opcode ID: 3a7e4ea2ce39469d736bb449845fd121ad088e9476b66ab627605bef7bb8b932
                                                                                    • Instruction ID: fb00dbd81de3e55944679bb91526effbfcafc64f749dd06c19a5b9acd64dcae6
                                                                                    • Opcode Fuzzy Hash: 3a7e4ea2ce39469d736bb449845fd121ad088e9476b66ab627605bef7bb8b932
                                                                                    • Instruction Fuzzy Hash: 0D61B471D0A7CAA5EB608F11A4103FE7B91EF82BC4F804536DA9D1728ADE3DE414E781
                                                                                    Function 00007FF8A7D75366 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strcmpstrcpystrlen
                                                                                    • String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $debug
                                                                                    • API String ID: 895318938-486550452
                                                                                    • Opcode ID: ca6cd3af04bd65ff9df01a8aa6ed36bed15bcb452fe8f5dd11deeb11099c855e
                                                                                    • Instruction ID: 5968cf87e92550a1960f2cdd5195f2c5da2478aa5b4c0128a16a8fcd2300a031
                                                                                    • Opcode Fuzzy Hash: ca6cd3af04bd65ff9df01a8aa6ed36bed15bcb452fe8f5dd11deeb11099c855e
                                                                                    • Instruction Fuzzy Hash: A361B471D0A7CAA5EB609F11A4103FE7B91EF82BC4F804536DA9D1728ADE3DE414E781
                                                                                    Function 00007FF8A7D75339 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strcmpstrcpystrlen
                                                                                    • String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $fatal
                                                                                    • API String ID: 895318938-1232420508
                                                                                    • Opcode ID: e43060acaf70824709399effa99a617178f79ba8015f1816a65e9df156666156
                                                                                    • Instruction ID: b90cbe5af821250eab53dff30a4878f1187d8a107756e2002522b057d80ea6f9
                                                                                    • Opcode Fuzzy Hash: e43060acaf70824709399effa99a617178f79ba8015f1816a65e9df156666156
                                                                                    • Instruction Fuzzy Hash: FC61B37190A78AA5EB608F11A4103FE7B91EF82BC4F804536DA9D1728ADE2DE414E781
                                                                                    Function 00007FF8A7D75342 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strcmpstrcpystrlen
                                                                                    • String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $verbose
                                                                                    • API String ID: 895318938-125437466
                                                                                    • Opcode ID: 111cff4ae6d6aba25a1bf3a452fafae3e172758b0fbde44d0ea9f4480844efc2
                                                                                    • Instruction ID: fe40434ad588515fadba62ea97e892a5eb9fd7c19f2dc54306ef7831e1c6a8d1
                                                                                    • Opcode Fuzzy Hash: 111cff4ae6d6aba25a1bf3a452fafae3e172758b0fbde44d0ea9f4480844efc2
                                                                                    • Instruction Fuzzy Hash: 0E61B471D0A7CAA5EB608F11A4103FE7B91EF82BC4F804536DA9D1728ADE3DE414E781
                                                                                    Function 00007FF8A7D7534B Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strcmpstrcpystrlen
                                                                                    • String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $info
                                                                                    • API String ID: 895318938-3747654419
                                                                                    • Opcode ID: 1be4c7bd4cf85f2f8b6acf3c87bb03881b465a4d7c3eb98ae2da582cd249990e
                                                                                    • Instruction ID: b34fa49f0ec6b6912d1276237edcfef11c45139baf791e2ff897e1f11894d374
                                                                                    • Opcode Fuzzy Hash: 1be4c7bd4cf85f2f8b6acf3c87bb03881b465a4d7c3eb98ae2da582cd249990e
                                                                                    • Instruction Fuzzy Hash: F961B471D0A7CAA5EB608F11A4103FE7B91EF82BC4F804536DA9D1728ADE3DE414E781
                                                                                    Function 00007FF8A7D75354 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strcmpstrcpystrlen
                                                                                    • String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $warning
                                                                                    • API String ID: 895318938-1705345410
                                                                                    • Opcode ID: b34cf2a9aa40cf4703508ede8532485c6d2ea4047648aeaf1220a8223c5c525f
                                                                                    • Instruction ID: b533a672570f5c7a29e5f5139909ee61b0f66624e2810f2096d856e27b5e2a04
                                                                                    • Opcode Fuzzy Hash: b34cf2a9aa40cf4703508ede8532485c6d2ea4047648aeaf1220a8223c5c525f
                                                                                    • Instruction Fuzzy Hash: 1061B471D0A7CAA5EB608F11A4103FE7B91EF82BC4F804536DA9D1728ADE3DE414E781
                                                                                    Function 00007FF8A7D75327 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strcmpstrcpystrlen
                                                                                    • String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $panic
                                                                                    • API String ID: 895318938-4009946497
                                                                                    • Opcode ID: 0b1fd8db72d8f79bd2880fc2ae61cae8c81ef59cf9502c5cc70fc41dd9ef4533
                                                                                    • Instruction ID: c1bc6ef2551d6d0fe4d394a287099812aef58f5947ffaf5e8c6c58221c4d173b
                                                                                    • Opcode Fuzzy Hash: 0b1fd8db72d8f79bd2880fc2ae61cae8c81ef59cf9502c5cc70fc41dd9ef4533
                                                                                    • Instruction Fuzzy Hash: 6E61B471D0A7CAA5EB608F11A4103FE7B91EF82BC4F804536DA9D1728ADE3DE414E781
                                                                                    Function 00007FF8A7D75330 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strcmpstrcpystrlen
                                                                                    • String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $error
                                                                                    • API String ID: 895318938-746115170
                                                                                    • Opcode ID: 57478434a447384fa94a03ff1bade18b8ff03ea6d8e4a2e89f8b75d2d60d4bc3
                                                                                    • Instruction ID: 5f477568df6d5cfa3b0371a744a41b31ff8983ddc79fd5433953a5bd4d51c120
                                                                                    • Opcode Fuzzy Hash: 57478434a447384fa94a03ff1bade18b8ff03ea6d8e4a2e89f8b75d2d60d4bc3
                                                                                    • Instruction Fuzzy Hash: 3C61B471D0A7CAA5EB608F11A4103FE7B91EF82BC4F804536DA9D1728ADE3DE414E781
                                                                                    Function 00007FF8A7D5AD20 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 80stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strcmp
                                                                                    • String ID: AMBI$R$S$U
                                                                                    • API String ID: 1004003707-1923686996
                                                                                    • Opcode ID: 2c03c1ff48f72caf1a01bafe690d171ef4b5263fdc57e4468dab7bf39da5722a
                                                                                    • Instruction ID: 79efbb31bf7f332d20b7575ebcc2005067895517ad4a688b4d04ba7cfea30355
                                                                                    • Opcode Fuzzy Hash: 2c03c1ff48f72caf1a01bafe690d171ef4b5263fdc57e4468dab7bf39da5722a
                                                                                    • Instruction Fuzzy Hash: 6321D623A0B49376FB219E24A8113BE1A50EB817E9F8C6672DF1D0A5D4FD7CD985E304
                                                                                    Function 00007FF8A7D71880 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 77COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: memcpy
                                                                                    • String ID: ((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth$((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth$Assertion %s failed at %s:%d$src/libavutil/imgutils.c
                                                                                    • API String ID: 3510742995-1436408019
                                                                                    • Opcode ID: 29eedba0b8a561808ce1373c0d83b9e424659025d8d80de6197fb189af70282f
                                                                                    • Instruction ID: a47199e2348b6d86435fff538469ebddeea943768d2d333964ef14854732c665
                                                                                    • Opcode Fuzzy Hash: 29eedba0b8a561808ce1373c0d83b9e424659025d8d80de6197fb189af70282f
                                                                                    • Instruction Fuzzy Hash: 5621F8B3F0B65565FA219F11BD002AE6256FB88BD4F484336DD5C06799FF3CE1429600
                                                                                    Function 00007FF8A7D7D160 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 65COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Unable to parse option value "%s" as boolean$auto$false,n,no,disable,disabled,off$true,y,yes,enable,enabled,on
                                                                                    • API String ID: 0-3796170252
                                                                                    • Opcode ID: 80dcf72f5eaf96136f939c22b2c5b1b32456b8058e2967939369524f2b68426d
                                                                                    • Instruction ID: e42b9625c34dbea94ada86a0c4e7086ca3256c677b298a66f9b9fc3a76cc5134
                                                                                    • Opcode Fuzzy Hash: 80dcf72f5eaf96136f939c22b2c5b1b32456b8058e2967939369524f2b68426d
                                                                                    • Instruction Fuzzy Hash: 7921C626E0BA4265FB42AF20A41037E5255EF81BE8F544732DC2D272D9EF3CE596B304
                                                                                    Function 00007FF8A7D66860 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 64stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _errnostrlen
                                                                                    • String ID: ./%sXXXXXX$/tmp/%sXXXXXX$ff_tempfile: Cannot allocate file name$ff_tempfile: Cannot open temporary file %s
                                                                                    • API String ID: 860928405-2152079688
                                                                                    • Opcode ID: 0f688c71126fc59946a20c54ec96a80db71b419569075c9b5168e78452e7bea4
                                                                                    • Instruction ID: 3b6c917e6bf1e9fa22d0732f68fcfe651c2f92f536b399e9c4d467f633e4d698
                                                                                    • Opcode Fuzzy Hash: 0f688c71126fc59946a20c54ec96a80db71b419569075c9b5168e78452e7bea4
                                                                                    • Instruction Fuzzy Hash: 2521C272A1AA06A1EA40EF21E4151BE7360FF84BD4F844632FE6D87395EE3CE004E740
                                                                                    Function 00007FF8A7D71990 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 61COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: abortmemcpy
                                                                                    • String ID: ((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth$((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth$Assertion %s failed at %s:%d$src/libavutil/imgutils.c
                                                                                    • API String ID: 985927305-1436408019
                                                                                    • Opcode ID: 57f52b22eac4459bf228b66986decd4f74425c1849e3cd511780a932ceefaf11
                                                                                    • Instruction ID: 2efb7974f87711a39d8815ea6db15d92fdc7ba3de084432f2ea1e4cfd49fdf28
                                                                                    • Opcode Fuzzy Hash: 57f52b22eac4459bf228b66986decd4f74425c1849e3cd511780a932ceefaf11
                                                                                    • Instruction Fuzzy Hash: 09110632E1B96261EB20DF54AA01BBD6790EF897C0F880739DD5C06B96FE3CE5019700
                                                                                    Function 00007FF65EE12370 Relevance: 10.6, APIs: 7, Instructions: 55COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • avcodec_free_context.AVCODEC-60 ref: 00007FF65EE12388
                                                                                    • avformat_free_context.AVFORMAT-60 ref: 00007FF65EE123CC
                                                                                      • Part of subcall function 00007FF65EE12030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF65EE123A2), ref: 00007FF65EE1204A
                                                                                      • Part of subcall function 00007FF65EE12030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF65EE123A2), ref: 00007FF65EE12065
                                                                                      • Part of subcall function 00007FF65EE12030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF65EE123A2), ref: 00007FF65EE12080
                                                                                      • Part of subcall function 00007FF65EE12030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF65EE123A2), ref: 00007FF65EE1209B
                                                                                      • Part of subcall function 00007FF65EE12030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF65EE123A2), ref: 00007FF65EE120B6
                                                                                    • av_free.AVUTIL-58 ref: 00007FF65EE123B1
                                                                                    • avio_context_free.AVFORMAT-60 ref: 00007FF65EE123BD
                                                                                    • avio_close.AVFORMAT-60 ref: 00007FF65EE123C4
                                                                                    • avcodec_free_context.AVCODEC-60 ref: 00007FF65EE12402
                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF65EE12415
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2294622948.00007FF65EE11000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF65EE10000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2294598232.00007FF65EE10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294667462.00007FF65EE15000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294698930.00007FF65EE16000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294724582.00007FF65EE19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff65ee10000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strncmp$avcodec_free_context$av_freeavformat_free_contextavio_closeavio_context_freefree
                                                                                    • String ID:
                                                                                    • API String ID: 1086289117-0
                                                                                    • Opcode ID: 5750c0e3cd2fb8260dfd87b4c22098c1e8e3cbc363b4994d39577057d30215b3
                                                                                    • Instruction ID: 9ad081c867046b22534cdb320f082341168fd164275201841fd5d73dde8f3889
                                                                                    • Opcode Fuzzy Hash: 5750c0e3cd2fb8260dfd87b4c22098c1e8e3cbc363b4994d39577057d30215b3
                                                                                    • Instruction Fuzzy Hash: 00216522A24662C2EF14DFA5E95037C6360FF58F44F496536FA4D97649CF78D4929300
                                                                                    Function 00007FF8A7E0A660 Relevance: 10.6, APIs: 7, Instructions: 52COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseHandleValue$_endthreadexlongjmp
                                                                                    • String ID:
                                                                                    • API String ID: 3990644698-0
                                                                                    • Opcode ID: 73060f70dbe4c489cd31e19d1776919e8e936670c78b2bffbe7749b2f46d11de
                                                                                    • Instruction ID: ed30dd3ba5b947758c83545e59e7f6f301ba3d16e8120251e7158837f735fda8
                                                                                    • Opcode Fuzzy Hash: 73060f70dbe4c489cd31e19d1776919e8e936670c78b2bffbe7749b2f46d11de
                                                                                    • Instruction Fuzzy Hash: F5211635A0B686A6E6959F21E45877E76B4EF44F84F058135CE0A07390DF7CA865E700
                                                                                    Function 00007FF8A7D5D810 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 40COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: abort
                                                                                    • String ID: Assertion %s failed at %s:%d$av_crc_init(av_crc_table[AV_CRC_16_ANSI_LE], 1, 16, 0xA001, sizeof(av_crc_table[AV_CRC_16_ANSI_LE])) >= 0$av_crc_init(av_crc_table[AV_CRC_32_IEEE_LE], 1, 32, 0xEDB88320, sizeof(av_crc_table[AV_CRC_32_IEEE_LE])) >= 0$src/libavutil/crc.c
                                                                                    • API String ID: 4206212132-3869419772
                                                                                    • Opcode ID: 96f5f185df5af9d250496bea1b812434c02eec593cc3f23363683570a2ddd386
                                                                                    • Instruction ID: 1d9802cc27f1273ed3ea2f7728db8feb88f52819cc26627da04b9be8ca4a79dc
                                                                                    • Opcode Fuzzy Hash: 96f5f185df5af9d250496bea1b812434c02eec593cc3f23363683570a2ddd386
                                                                                    • Instruction Fuzzy Hash: 52115231F0B986A1E610AF60A8023FD2B54EF95784FC04275D94D467A5EE3CE115E724
                                                                                    Function 00007FF8A7D78E40 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 136stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strlen
                                                                                    • String ID: %d.%06d$%d:%02d.%06d$%lld:%02d:%02d.%06d$INT64_MAX$INT64_MIN
                                                                                    • API String ID: 39653677-2240581584
                                                                                    • Opcode ID: cf4f16006c1c0a862bb4f663b07b40e742fc65853bf7fc4d11485ba963f2ff38
                                                                                    • Instruction ID: 6f53e11399eb0b2e1da2eb2bdb6c45b737a4385a7cb719cd44b6cdee13bb8292
                                                                                    • Opcode Fuzzy Hash: cf4f16006c1c0a862bb4f663b07b40e742fc65853bf7fc4d11485ba963f2ff38
                                                                                    • Instruction Fuzzy Hash: 1C413CD1B1A78956EE74CF2658063BD9582DB94FC0F848332DE2E677D9DE3CA104A240
                                                                                    Function 00007FF8BFAB1920 Relevance: 9.1, APIs: 6, Instructions: 124COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2301259236.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2301134546.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301373372.00007FF8BFAB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301404788.00007FF8BFAB9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301429850.00007FF8BFABC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8bfab0000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _errno$free
                                                                                    • String ID:
                                                                                    • API String ID: 4247730083-0
                                                                                    • Opcode ID: 34b5fe769a158e21acccb4ad1b5a9f683f14a6e55ea9ebd6d8c1efb0b3076924
                                                                                    • Instruction ID: e7c718bfb9ce83c147a48c956c4b6eca8587f008f89eb648c6f9f409e87e026f
                                                                                    • Opcode Fuzzy Hash: 34b5fe769a158e21acccb4ad1b5a9f683f14a6e55ea9ebd6d8c1efb0b3076924
                                                                                    • Instruction Fuzzy Hash: C0518F32A18F4396E6189BA9E54227827A4BF447D8F402135DB5D436E7EF3CF865C340
                                                                                    Function 00007FF8BFAB3AB0 Relevance: 9.1, APIs: 6, Instructions: 66threadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2301259236.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2301134546.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301373372.00007FF8BFAB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301404788.00007FF8BFAB9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301429850.00007FF8BFABC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8bfab0000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: Current$ProcessThread$DuplicateHandle
                                                                                    • String ID:
                                                                                    • API String ID: 4285418203-0
                                                                                    • Opcode ID: 122369a1c330d7f29e53f35644df85b62e1c336a8a69c3fc79a39b0e983c8277
                                                                                    • Instruction ID: d709f025f2ac4d43f96d36e15f91d5a73f100e416cecdf20e61ff9ad06912a9f
                                                                                    • Opcode Fuzzy Hash: 122369a1c330d7f29e53f35644df85b62e1c336a8a69c3fc79a39b0e983c8277
                                                                                    • Instruction Fuzzy Hash: 7B317431908FC18AE7249F69E8422AAB7A0FF587C8F146134DF8D06B56DF3CE1958700
                                                                                    Function 00007FF8BFAB5C10 Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2301259236.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2301134546.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301373372.00007FF8BFAB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301404788.00007FF8BFAB9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301429850.00007FF8BFABC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8bfab0000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: Process_errno$CloseCurrentErrorHandleLastOpen
                                                                                    • String ID:
                                                                                    • API String ID: 3861255796-0
                                                                                    • Opcode ID: e8f9237df677979dc71b34d724e04c16cd4c67e5f51f945e8c435fea502eb581
                                                                                    • Instruction ID: fbc8492c3603ac9e83fa3c7c62103ddd9c7ce459552cb120432492e4dc114615
                                                                                    • Opcode Fuzzy Hash: e8f9237df677979dc71b34d724e04c16cd4c67e5f51f945e8c435fea502eb581
                                                                                    • Instruction Fuzzy Hash: D7015621B08E4242EB595BADB4852295361EF8D7D8F456134DB2E477D6DE3CD8814704
                                                                                    Function 00007FF8A7D58250 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 196stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strftimestrlen
                                                                                    • String ID: [truncated strftime output]
                                                                                    • API String ID: 1668665056-4273287863
                                                                                    • Opcode ID: 48fee134cde3df212bc8b5240acc974637bc91c92b5dcb55f0befaaa1fd8cc70
                                                                                    • Instruction ID: ec7de0985c6a4413ebd63dabf10c370d41e9e266086a987bb66b0f155e1fb0f3
                                                                                    • Opcode Fuzzy Hash: 48fee134cde3df212bc8b5240acc974637bc91c92b5dcb55f0befaaa1fd8cc70
                                                                                    • Instruction Fuzzy Hash: 3B71E572B076915BE714CE29D88863D2391EB48BD0F559335DE2A933C8EE3CE846E300
                                                                                    Function 00007FF8A7D713C0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 188COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _aligned_freememset
                                                                                    • String ID: Formats with a palette require a minimum alignment of 4$Picture size %ux%u is invalid
                                                                                    • API String ID: 4139559148-2772728507
                                                                                    • Opcode ID: d2bce35dc7bea88bc8b002da499a7abb22af52d3ac8cced75f3b84996035a56c
                                                                                    • Instruction ID: 528525bea8ae624c461ececfb49116aad403ae2863a2c133c6cc74a6afe9dcad
                                                                                    • Opcode Fuzzy Hash: d2bce35dc7bea88bc8b002da499a7abb22af52d3ac8cced75f3b84996035a56c
                                                                                    • Instruction Fuzzy Hash: 1F61F162B0A68266EB048F25990476E6792FFC5BD4F44C339DE6E477DCEE3EE4009600
                                                                                    Function 00007FF8A7D91850 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 172COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateEventSleepabort
                                                                                    • String ID: Assertion %s failed at %s:%d$j$nb_threads >= 0$src/libavutil/slicethread.c
                                                                                    • API String ID: 723382662-4085466978
                                                                                    • Opcode ID: 0dd97ee1e1389a45ab9eeccc6ffecfb3266947cce79cf5f2d17546453878bf81
                                                                                    • Instruction ID: 1ec22777cf21c1df4feed4e9950d12c1306baeed50cfd37d5eb2a55b69895abc
                                                                                    • Opcode Fuzzy Hash: 0dd97ee1e1389a45ab9eeccc6ffecfb3266947cce79cf5f2d17546453878bf81
                                                                                    • Instruction Fuzzy Hash: C271C432A0AB82A6E7249F21D5403AE73A1FB847C4F044635DEAD47B89DF3DE461E741
                                                                                    Function 00007FF8A7DFD620 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 123COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _errno
                                                                                    • String ID: exp
                                                                                    • API String ID: 2918714741-113136155
                                                                                    • Opcode ID: e90ec1942e2a92b2f1d0ed0121cc3710e2463ace097223b5873384d11cd1195e
                                                                                    • Instruction ID: ccaa7b1ca54aadb265f231e1d907beb287337f8c920e7d01754e56f5d6d7f8b2
                                                                                    • Opcode Fuzzy Hash: e90ec1942e2a92b2f1d0ed0121cc3710e2463ace097223b5873384d11cd1195e
                                                                                    • Instruction Fuzzy Hash: E7512952D0DA85A2E7025F34E81227F6320FF96788F50D331E6CD3459AFF6DE5A1AA40
                                                                                    Function 00007FF8A7D59750 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 121COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Assertion %s failed at %s:%d$pool->alloc || pool->alloc2$src/libavutil/buffer.c
                                                                                    • API String ID: 0-4265094632
                                                                                    • Opcode ID: d76ba869af0c935bc261349364afef7ac018e203dbb1c970f62eb4bb728a1136
                                                                                    • Instruction ID: c85d901b86aee4176789ca014b7cd1d34ec1f77805c900a7b1d6b0ac59d2d586
                                                                                    • Opcode Fuzzy Hash: d76ba869af0c935bc261349364afef7ac018e203dbb1c970f62eb4bb728a1136
                                                                                    • Instruction Fuzzy Hash: 3F515772606B81A2EB509F11E4887AE37A8FB48BC9F455235DEAD07394DF3CE454D380
                                                                                    Function 00007FF8A7D76510 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 119COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: abort
                                                                                    • String ID: Assertion %s failed at %s:%d$duration >= 0$in_ts != ((int64_t)0x8000000000000000ULL)$src/libavutil/mathematics.c
                                                                                    • API String ID: 4206212132-3367517387
                                                                                    • Opcode ID: 513caed045a4db0526df902e940f6b02687e0721ee3627fbbd4727eb2fb21fc4
                                                                                    • Instruction ID: a220ad75fe4174db1dc8ad879fddbcbfd2662f9849824d0c0496ac1694597c68
                                                                                    • Opcode Fuzzy Hash: 513caed045a4db0526df902e940f6b02687e0721ee3627fbbd4727eb2fb21fc4
                                                                                    • Instruction Fuzzy Hash: E141EA72B0AB8590EA20DF41F9547AEA764FB84BD0F844136EE4D07B99EE7CE141D700
                                                                                    Function 00007FF8A7D961E0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 85COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: abort
                                                                                    • String ID: !dual_stride || !(dual_stride & (dual_stride - 1))$Assertion %s failed at %s:%d$dual_stride <= basis$src/libavutil/tx.c
                                                                                    • API String ID: 4206212132-1907613106
                                                                                    • Opcode ID: b2d68d41104b27e6dcc2f546f5ee05c62e4ee261660e14a4176fa03e21371bc5
                                                                                    • Instruction ID: 76d2e4f359c098cf09a80f0dce5f0e4a657978bf0648c027183b93a92f2bd0b3
                                                                                    • Opcode Fuzzy Hash: b2d68d41104b27e6dcc2f546f5ee05c62e4ee261660e14a4176fa03e21371bc5
                                                                                    • Instruction Fuzzy Hash: F031E872A0A685A6E7608F11A4407AF7660FB487D4F544235EEAD03F58DF3CE054DB40
                                                                                    Function 00007FF8A7D7E750 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strcmp
                                                                                    • String ID: none$ntsc
                                                                                    • API String ID: 1004003707-2486863473
                                                                                    • Opcode ID: 6b738e6fadc790c156b69ca33ae2bb0c185686464ba8ef256ca71794a6c641fc
                                                                                    • Instruction ID: f31a7390618ad34bc55fd922b968fde6c3f53bde82c2d0a92b0f4d9f45657c92
                                                                                    • Opcode Fuzzy Hash: 6b738e6fadc790c156b69ca33ae2bb0c185686464ba8ef256ca71794a6c641fc
                                                                                    • Instruction Fuzzy Hash: 3811D372F0A15165EB218F29E8447BE6790EB44BE8F484131EE5C8B398DE3CE591E340
                                                                                    Function 00007FF8A7E09780 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54threadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: CurrentDebugOutputStringThread_ultoaabort
                                                                                    • String ID: Error cleaning up spin_keys for thread
                                                                                    • API String ID: 4191895893-2906507043
                                                                                    • Opcode ID: 81378f2af0811eeb7f04898ebd31de8b15f56f487cc7d9f9e4b7e3e7059bb688
                                                                                    • Instruction ID: d873822dbcf524e0b567c479fa3da214c0494a13529d3681aa6fb5e3e92ca4ef
                                                                                    • Opcode Fuzzy Hash: 81378f2af0811eeb7f04898ebd31de8b15f56f487cc7d9f9e4b7e3e7059bb688
                                                                                    • Instruction Fuzzy Hash: D211E2B2B0E682A1FB644F24E41837D1691EF86BE1F984730DA5C4A7D4DE2CEC5AD311
                                                                                    Function 00007FF8BFAB2780 Relevance: 7.7, APIs: 5, Instructions: 200synchronizationCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2301259236.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2301134546.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301373372.00007FF8BFAB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301404788.00007FF8BFAB9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301429850.00007FF8BFABC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8bfab0000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: ObjectSingleWait
                                                                                    • String ID:
                                                                                    • API String ID: 24740636-0
                                                                                    • Opcode ID: 128c7c0c7c4041ad80a73ece8c7e6e0e6db133071bd0854d49eb70ad7e1cdf79
                                                                                    • Instruction ID: a4823367606b52ddd40bf2a32ccc56a7bb79db44261a902e98051456d8cee3df
                                                                                    • Opcode Fuzzy Hash: 128c7c0c7c4041ad80a73ece8c7e6e0e6db133071bd0854d49eb70ad7e1cdf79
                                                                                    • Instruction Fuzzy Hash: 9491A822918E4346E73B4BAC941237A73E0BF857E8F546236CB6D466D6EF3CE4428740
                                                                                    Function 00007FF8A7E078B0 Relevance: 7.7, APIs: 5, Instructions: 180synchronizationCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: Wait$ObjectSingle$EventMultipleObjectsReset
                                                                                    • String ID:
                                                                                    • API String ID: 654736092-0
                                                                                    • Opcode ID: 34fbc9e2f4b500ec35d71564d19f70a292e06c702ea4cefd25497b8e02179aaa
                                                                                    • Instruction ID: b7c9a855f58a6853ac27746c6a4f179e77f0d9a2fd23356579b4d3e3e4f4008b
                                                                                    • Opcode Fuzzy Hash: 34fbc9e2f4b500ec35d71564d19f70a292e06c702ea4cefd25497b8e02179aaa
                                                                                    • Instruction Fuzzy Hash: 8B514831F8E50361FEA15A2A940537F0292FF90FDAF994531D94E862D1ED6CA9B3A201
                                                                                    Function 00007FF8A7E08970 Relevance: 7.6, APIs: 5, Instructions: 102threadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: CurrentThread
                                                                                    • String ID:
                                                                                    • API String ID: 2882836952-0
                                                                                    • Opcode ID: 64ab8e10bfe97489d8a8b5c547ce0e4a8904eff289fa1a41a4582324bccb7b1a
                                                                                    • Instruction ID: 6570a40eb0d70f6ae58390ff6fe689de3f52f8d7b0a1ef91fbaa8d12dbf057c1
                                                                                    • Opcode Fuzzy Hash: 64ab8e10bfe97489d8a8b5c547ce0e4a8904eff289fa1a41a4582324bccb7b1a
                                                                                    • Instruction Fuzzy Hash: B1310833B4659296FB569F28D94872E2294EF40BE0F844535DF0C86A80EE3CEC92E741
                                                                                    Function 00007FF8A7D7A167 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 72stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strcmp
                                                                                    • String ID: %-15s $auto$false$true
                                                                                    • API String ID: 1004003707-1025821387
                                                                                    • Opcode ID: fb3527bd10113371e98a9a1ec61775ec9984070070ae132d8b4dc0cee117fe9d
                                                                                    • Instruction ID: 34f45bd970e81b3bd4b90ebee44541aa9e21f0033cf0ab27b69379823aa44d18
                                                                                    • Opcode Fuzzy Hash: fb3527bd10113371e98a9a1ec61775ec9984070070ae132d8b4dc0cee117fe9d
                                                                                    • Instruction Fuzzy Hash: 08315032A0B642AAEB609F11A2413FE2365FF40BC1F445136DA6D47699DF3CF460E780
                                                                                    Function 00007FF8A7E07400 Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: CriticalSection$Leave$EnterReleaseSemaphore
                                                                                    • String ID:
                                                                                    • API String ID: 2813224205-0
                                                                                    • Opcode ID: f1a7a2740e80d1d3259fae1787131c9bb634157a3b26bf56fc66d50a79331669
                                                                                    • Instruction ID: 26fbce89fe8708d63bf7db2c87d4407900fa129886ac193ca16d121848ce7d28
                                                                                    • Opcode Fuzzy Hash: f1a7a2740e80d1d3259fae1787131c9bb634157a3b26bf56fc66d50a79331669
                                                                                    • Instruction Fuzzy Hash: 9D01F123F1621A93EB458F2ABC912699280FF99BE6F849636CD0E42750DD3C9DC2D300
                                                                                    Function 00007FF8BFAB5BA0 Relevance: 7.5, APIs: 5, Instructions: 31COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2301259236.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2301134546.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301373372.00007FF8BFAB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301404788.00007FF8BFAB9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301429850.00007FF8BFABC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8bfab0000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: Process$CloseCurrentErrorHandleLastOpen_errno
                                                                                    • String ID:
                                                                                    • API String ID: 202612177-0
                                                                                    • Opcode ID: 59d5a97e427603bb888d026b8b2610f650cbaf0f5f7bb9ca25a91e49a38cba3c
                                                                                    • Instruction ID: bbd6010243615727c3e6b8635d41e39141534dcae90205f1cf898979c307e146
                                                                                    • Opcode Fuzzy Hash: 59d5a97e427603bb888d026b8b2610f650cbaf0f5f7bb9ca25a91e49a38cba3c
                                                                                    • Instruction Fuzzy Hash: FAF01260F09E0747FB2C5BED94963346391AF4C799F446438CB2E867D2EE2C68D68710
                                                                                    Function 00007FF8A7D64910 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 306stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _aligned_freestrlen
                                                                                    • String ID: Invalid chars '%s' at the end of expression '%s'$d
                                                                                    • API String ID: 1887580107-3215087449
                                                                                    • Opcode ID: 5a1976bc1fae1619cc5837e51ad9f9ceb58bf78b7d192d9c0debe48df1a25819
                                                                                    • Instruction ID: 847f11fe04e46f375a423ad9b595dc8eff9df235f4476fef95241daf600de1c0
                                                                                    • Opcode Fuzzy Hash: 5a1976bc1fae1619cc5837e51ad9f9ceb58bf78b7d192d9c0debe48df1a25819
                                                                                    • Instruction Fuzzy Hash: CBE16E2661AA4691DA10DF1AE49026EAB70FFC5BD0F100232FB9D477AAEF3DE445D740
                                                                                    Function 00007FF8A7D915C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 122COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: abort
                                                                                    • String ID: Assertion %s failed at %s:%d$nb_jobs > 0$src/libavutil/slicethread.c
                                                                                    • API String ID: 4206212132-1031856425
                                                                                    • Opcode ID: 6ee0518d565bae88eeec7544e1c0ff8f03f36ef7bb88ca07a7aea4a2878acd5c
                                                                                    • Instruction ID: 4a788dbdf0d405a005f63fbe3e94187e6f6abcfaa2ec4ebf83c271aa0743e9c8
                                                                                    • Opcode Fuzzy Hash: 6ee0518d565bae88eeec7544e1c0ff8f03f36ef7bb88ca07a7aea4a2878acd5c
                                                                                    • Instruction Fuzzy Hash: A141C637B06A41A6EB24DF29E44066EB7A1FB84BD8F588139CE5D03A54DF3DE442D740
                                                                                    Function 00007FF8A7D55FB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strspn$strlen
                                                                                    • String ID:
                                                                                    • API String ID: 697951671-596783616
                                                                                    • Opcode ID: c2f3e75c8f79a9c271b989593eea45416c26161b9ab45691b9c7843e23effee5
                                                                                    • Instruction ID: ed392ba2f7b3045d2d6a0368e1033e310a42b60406f9d241aa3da1e2f072e7b2
                                                                                    • Opcode Fuzzy Hash: c2f3e75c8f79a9c271b989593eea45416c26161b9ab45691b9c7843e23effee5
                                                                                    • Instruction Fuzzy Hash: D2319411A0F2D262EE554F199A2027E5BA2EF05FC8F485671EE6D1B389CE2DF452E300
                                                                                    Function 00007FF8A7D78990 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 94stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strtol
                                                                                    • String ID: Unable to parse option value "%s" as %s$Value %d for parameter '%s' out of %s format range [%d - %d]$none
                                                                                    • API String ID: 76114499-2908652078
                                                                                    • Opcode ID: 3dc9da589c42dd02856a593b1258d03a0b292f87372d4db75a7a8f83acead3ae
                                                                                    • Instruction ID: 0af2cf0bdef650d57ec915c6e3bed148f4201224c223d3f477f89706b781b272
                                                                                    • Opcode Fuzzy Hash: 3dc9da589c42dd02856a593b1258d03a0b292f87372d4db75a7a8f83acead3ae
                                                                                    • Instruction Fuzzy Hash: 6B311832B0EA8265E7619F35690076E6351EB817E4F508332ED6D636D8DF3CE4819700
                                                                                    Function 00007FF65EE12990 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • avformat_new_stream.AVFORMAT-60(?,?,?,00007FF65EE112F1), ref: 00007FF65EE129AD
                                                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,00007FF65EE112F1), ref: 00007FF65EE129C0
                                                                                    • fprintf.MSPDB140-MSVCRT ref: 00007FF65EE129D3
                                                                                      • Part of subcall function 00007FF65EE12320: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,00007FF65EE129D8,?,?,?,00007FF65EE112F1), ref: 00007FF65EE12357
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2294622948.00007FF65EE11000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF65EE10000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2294598232.00007FF65EE10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294667462.00007FF65EE15000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294698930.00007FF65EE16000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2294724582.00007FF65EE19000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff65ee10000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: __acrt_iob_func__stdio_common_vfprintfavformat_new_streamfprintf
                                                                                    • String ID: Couldn't create stream for encoder '%s'
                                                                                    • API String ID: 306180413-3485626053
                                                                                    • Opcode ID: 97d36ac62344db8522675eb32487dc47749b1acbad2880230df25e82e6eb689d
                                                                                    • Instruction ID: c18e08f7737bdc28e6db2fd1359f855a1bd753eb6e20e1a6e30ed8289a0f6885
                                                                                    • Opcode Fuzzy Hash: 97d36ac62344db8522675eb32487dc47749b1acbad2880230df25e82e6eb689d
                                                                                    • Instruction Fuzzy Hash: 74F06D32B29B9181EE48CB56F951069A7A1FB9CBD0B48D035FE4D53719DE3CD592CB00
                                                                                    Function 00007FF8A7D6D880 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strtol
                                                                                    • String ID: Disabling use of CUDA primary device context$Using CUDA primary device context$primary_ctx
                                                                                    • API String ID: 76114499-1919470267
                                                                                    • Opcode ID: 3c091e27e2dbc98c8e65e12db3f15324b02cb9e40d48561a3b36329f0690444e
                                                                                    • Instruction ID: 2ba027a6312772d813f36fafce51d831a6e3fb58b5d242203d4eaf0e287c2e26
                                                                                    • Opcode Fuzzy Hash: 3c091e27e2dbc98c8e65e12db3f15324b02cb9e40d48561a3b36329f0690444e
                                                                                    • Instruction Fuzzy Hash: 07F09021F1B20260FA54BF66A4167BD1300EF96BD4F846932EC2D0A7E6DD2CA040E340
                                                                                    Function 00007FF8A7D59960 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 27COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: abort
                                                                                    • String ID: Assertion %s failed at %s:%d$buf$src/libavutil/buffer.c
                                                                                    • API String ID: 4206212132-2693306993
                                                                                    • Opcode ID: 6a1729c8ae82779914f64dfb9c10cf82327e2bfa5a8fbcb130779104fee64848
                                                                                    • Instruction ID: 348486c795470bb18440f727c04e0ec0658c4baefa529870d7ec3e117e4e7aef
                                                                                    • Opcode Fuzzy Hash: 6a1729c8ae82779914f64dfb9c10cf82327e2bfa5a8fbcb130779104fee64848
                                                                                    • Instruction Fuzzy Hash: E3E06D71B0AB46A1EA14AF65E40119D27A0EF88F84F948136DA4C073B4DF3CE111D714
                                                                                    Function 00007FF8A7D77500 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 14COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: abort
                                                                                    • String ID: Assertion %s failed at %s:%d$src/libavutil/mem.c$val || !min_size
                                                                                    • API String ID: 4206212132-3343232236
                                                                                    • Opcode ID: 9f2d832eee8a386a6791954090d46eb0d2479cb7aefd3148675639f8814a35ca
                                                                                    • Instruction ID: ce8901a1647605514dbf1a85281a2ed776f87d640f122caf08f7856298604bad
                                                                                    • Opcode Fuzzy Hash: 9f2d832eee8a386a6791954090d46eb0d2479cb7aefd3148675639f8814a35ca
                                                                                    • Instruction Fuzzy Hash: 17E08CB194BB42A0EB50EF50A8013FD3760FF59784FC44236D44E16AA4EF3CA125D660
                                                                                    Function 00007FF8A7D655A0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 12COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: abort
                                                                                    • String ID: Assertion %s failed at %s:%d$cur_size >= size$src/libavutil/fifo.c
                                                                                    • API String ID: 4206212132-2007657860
                                                                                    • Opcode ID: 88a5e5efd281f7ab3c7b4b2a72e72c85cd5da5ff7f8b021ecd333fd393f9dcb8
                                                                                    • Instruction ID: fb23950b1e5fbc2a6679ac492234ac62a9e0a7e2eb1b11bba23f78abdd315c09
                                                                                    • Opcode Fuzzy Hash: 88a5e5efd281f7ab3c7b4b2a72e72c85cd5da5ff7f8b021ecd333fd393f9dcb8
                                                                                    • Instruction Fuzzy Hash: F0D0C231A0A942A0E300EF1094022FC27A0FB48780F814532E04D03260CF3CE115D710
                                                                                    Function 00007FF8BFAB3BE0 Relevance: 6.1, APIs: 4, Instructions: 126synchronizationCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2301259236.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2301134546.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301373372.00007FF8BFAB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301404788.00007FF8BFAB9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301429850.00007FF8BFABC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8bfab0000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: ObjectSingleWait$EventReset
                                                                                    • String ID:
                                                                                    • API String ID: 466820088-0
                                                                                    • Opcode ID: 23d1a419ce0311e38330c9e7fff77312c1ba9e2a20c5924deb88d3609af00be2
                                                                                    • Instruction ID: 574fb24ad15de5cb9e7ab4379bbbd77c9c51b2f695eac9d5474c3850dcc91e0e
                                                                                    • Opcode Fuzzy Hash: 23d1a419ce0311e38330c9e7fff77312c1ba9e2a20c5924deb88d3609af00be2
                                                                                    • Instruction Fuzzy Hash: D7416532A08B4186EB59DF69E4422AD7361FB84BCCF485035DB4D4768ADF3CE555CB40
                                                                                    Function 00007FF8A7D51010 Relevance: 6.1, APIs: 4, Instructions: 124sleepCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: Sleep_amsg_exit
                                                                                    • String ID:
                                                                                    • API String ID: 1015461914-0
                                                                                    • Opcode ID: 3224bf86eb5cef696b33d2aba6a83138660028b8981cd15249a10f7ce29e597b
                                                                                    • Instruction ID: 0ea5004a9421fa1e502b7161173fc19ffb7cae0b81b25b25eb167024677acf28
                                                                                    • Opcode Fuzzy Hash: 3224bf86eb5cef696b33d2aba6a83138660028b8981cd15249a10f7ce29e597b
                                                                                    • Instruction Fuzzy Hash: 9641B032E0B582A6F6128F2AE85077D23A5EF44BC4F54517ACE1D47398DE3EE891B310
                                                                                    Function 00007FF8A7D566B0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strlen$strchr
                                                                                    • String ID: ALL
                                                                                    • API String ID: 3013107155-2914988887
                                                                                    • Opcode ID: fcefe4586e90ed2a4975fb323870bf9105dc7dc9ba43fdb0f7cef785815bcb23
                                                                                    • Instruction ID: dbc8ab178fdd47f32dc39d19c9bb474ae40697e09225764540632a0be6a78876
                                                                                    • Opcode Fuzzy Hash: fcefe4586e90ed2a4975fb323870bf9105dc7dc9ba43fdb0f7cef785815bcb23
                                                                                    • Instruction Fuzzy Hash: 11313B57B0B0A122FF65CD316A34B7D4AA29F45BC0F486630CD6907E89DE6C9896A300
                                                                                    Function 00007FF8BFAB1CF0 Relevance: 6.1, APIs: 4, Instructions: 102threadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2301259236.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2301134546.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301373372.00007FF8BFAB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301404788.00007FF8BFAB9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301429850.00007FF8BFABC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8bfab0000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseHandle$ResumeThread_beginthreadexfreemalloc
                                                                                    • String ID:
                                                                                    • API String ID: 1141387253-0
                                                                                    • Opcode ID: 66f779a04675420d10c3e0e1a40261c3780ffcd5451449fc6e1faf9f36e06287
                                                                                    • Instruction ID: dc818b10f9cd4fb0ac89dccc8893b49b6fec6a060f3bece547f26b8fecbba3c8
                                                                                    • Opcode Fuzzy Hash: 66f779a04675420d10c3e0e1a40261c3780ffcd5451449fc6e1faf9f36e06287
                                                                                    • Instruction Fuzzy Hash: 8741AF32A08F8186E7699F59A4412BAB7A0FB98B98F54A134EF8D03755EF3CE541C740
                                                                                    Function 00007FF8BFAB1AE0 Relevance: 6.1, APIs: 4, Instructions: 99COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2301259236.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2301134546.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301373372.00007FF8BFAB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301404788.00007FF8BFAB9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301429850.00007FF8BFABC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8bfab0000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a5ed3023e85355d8c7d662a5ea9ebd51d1dc57e461f8a813a7e81e918f6af5b3
                                                                                    • Instruction ID: f6d046bced06893fd8023a3040a5898bb31b6bc7282ead6e79c2df2747187854
                                                                                    • Opcode Fuzzy Hash: a5ed3023e85355d8c7d662a5ea9ebd51d1dc57e461f8a813a7e81e918f6af5b3
                                                                                    • Instruction Fuzzy Hash: 14414B72A08F4286EB19DB99E84223967A5FF84BD8B546435CF0D43396EF3CE856C740
                                                                                    Function 00007FF8BFAB1790 Relevance: 6.1, APIs: 4, Instructions: 96threadsynchronizationinjectionCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2301259236.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2301134546.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301373372.00007FF8BFAB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301404788.00007FF8BFAB9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301429850.00007FF8BFABC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8bfab0000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: Thread$ObjectResumeSingleSuspendWait
                                                                                    • String ID:
                                                                                    • API String ID: 879609812-0
                                                                                    • Opcode ID: e0952a9e7b9d2dd58eff9cf88d52fd7236f715f562f819b9b31cf785f32f6f21
                                                                                    • Instruction ID: aad02688b7c4e7b48e43b8a5f338542ea022bc79fc03d689489454146c940a0f
                                                                                    • Opcode Fuzzy Hash: e0952a9e7b9d2dd58eff9cf88d52fd7236f715f562f819b9b31cf785f32f6f21
                                                                                    • Instruction Fuzzy Hash: 6A41743290898586E7258FA9D4423BD63A1FF94BDCF546031DB4D47686DF3CE985CB40
                                                                                    Function 00007FF8A7E06900 Relevance: 6.1, APIs: 4, Instructions: 92COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: Byte$CharLeadMultiWide
                                                                                    • String ID:
                                                                                    • API String ID: 2561704868-0
                                                                                    • Opcode ID: 1a996603528365f6f637cd234a293156ba757802906f7287cb03bbb997d6b298
                                                                                    • Instruction ID: 2bad63f18332b925d00d2a0fe191808433099ff6a4fd92d506bf3c5ff35ddbf1
                                                                                    • Opcode Fuzzy Hash: 1a996603528365f6f637cd234a293156ba757802906f7287cb03bbb997d6b298
                                                                                    • Instruction Fuzzy Hash: 0331F672A4D28186E3618F28F42036D77A0FB84BC4F948231DAD847BC5DF3DD5A29B00
                                                                                    Function 00007FF8A7E0BF60 Relevance: 6.1, APIs: 4, Instructions: 84timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: Time$FileSystem_errno
                                                                                    • String ID:
                                                                                    • API String ID: 3586254970-0
                                                                                    • Opcode ID: 49a1365162b2beb6e2a3ccfb8f5b0d34ed3bda1431d8c2c1350c42e5770df44f
                                                                                    • Instruction ID: 501137d9330dcb1bcaa494c136d01ee3b771de2f164e0fb39b9565232add03b0
                                                                                    • Opcode Fuzzy Hash: 49a1365162b2beb6e2a3ccfb8f5b0d34ed3bda1431d8c2c1350c42e5770df44f
                                                                                    • Instruction Fuzzy Hash: DE31A233B4A64A9AEA548F35DE0017D6292EB94FD8F588231DD0D477F4EE3CE952D200
                                                                                    Function 00007FF8BFAB2670 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2301259236.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2301134546.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301373372.00007FF8BFAB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301404788.00007FF8BFAB9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301429850.00007FF8BFABC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8bfab0000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 199528771ef270659c4c603ab843dedc8cd56cbcb61e71196821b80f414cc4d2
                                                                                    • Instruction ID: 6fbd0507cb6bfef678d2cb3138fd380c2066cc23d72fc28bee3ed27ec24ca896
                                                                                    • Opcode Fuzzy Hash: 199528771ef270659c4c603ab843dedc8cd56cbcb61e71196821b80f414cc4d2
                                                                                    • Instruction Fuzzy Hash: 04317E36A09F4186EB6A8F59E46112877F0FB48FC8B59903ACB4C03B45DF38E892C744
                                                                                    Function 00007FF8A7E0B1F0 Relevance: 6.1, APIs: 4, Instructions: 69synchronizationCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: Handle$Close$InformationObjectSingleValueWait
                                                                                    • String ID:
                                                                                    • API String ID: 3336430066-0
                                                                                    • Opcode ID: 549c524895db14aa5244f77738d71316e65da89358fac4c80a16bd5f07bf5018
                                                                                    • Instruction ID: ab1f7cebcffe7383bb294f840c7d131f73a283e3a4687dc74230ffee7af558b8
                                                                                    • Opcode Fuzzy Hash: 549c524895db14aa5244f77738d71316e65da89358fac4c80a16bd5f07bf5018
                                                                                    • Instruction Fuzzy Hash: 34215C32B5B682A0FA519F61D8487BE6394EF44FE0F480631DE2D863D5DE2CD852E304
                                                                                    Function 00007FF8A7D781C0 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _aligned_free_aligned_mallocmemset
                                                                                    • String ID:
                                                                                    • API String ID: 881591362-0
                                                                                    • Opcode ID: cb9fa4dfdc566d95d76ac6a2519e6b12bbd1fac9c9e4a918d491552342bc60f3
                                                                                    • Instruction ID: 1132ff21a3b4499fea92982d25973356d17f1bce2c9ae50355bdf8e1169aca86
                                                                                    • Opcode Fuzzy Hash: cb9fa4dfdc566d95d76ac6a2519e6b12bbd1fac9c9e4a918d491552342bc60f3
                                                                                    • Instruction Fuzzy Hash: A1219FB2B0AB4196FB515F65FA0036C63D1EB58BD5F488230CE6D23798EE7C59859300
                                                                                    Function 00007FF8A7D82150 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 69stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strlen$strchrstrcmp
                                                                                    • String ID: yuv420p
                                                                                    • API String ID: 3490844034-503634524
                                                                                    • Opcode ID: 633ea0c1e1550fd14e7121fbcdf51e94ec169c277e73b1c36fc1efad037321a4
                                                                                    • Instruction ID: 8dc36250da63199f7d2476435c6a33a1696c71988dc6a744fbb300f719e5efeb
                                                                                    • Opcode Fuzzy Hash: 633ea0c1e1550fd14e7121fbcdf51e94ec169c277e73b1c36fc1efad037321a4
                                                                                    • Instruction Fuzzy Hash: 86213661E0E18231FF258E20A41573D97A0EF22BC4F884332CA2E066D8DE6CF591E305
                                                                                    Function 00007FF8BFAB5E70 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF8BFAB1B64,?,?,?,?,?,00000002,00000000,00007FF8BFAB4983), ref: 00007FF8BFAB5F1E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2301259236.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2301134546.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301373372.00007FF8BFAB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301404788.00007FF8BFAB9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301429850.00007FF8BFABC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8bfab0000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _errno
                                                                                    • String ID:
                                                                                    • API String ID: 2918714741-0
                                                                                    • Opcode ID: 96d3de31802f6f9abf018a6055aabe2c4eb702216a45d5bc26d38f291c6951f2
                                                                                    • Instruction ID: 9cb1521f21eaa95fc267d288aea0eb55d694d75ac045925c7100a4352af79138
                                                                                    • Opcode Fuzzy Hash: 96d3de31802f6f9abf018a6055aabe2c4eb702216a45d5bc26d38f291c6951f2
                                                                                    • Instruction Fuzzy Hash: 50219232A08F4286F368DF69E441129B3A1EB887D8F546131DB5D43B9AEF3CE8028710
                                                                                    Function 00007FF8A7D605F0 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _aligned_free
                                                                                    • String ID:
                                                                                    • API String ID: 2229574080-0
                                                                                    • Opcode ID: d8a117b9735c8cceecb487bba0c084549c0ddfc89fe5e4f491a561c101f37a0f
                                                                                    • Instruction ID: cb9efde2f1a9eb750afd0aa638b619faea197a2efc777920dd70d62a42f97063
                                                                                    • Opcode Fuzzy Hash: d8a117b9735c8cceecb487bba0c084549c0ddfc89fe5e4f491a561c101f37a0f
                                                                                    • Instruction Fuzzy Hash: 6A110A22F1770223E955AF099449B7E129AEF887E0F000B35DE5D0B386DE38DC40D380
                                                                                    Function 00007FF8BFAB58A0 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2301259236.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2301134546.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301373372.00007FF8BFAB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301404788.00007FF8BFAB9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301429850.00007FF8BFABC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8bfab0000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _endthreadex$Valuefree
                                                                                    • String ID:
                                                                                    • API String ID: 1763976194-0
                                                                                    • Opcode ID: ad5126445cb35a49f1ec9a11fd8a50259baa29f677a2b30741e53d48839e9ca9
                                                                                    • Instruction ID: 7b708ce0f738c212b445034b11356fd03f346b3f1f2fad459ab3222d343ff0a1
                                                                                    • Opcode Fuzzy Hash: ad5126445cb35a49f1ec9a11fd8a50259baa29f677a2b30741e53d48839e9ca9
                                                                                    • Instruction Fuzzy Hash: FC214F36604F0286DB149F6DE89116D7364FB88BA8B242235DF6E473A6DF3DD896C700
                                                                                    Function 00007FF8BFAB5CF0 Relevance: 6.1, APIs: 4, Instructions: 52sleepCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CloseHandle.KERNEL32(?,?,?,00007FF8BFAB1BA8,?,?,?,?,?,00000002,00000000,00007FF8BFAB4983), ref: 00007FF8BFAB5D3C
                                                                                      • Part of subcall function 00007FF8BFAB2F10: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,00000018,00007FF8BFAB25B8), ref: 00007FF8BFAB2FFF
                                                                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF8BFAB1BA8,?,?,?,?,?,00000002,00000000,00007FF8BFAB4983), ref: 00007FF8BFAB5D54
                                                                                    • Sleep.KERNEL32(?,?,?,00007FF8BFAB1BA8,?,?,?,?,?,00000002,00000000,00007FF8BFAB4983), ref: 00007FF8BFAB5D92
                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8BFAB1BA8,?,?,?,?,?,00000002,00000000,00007FF8BFAB4983), ref: 00007FF8BFAB5DA9
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2301259236.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2301134546.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301373372.00007FF8BFAB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301404788.00007FF8BFAB9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301429850.00007FF8BFABC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8bfab0000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseEventHandleSleep_errnofree
                                                                                    • String ID:
                                                                                    • API String ID: 1909294951-0
                                                                                    • Opcode ID: fb46983425866d5872816068a530570fbf95f67e655fb18db1a897369a563da2
                                                                                    • Instruction ID: 16089c0a818669f6ae9d1fac51722cf358e21893fbfd9a45d0bc1bd6f536e98d
                                                                                    • Opcode Fuzzy Hash: fb46983425866d5872816068a530570fbf95f67e655fb18db1a897369a563da2
                                                                                    • Instruction Fuzzy Hash: 5A116331609E4386EB28DFA9E45627A63A0EF447C8F546531D75E47AE7DF3CE4428700
                                                                                    Function 00007FF8A7DFD8E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _errno
                                                                                    • String ID: log
                                                                                    • API String ID: 2918714741-2403297477
                                                                                    • Opcode ID: fa12abfb3e14b30e677fb45da5cfe9a9bbeb6b1c1569a3c707cd0e3862981db9
                                                                                    • Instruction ID: 39db70e4288b22292b48a8025666c7839310a7aa017feed5a93aa972146b436a
                                                                                    • Opcode Fuzzy Hash: fa12abfb3e14b30e677fb45da5cfe9a9bbeb6b1c1569a3c707cd0e3862981db9
                                                                                    • Instruction Fuzzy Hash: 5D210632D1EB4692E7029F34A45027F6721FFD5B88F509338E69D05699DF6DE0A1AB00
                                                                                    Function 00007FF8A7DFD4E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _errno
                                                                                    • String ID: cos
                                                                                    • API String ID: 2918714741-2662988677
                                                                                    • Opcode ID: 903857df638d29162f1127ec14efd8d82056fcd9a594b0710213474096d9e04a
                                                                                    • Instruction ID: c0e8beb2ad6221bc11137eb839fff04e7ad51c766e3ea9fe80710d116ab1392c
                                                                                    • Opcode Fuzzy Hash: 903857df638d29162f1127ec14efd8d82056fcd9a594b0710213474096d9e04a
                                                                                    • Instruction Fuzzy Hash: D6212F62D1EB8682EB029F38A40027F6321FFD2348F149334FAD91569ADF6DE0E59700
                                                                                    Function 00007FF8A7DFE120 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _errno
                                                                                    • String ID: sin
                                                                                    • API String ID: 2918714741-3083047850
                                                                                    • Opcode ID: 1712686245d460706722795bac48a202a04de283def8482a719af71ef36c7ef1
                                                                                    • Instruction ID: 78687ce15dbb7ef510f38e82fe69d564589c4829eca5da46205f8b96cfa0a952
                                                                                    • Opcode Fuzzy Hash: 1712686245d460706722795bac48a202a04de283def8482a719af71ef36c7ef1
                                                                                    • Instruction Fuzzy Hash: 65210072D0EB8592EB028F39A40127F6321EFD1348F109334FA991559ADF6DE0E19B10
                                                                                    Function 00007FF8A7D5FFF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: strftime
                                                                                    • String ID: %Y-%m-%dT%H:%M:%S$.%06dZ
                                                                                    • API String ID: 1100141660-930656424
                                                                                    • Opcode ID: 6197a247b2b8d8ceb3bdce396f44f74d54b797a4093b4ad4865344da7c3ecd53
                                                                                    • Instruction ID: 466bf317f283d3626d212195203d15edc93ec61cc37b45fd650820f53045aac2
                                                                                    • Opcode Fuzzy Hash: 6197a247b2b8d8ceb3bdce396f44f74d54b797a4093b4ad4865344da7c3ecd53
                                                                                    • Instruction Fuzzy Hash: 1111026271A64224EA519E267C01AEA5611EB49BF4F885332FD3D6B7D9DD3CE041A300
                                                                                    Function 00007FF8A7D77870 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: _aligned_malloc
                                                                                    • String ID: Microsoft Primitive Provider
                                                                                    • API String ID: 175129771-4132848957
                                                                                    • Opcode ID: 61d24a781ba67f0d1d7f4682cf0f95fd41d5d8f035c987dadc3b785e5cf7c726
                                                                                    • Instruction ID: e3a159b789b874825a24829edc4ad48605f8694d0cefd48aede464b55fda3d4a
                                                                                    • Opcode Fuzzy Hash: 61d24a781ba67f0d1d7f4682cf0f95fd41d5d8f035c987dadc3b785e5cf7c726
                                                                                    • Instruction Fuzzy Hash: DFF0BE11F0B15622FD949A93A802BB84381DF58BE4D484935DE2C5B785EC3CA882E744
                                                                                    Function 00007FF8A7D5DDB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: abort
                                                                                    • String ID: Assertion %s failed at %s:%d$src/libavutil/crc.c
                                                                                    • API String ID: 4206212132-3600904276
                                                                                    • Opcode ID: bba2b5a7149953d7c06390e03a8456bfcd7d5d25b4af83ad1be5f4adfa0ba47c
                                                                                    • Instruction ID: 0032976691081747a848e96e384391e488417eea3e7e79e6c94d5b1f56b3c924
                                                                                    • Opcode Fuzzy Hash: bba2b5a7149953d7c06390e03a8456bfcd7d5d25b4af83ad1be5f4adfa0ba47c
                                                                                    • Instruction Fuzzy Hash: 77E0E5B1A0B646B1E704AF50E0422FD2362EF18780F408536D14C02365CE3CE214D710
                                                                                    Function 00007FF8A7E07F10 Relevance: 5.1, APIs: 4, Instructions: 84COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                    • String ID:
                                                                                    • API String ID: 3168844106-0
                                                                                    • Opcode ID: dbaf99fa4423a1f3adf368dfeb11cd1e5322a0253855be351de1d8e7fc337a2b
                                                                                    • Instruction ID: 8b5c5bb3318c63f386ac2718d881c7339e325b27f2877738fc84facee837193f
                                                                                    • Opcode Fuzzy Hash: dbaf99fa4423a1f3adf368dfeb11cd1e5322a0253855be351de1d8e7fc337a2b
                                                                                    • Instruction Fuzzy Hash: 29316272B156429AEB94CF31D41076E6390FB40FACF588232DD294A784DF3CD8A6D750
                                                                                    Function 00007FF8A7E07DD0 Relevance: 5.1, APIs: 4, Instructions: 81COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                    • String ID:
                                                                                    • API String ID: 3168844106-0
                                                                                    • Opcode ID: 3daa023327df31125aad0ab46ab992fec0b38e9f634fe2131313756e927dbfc2
                                                                                    • Instruction ID: f6b8e5d2c0aa1e4a85a8957c82b346113a383d35e919b9b76291a0a910922a0c
                                                                                    • Opcode Fuzzy Hash: 3daa023327df31125aad0ab46ab992fec0b38e9f634fe2131313756e927dbfc2
                                                                                    • Instruction Fuzzy Hash: FD317073B0A2429AEB54CF34D40026D33A1FB44F99F588635CD198A788DF3CD896DB50
                                                                                    Function 00007FF8A7E07B90 Relevance: 5.1, APIs: 4, Instructions: 52COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,00007FF8A7E07EA7,?,?,?,?,?,?,?,?,00007FF8A7D91502), ref: 00007FF8A7E07BB6
                                                                                    • LeaveCriticalSection.KERNEL32(?,?,00007FF8A7E07EA7,?,?,?,?,?,?,?,?,00007FF8A7D91502), ref: 00007FF8A7E07BDB
                                                                                    • EnterCriticalSection.KERNEL32(?,?,00007FF8A7E07EA7,?,?,?,?,?,?,?,?,00007FF8A7D91502), ref: 00007FF8A7E07C0C
                                                                                    • LeaveCriticalSection.KERNEL32(?,?,00007FF8A7E07EA7,?,?,?,?,?,?,?,?,00007FF8A7D91502), ref: 00007FF8A7E07C16
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2300563440.00007FF8A7D51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7D50000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2300538999.00007FF8A7D50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300657829.00007FF8A7E15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300774113.00007FF8A7E16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300884512.00007FF8A7F53000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300948518.00007FF8A7F58000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F59000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2300972397.00007FF8A7F5C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000007.00000002.2301026975.00007FF8A7F5D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_7_2_7ff8a7d50000_obs-ffmpeg-mux.jbxd
                                                                                    Similarity
                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                    • String ID:
                                                                                    • API String ID: 3168844106-0
                                                                                    • Opcode ID: 3a1490edba09e3a7becc86b2e09e5672a663190b4e9fac5deeb906d35fe4d6c1
                                                                                    • Instruction ID: 5ea8e48f79a2700d39c0d3096f739acf2391402d94469b7f2c74ab70faa7e31a
                                                                                    • Opcode Fuzzy Hash: 3a1490edba09e3a7becc86b2e09e5672a663190b4e9fac5deeb906d35fe4d6c1
                                                                                    • Instruction Fuzzy Hash: D801D422B0A655A9EA159B33AC40A2E5750FB98FDAF455031DD0D07300CD3CD452A740

                                                                                    Execution Graph

                                                                                    Execution Coverage:3.4%
                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                    Signature Coverage:0%
                                                                                    Total number of Nodes:700
                                                                                    Total number of Limit Nodes:1
                                                                                    execution_graph 2502 7ff71baa27d0 2506 7ff71baa3074 SetUnhandledExceptionFilter 2502->2506 2507 7ff71baa1550 2510 7ff71baa3d50 2507->2510 2511 7ff71baa3d5f free 2510->2511 2512 7ff71baa1567 2510->2512 2511->2512 2942 7ff71baa1510 2943 7ff71baa3cc0 __std_exception_copy 2 API calls 2942->2943 2944 7ff71baa1539 2943->2944 2945 7ff71baa1590 2946 7ff71baa3d50 __std_exception_destroy free 2945->2946 2947 7ff71baa15b2 2946->2947 2951 7ff71baa7090 2952 7ff71baa70d2 __GSHandlerCheckCommon 2951->2952 2953 7ff71baa70fa 2952->2953 2955 7ff71baa3d78 2952->2955 2958 7ff71baa3da8 _IsNonwritableInCurrentImage __C_specific_handler __except_validate_context_record 2955->2958 2956 7ff71baa3e99 2956->2953 2957 7ff71baa3e64 RtlUnwindEx 2957->2958 2958->2956 2958->2957 2962 7ff71baa3090 2963 7ff71baa30c4 2962->2963 2964 7ff71baa30a8 2962->2964 2964->2963 2969 7ff71baa41c0 2964->2969 2968 7ff71baa30e2 2970 7ff71baa43d0 _CreateFrameInfo 10 API calls 2969->2970 2971 7ff71baa30d6 2970->2971 2972 7ff71baa41d4 2971->2972 2973 7ff71baa43d0 _CreateFrameInfo 10 API calls 2972->2973 2974 7ff71baa41dd 2973->2974 2974->2968 2975 7ff71baa7411 2976 7ff71baa7495 2975->2976 2977 7ff71baa7429 2975->2977 2977->2976 2978 7ff71baa43d0 _CreateFrameInfo 10 API calls 2977->2978 2979 7ff71baa7476 2978->2979 2980 7ff71baa43d0 _CreateFrameInfo 10 API calls 2979->2980 2981 7ff71baa748b terminate 2980->2981 2981->2976 2513 7ff71baa74d6 2524 7ff71baa3b54 2513->2524 2515 7ff71baa751a __GSHandlerCheck_EH 2536 7ff71baa43d0 2515->2536 2517 7ff71baa752e 2518 7ff71baa43d0 _CreateFrameInfo 10 API calls 2517->2518 2520 7ff71baa753b 2518->2520 2522 7ff71baa43d0 _CreateFrameInfo 10 API calls 2520->2522 2523 7ff71baa7548 2522->2523 2525 7ff71baa43d0 _CreateFrameInfo 10 API calls 2524->2525 2526 7ff71baa3b66 2525->2526 2527 7ff71baa3ba1 abort 2526->2527 2528 7ff71baa43d0 _CreateFrameInfo 10 API calls 2526->2528 2529 7ff71baa3b71 2528->2529 2529->2527 2530 7ff71baa3b8d 2529->2530 2531 7ff71baa43d0 _CreateFrameInfo 10 API calls 2530->2531 2532 7ff71baa3b92 2531->2532 2532->2515 2533 7ff71baa4104 2532->2533 2534 7ff71baa43d0 _CreateFrameInfo 10 API calls 2533->2534 2535 7ff71baa4112 2534->2535 2535->2515 2539 7ff71baa43ec 2536->2539 2538 7ff71baa43d9 2538->2517 2540 7ff71baa4404 2539->2540 2541 7ff71baa440b GetLastError 2539->2541 2540->2538 2553 7ff71baa6678 2541->2553 2554 7ff71baa6498 __vcrt_InitializeCriticalSectionEx 5 API calls 2553->2554 2555 7ff71baa669f TlsGetValue 2554->2555 2557 7ff71baa48c7 abort 2558 7ff71baa72c0 2559 7ff71baa72e0 2558->2559 2560 7ff71baa72d3 2558->2560 2562 7ff71baa1e80 2560->2562 2563 7ff71baa1e93 2562->2563 2565 7ff71baa1eb7 2562->2565 2564 7ff71baa1ed8 _invalid_parameter_noinfo_noreturn 2563->2564 2563->2565 2565->2559 2982 7ff71baa2700 2983 7ff71baa2710 2982->2983 2995 7ff71baa2bd8 2983->2995 2985 7ff71baa2ecc 7 API calls 2986 7ff71baa27b5 2985->2986 2987 7ff71baa2734 _RTC_Initialize 2993 7ff71baa2797 2987->2993 3003 7ff71baa2e64 InitializeSListHead 2987->3003 2993->2985 2994 7ff71baa27a5 2993->2994 2996 7ff71baa2be9 2995->2996 3001 7ff71baa2c1b 2995->3001 2997 7ff71baa2c58 2996->2997 3000 7ff71baa2bee __scrt_release_startup_lock 2996->3000 2998 7ff71baa2ecc 7 API calls 2997->2998 2999 7ff71baa2c62 2998->2999 3000->3001 3002 7ff71baa2c0b _initialize_onexit_table 3000->3002 3001->2987 3002->3001 2569 7ff71baa1d39 2570 7ff71baa1d40 2569->2570 2570->2570 2572 7ff71baa18a0 2570->2572 2579 7ff71baa2040 2570->2579 2573 7ff71baa1dd0 2572->2573 2575 7ff71baa20c0 21 API calls 2572->2575 2578 7ff71baa1d76 2572->2578 2577 7ff71baa1450 6 API calls 2573->2577 2574 7ff71baa2660 __GSHandlerCheck_EH 8 API calls 2576 7ff71baa1d87 2574->2576 2575->2572 2577->2578 2578->2574 2580 7ff71baa20a2 2579->2580 2581 7ff71baa2063 BuildCatchObjectHelperInternal 2579->2581 2584 7ff71baa2230 2580->2584 2581->2572 2583 7ff71baa20b5 2583->2572 2585 7ff71baa23ab 2584->2585 2586 7ff71baa225e 2584->2586 2588 7ff71baa17e0 21 API calls 2585->2588 2587 7ff71baa22be 2586->2587 2591 7ff71baa22b1 2586->2591 2592 7ff71baa22e6 2586->2592 2590 7ff71baa2690 5 API calls 2587->2590 2589 7ff71baa23b0 2588->2589 2593 7ff71baa1720 Concurrency::cancel_current_task 4 API calls 2589->2593 2597 7ff71baa22cf BuildCatchObjectHelperInternal 2590->2597 2591->2587 2591->2589 2596 7ff71baa2690 5 API calls 2592->2596 2592->2597 2594 7ff71baa23b6 2593->2594 2595 7ff71baa2364 _invalid_parameter_noinfo_noreturn 2598 7ff71baa2357 BuildCatchObjectHelperInternal 2595->2598 2596->2597 2597->2595 2597->2598 2598->2583 2602 7ff71baa733c _seh_filter_exe 2606 7ff71baa43b0 2607 7ff71baa43ca 2606->2607 2608 7ff71baa43b9 2606->2608 2608->2607 2609 7ff71baa43c5 free 2608->2609 2609->2607 2610 7ff71baa7130 2611 7ff71baa7168 __GSHandlerCheckCommon 2610->2611 2612 7ff71baa7194 2611->2612 2614 7ff71baa3c00 2611->2614 2615 7ff71baa43d0 _CreateFrameInfo 10 API calls 2614->2615 2616 7ff71baa3c42 2615->2616 2617 7ff71baa43d0 _CreateFrameInfo 10 API calls 2616->2617 2618 7ff71baa3c4f 2617->2618 2619 7ff71baa43d0 _CreateFrameInfo 10 API calls 2618->2619 2620 7ff71baa3c58 __GSHandlerCheck_EH 2619->2620 2623 7ff71baa5414 2620->2623 2624 7ff71baa5443 __except_validate_context_record 2623->2624 2625 7ff71baa43d0 _CreateFrameInfo 10 API calls 2624->2625 2626 7ff71baa5448 2625->2626 2627 7ff71baa55b2 __GSHandlerCheck_EH 2626->2627 2628 7ff71baa5498 2626->2628 2638 7ff71baa3ca9 2626->2638 2636 7ff71baa55f7 2627->2636 2627->2638 2667 7ff71baa3bbc 2627->2667 2629 7ff71baa559f 2628->2629 2635 7ff71baa54f3 __GSHandlerCheck_EH 2628->2635 2628->2638 2663 7ff71baa3678 2629->2663 2632 7ff71baa56a2 abort 2634 7ff71baa5543 2639 7ff71baa5cf0 2634->2639 2635->2632 2635->2634 2636->2638 2670 7ff71baa49a4 2636->2670 2638->2612 2723 7ff71baa3ba8 2639->2723 2641 7ff71baa5d40 __GSHandlerCheck_EH 2642 7ff71baa5d72 2641->2642 2643 7ff71baa5d5b 2641->2643 2645 7ff71baa43d0 _CreateFrameInfo 10 API calls 2642->2645 2644 7ff71baa43d0 _CreateFrameInfo 10 API calls 2643->2644 2646 7ff71baa5d60 2644->2646 2647 7ff71baa5d77 2645->2647 2648 7ff71baa5fd0 abort 2646->2648 2653 7ff71baa5d6a 2646->2653 2650 7ff71baa43d0 _CreateFrameInfo 10 API calls 2647->2650 2647->2653 2649 7ff71baa43d0 _CreateFrameInfo 10 API calls 2661 7ff71baa5d96 __GSHandlerCheck_EH 2649->2661 2651 7ff71baa5d82 2650->2651 2652 7ff71baa43d0 _CreateFrameInfo 10 API calls 2651->2652 2652->2653 2653->2649 2654 7ff71baa5f92 2655 7ff71baa43d0 _CreateFrameInfo 10 API calls 2654->2655 2656 7ff71baa5f97 2655->2656 2657 7ff71baa5fa2 2656->2657 2658 7ff71baa43d0 _CreateFrameInfo 10 API calls 2656->2658 2659 7ff71baa2660 __GSHandlerCheck_EH 8 API calls 2657->2659 2658->2657 2660 7ff71baa5fb5 2659->2660 2660->2638 2661->2654 2726 7ff71baa3bd0 2661->2726 2664 7ff71baa368a 2663->2664 2665 7ff71baa5cf0 __GSHandlerCheck_EH 19 API calls 2664->2665 2666 7ff71baa36a5 2665->2666 2666->2638 2668 7ff71baa43d0 _CreateFrameInfo 10 API calls 2667->2668 2669 7ff71baa3bc5 2668->2669 2669->2636 2671 7ff71baa4a01 __GSHandlerCheck_EH 2670->2671 2672 7ff71baa4a20 2671->2672 2673 7ff71baa4a09 2671->2673 2674 7ff71baa43d0 _CreateFrameInfo 10 API calls 2672->2674 2675 7ff71baa43d0 _CreateFrameInfo 10 API calls 2673->2675 2676 7ff71baa4a25 2674->2676 2683 7ff71baa4a0e 2675->2683 2678 7ff71baa43d0 _CreateFrameInfo 10 API calls 2676->2678 2676->2683 2677 7ff71baa4e99 abort 2679 7ff71baa4a30 2678->2679 2680 7ff71baa43d0 _CreateFrameInfo 10 API calls 2679->2680 2680->2683 2681 7ff71baa4def 2681->2677 2685 7ff71baa4ded 2681->2685 2765 7ff71baa4ea0 2681->2765 2682 7ff71baa4b54 __GSHandlerCheck_EH 2682->2681 2717 7ff71baa4b90 __GSHandlerCheck_EH 2682->2717 2683->2677 2683->2682 2684 7ff71baa43d0 _CreateFrameInfo 10 API calls 2683->2684 2686 7ff71baa4ac0 2684->2686 2687 7ff71baa43d0 _CreateFrameInfo 10 API calls 2685->2687 2689 7ff71baa4e37 2686->2689 2692 7ff71baa43d0 _CreateFrameInfo 10 API calls 2686->2692 2691 7ff71baa4e30 2687->2691 2688 7ff71baa4dd4 __GSHandlerCheck_EH 2688->2685 2697 7ff71baa4e81 2688->2697 2693 7ff71baa2660 __GSHandlerCheck_EH 8 API calls 2689->2693 2691->2677 2691->2689 2694 7ff71baa4ad0 2692->2694 2695 7ff71baa4e43 2693->2695 2696 7ff71baa43d0 _CreateFrameInfo 10 API calls 2694->2696 2695->2638 2698 7ff71baa4ad9 2696->2698 2699 7ff71baa43d0 _CreateFrameInfo 10 API calls 2697->2699 2729 7ff71baa3be8 2698->2729 2701 7ff71baa4e86 2699->2701 2703 7ff71baa43d0 _CreateFrameInfo 10 API calls 2701->2703 2704 7ff71baa4e8f terminate 2703->2704 2704->2677 2705 7ff71baa43d0 _CreateFrameInfo 10 API calls 2706 7ff71baa4b16 2705->2706 2706->2682 2707 7ff71baa43d0 _CreateFrameInfo 10 API calls 2706->2707 2708 7ff71baa4b22 2707->2708 2710 7ff71baa43d0 _CreateFrameInfo 10 API calls 2708->2710 2709 7ff71baa3bbc 10 API calls BuildCatchObjectHelperInternal 2709->2717 2711 7ff71baa4b2b 2710->2711 2732 7ff71baa5fd8 2711->2732 2715 7ff71baa4b3f 2739 7ff71baa60c8 2715->2739 2717->2688 2717->2709 2743 7ff71baa52d0 2717->2743 2757 7ff71baa48d0 2717->2757 2718 7ff71baa4e7b terminate 2718->2697 2720 7ff71baa4b47 std::bad_alloc::bad_alloc __GSHandlerCheck_EH 2720->2718 2721 7ff71baa3f84 Concurrency::cancel_current_task 2 API calls 2720->2721 2722 7ff71baa4e7a 2721->2722 2722->2718 2724 7ff71baa43d0 _CreateFrameInfo 10 API calls 2723->2724 2725 7ff71baa3bb1 2724->2725 2725->2641 2727 7ff71baa43d0 _CreateFrameInfo 10 API calls 2726->2727 2728 7ff71baa3bde 2727->2728 2728->2661 2730 7ff71baa43d0 _CreateFrameInfo 10 API calls 2729->2730 2731 7ff71baa3bf6 2730->2731 2731->2677 2731->2705 2733 7ff71baa60bf abort 2732->2733 2738 7ff71baa6003 2732->2738 2734 7ff71baa4b3b 2734->2682 2734->2715 2735 7ff71baa3bbc 10 API calls BuildCatchObjectHelperInternal 2735->2738 2736 7ff71baa3ba8 Is_bad_exception_allowed 10 API calls 2736->2738 2738->2734 2738->2735 2738->2736 2781 7ff71baa5190 2738->2781 2740 7ff71baa60e5 Is_bad_exception_allowed 2739->2740 2742 7ff71baa6135 2739->2742 2741 7ff71baa3ba8 10 API calls Is_bad_exception_allowed 2740->2741 2740->2742 2741->2740 2742->2720 2744 7ff71baa52fd 2743->2744 2755 7ff71baa538d 2743->2755 2745 7ff71baa3ba8 Is_bad_exception_allowed 10 API calls 2744->2745 2746 7ff71baa5306 2745->2746 2747 7ff71baa3ba8 Is_bad_exception_allowed 10 API calls 2746->2747 2748 7ff71baa531f 2746->2748 2746->2755 2747->2748 2749 7ff71baa534c 2748->2749 2750 7ff71baa3ba8 Is_bad_exception_allowed 10 API calls 2748->2750 2748->2755 2751 7ff71baa3bbc BuildCatchObjectHelperInternal 10 API calls 2749->2751 2750->2749 2752 7ff71baa5360 2751->2752 2753 7ff71baa5379 2752->2753 2754 7ff71baa3ba8 Is_bad_exception_allowed 10 API calls 2752->2754 2752->2755 2756 7ff71baa3bbc BuildCatchObjectHelperInternal 10 API calls 2753->2756 2754->2753 2755->2717 2756->2755 2759 7ff71baa490d __GSHandlerCheck_EH 2757->2759 2758 7ff71baa4933 2760 7ff71baa3ba8 Is_bad_exception_allowed 10 API calls 2758->2760 2759->2758 2795 7ff71baa480c 2759->2795 2762 7ff71baa4945 2760->2762 2804 7ff71baa3838 RtlUnwindEx 2762->2804 2766 7ff71baa4ef4 2765->2766 2767 7ff71baa5169 2765->2767 2769 7ff71baa43d0 _CreateFrameInfo 10 API calls 2766->2769 2768 7ff71baa2660 __GSHandlerCheck_EH 8 API calls 2767->2768 2770 7ff71baa5175 2768->2770 2771 7ff71baa4ef9 2769->2771 2770->2685 2772 7ff71baa4f60 __GSHandlerCheck_EH 2771->2772 2773 7ff71baa4f0e EncodePointer 2771->2773 2772->2767 2775 7ff71baa5189 abort 2772->2775 2780 7ff71baa4f82 __GSHandlerCheck_EH 2772->2780 2774 7ff71baa43d0 _CreateFrameInfo 10 API calls 2773->2774 2776 7ff71baa4f1e 2774->2776 2776->2772 2828 7ff71baa34f8 2776->2828 2778 7ff71baa3ba8 10 API calls Is_bad_exception_allowed 2778->2780 2779 7ff71baa48d0 __GSHandlerCheck_EH 21 API calls 2779->2780 2780->2767 2780->2778 2780->2779 2782 7ff71baa524c 2781->2782 2783 7ff71baa51bd 2781->2783 2782->2738 2784 7ff71baa3ba8 Is_bad_exception_allowed 10 API calls 2783->2784 2785 7ff71baa51c6 2784->2785 2785->2782 2786 7ff71baa3ba8 Is_bad_exception_allowed 10 API calls 2785->2786 2787 7ff71baa51df 2785->2787 2786->2787 2787->2782 2788 7ff71baa3ba8 Is_bad_exception_allowed 10 API calls 2787->2788 2789 7ff71baa520b 2787->2789 2788->2789 2790 7ff71baa3bbc BuildCatchObjectHelperInternal 10 API calls 2789->2790 2791 7ff71baa521f 2790->2791 2791->2782 2792 7ff71baa5238 2791->2792 2793 7ff71baa3ba8 Is_bad_exception_allowed 10 API calls 2791->2793 2794 7ff71baa3bbc BuildCatchObjectHelperInternal 10 API calls 2792->2794 2793->2792 2794->2782 2796 7ff71baa482f 2795->2796 2807 7ff71baa4608 2796->2807 2798 7ff71baa4840 2799 7ff71baa4881 __AdjustPointer 2798->2799 2801 7ff71baa4845 __AdjustPointer 2798->2801 2800 7ff71baa3bbc BuildCatchObjectHelperInternal 10 API calls 2799->2800 2803 7ff71baa4864 BuildCatchObjectHelperInternal 2799->2803 2800->2803 2802 7ff71baa3bbc BuildCatchObjectHelperInternal 10 API calls 2801->2802 2801->2803 2802->2803 2803->2758 2805 7ff71baa2660 __GSHandlerCheck_EH 8 API calls 2804->2805 2806 7ff71baa394e 2805->2806 2806->2717 2808 7ff71baa4635 2807->2808 2810 7ff71baa463e 2807->2810 2809 7ff71baa3ba8 Is_bad_exception_allowed 10 API calls 2808->2809 2809->2810 2811 7ff71baa3ba8 Is_bad_exception_allowed 10 API calls 2810->2811 2812 7ff71baa465d 2810->2812 2813 7ff71baa46c2 __AdjustPointer BuildCatchObjectHelperInternal 2810->2813 2811->2812 2812->2813 2814 7ff71baa46aa 2812->2814 2816 7ff71baa46ca 2812->2816 2813->2798 2814->2813 2818 7ff71baa47e9 abort abort 2814->2818 2815 7ff71baa474a 2815->2813 2821 7ff71baa3bbc BuildCatchObjectHelperInternal 10 API calls 2815->2821 2816->2813 2816->2815 2817 7ff71baa3bbc BuildCatchObjectHelperInternal 10 API calls 2816->2817 2817->2815 2819 7ff71baa480c 2818->2819 2820 7ff71baa4608 BuildCatchObjectHelperInternal 10 API calls 2819->2820 2822 7ff71baa4840 2820->2822 2821->2813 2823 7ff71baa4881 __AdjustPointer 2822->2823 2824 7ff71baa4845 __AdjustPointer 2822->2824 2825 7ff71baa3bbc BuildCatchObjectHelperInternal 10 API calls 2823->2825 2827 7ff71baa4864 BuildCatchObjectHelperInternal 2823->2827 2826 7ff71baa3bbc BuildCatchObjectHelperInternal 10 API calls 2824->2826 2824->2827 2825->2827 2826->2827 2827->2798 2829 7ff71baa43d0 _CreateFrameInfo 10 API calls 2828->2829 2830 7ff71baa3524 2829->2830 2830->2772 3014 7ff71baa2970 3017 7ff71baa2da0 3014->3017 3018 7ff71baa2dc3 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 3017->3018 3019 7ff71baa2979 3017->3019 3018->3019 3020 7ff71baa756f 3021 7ff71baa43d0 _CreateFrameInfo 10 API calls 3020->3021 3022 7ff71baa757d 3021->3022 3023 7ff71baa7588 3022->3023 3024 7ff71baa43d0 _CreateFrameInfo 10 API calls 3022->3024 3024->3023 3025 7ff71baa7372 3026 7ff71baa43d0 _CreateFrameInfo 10 API calls 3025->3026 3027 7ff71baa7389 3026->3027 3028 7ff71baa43d0 _CreateFrameInfo 10 API calls 3027->3028 3029 7ff71baa73a4 3028->3029 3030 7ff71baa43d0 _CreateFrameInfo 10 API calls 3029->3030 3031 7ff71baa73ad 3030->3031 3032 7ff71baa5414 __GSHandlerCheck_EH 31 API calls 3031->3032 3033 7ff71baa73f3 3032->3033 3034 7ff71baa43d0 _CreateFrameInfo 10 API calls 3033->3034 3035 7ff71baa73f8 3034->3035 3036 7ff71baa5f75 3044 7ff71baa5e35 __GSHandlerCheck_EH 3036->3044 3037 7ff71baa5f92 3038 7ff71baa43d0 _CreateFrameInfo 10 API calls 3037->3038 3039 7ff71baa5f97 3038->3039 3040 7ff71baa5fa2 3039->3040 3041 7ff71baa43d0 _CreateFrameInfo 10 API calls 3039->3041 3042 7ff71baa2660 __GSHandlerCheck_EH 8 API calls 3040->3042 3041->3040 3043 7ff71baa5fb5 3042->3043 3044->3037 3045 7ff71baa3bd0 __GSHandlerCheck_EH 10 API calls 3044->3045 3045->3044 2831 7ff71baa74a7 2834 7ff71baa5cc0 2831->2834 2839 7ff71baa5c38 2834->2839 2837 7ff71baa43d0 _CreateFrameInfo 10 API calls 2838 7ff71baa5ce0 2837->2838 2840 7ff71baa5ca3 2839->2840 2841 7ff71baa5c5a 2839->2841 2840->2837 2840->2838 2841->2840 2842 7ff71baa43d0 _CreateFrameInfo 10 API calls 2841->2842 2842->2840 2256 7ff71baa27ec 2279 7ff71baa2b8c 2256->2279 2259 7ff71baa2943 2319 7ff71baa2ecc IsProcessorFeaturePresent 2259->2319 2260 7ff71baa280d 2262 7ff71baa294d 2260->2262 2267 7ff71baa282b __scrt_release_startup_lock 2260->2267 2263 7ff71baa2ecc 7 API calls 2262->2263 2264 7ff71baa2958 2263->2264 2266 7ff71baa2960 _exit 2264->2266 2265 7ff71baa2850 2267->2265 2268 7ff71baa28d6 _get_initial_narrow_environment __p___argv __p___argc 2267->2268 2271 7ff71baa28ce _register_thread_local_exe_atexit_callback 2267->2271 2285 7ff71baa1060 2268->2285 2271->2268 2274 7ff71baa2903 2275 7ff71baa2908 _cexit 2274->2275 2276 7ff71baa290d 2274->2276 2275->2276 2315 7ff71baa2d20 2276->2315 2326 7ff71baa316c 2279->2326 2282 7ff71baa2805 2282->2259 2282->2260 2283 7ff71baa2bbb __scrt_initialize_crt 2283->2282 2328 7ff71baa404c 2283->2328 2286 7ff71baa1386 2285->2286 2310 7ff71baa10b4 2285->2310 2355 7ff71baa1450 __acrt_iob_func 2286->2355 2288 7ff71baa1399 2313 7ff71baa3020 GetModuleHandleW 2288->2313 2289 7ff71baa1289 2289->2286 2290 7ff71baa129f 2289->2290 2360 7ff71baa2688 2290->2360 2292 7ff71baa12a9 2294 7ff71baa1325 2292->2294 2295 7ff71baa12b9 GetTempPathA 2292->2295 2293 7ff71baa1125 strcmp 2293->2310 2369 7ff71baa23c0 2294->2369 2298 7ff71baa12e9 strcat_s 2295->2298 2299 7ff71baa12cb GetLastError 2295->2299 2296 7ff71baa1151 strcmp 2296->2310 2298->2294 2302 7ff71baa1304 2298->2302 2301 7ff71baa1450 6 API calls 2299->2301 2305 7ff71baa12df GetLastError 2301->2305 2306 7ff71baa1450 6 API calls 2302->2306 2303 7ff71baa1344 __acrt_iob_func fflush __acrt_iob_func fflush 2309 7ff71baa1312 2303->2309 2304 7ff71baa117d strcmp 2304->2310 2305->2309 2306->2309 2309->2288 2310->2289 2310->2293 2310->2296 2310->2304 2311 7ff71baa1226 strcmp 2310->2311 2311->2310 2312 7ff71baa1239 atoi 2311->2312 2312->2310 2314 7ff71baa28ff 2313->2314 2314->2264 2314->2274 2317 7ff71baa2d31 __scrt_initialize_crt 2315->2317 2316 7ff71baa2916 2316->2265 2317->2316 2318 7ff71baa404c __scrt_initialize_crt 7 API calls 2317->2318 2318->2316 2320 7ff71baa2ef2 2319->2320 2321 7ff71baa2f11 RtlCaptureContext RtlLookupFunctionEntry 2320->2321 2322 7ff71baa2f76 2321->2322 2323 7ff71baa2f3a RtlVirtualUnwind 2321->2323 2324 7ff71baa2fa8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 2322->2324 2323->2322 2325 7ff71baa2ffa 2324->2325 2325->2262 2327 7ff71baa2bae __scrt_dllmain_crt_thread_attach 2326->2327 2327->2282 2327->2283 2329 7ff71baa4054 2328->2329 2330 7ff71baa405e 2328->2330 2334 7ff71baa44f4 2329->2334 2330->2282 2335 7ff71baa4059 2334->2335 2336 7ff71baa4503 2334->2336 2338 7ff71baa6460 2335->2338 2342 7ff71baa6630 2336->2342 2339 7ff71baa648b 2338->2339 2340 7ff71baa648f 2339->2340 2341 7ff71baa646e DeleteCriticalSection 2339->2341 2340->2330 2341->2339 2346 7ff71baa6498 2342->2346 2347 7ff71baa65b2 TlsFree 2346->2347 2353 7ff71baa64dc 2346->2353 2348 7ff71baa650a LoadLibraryExW 2350 7ff71baa6581 2348->2350 2351 7ff71baa652b GetLastError 2348->2351 2349 7ff71baa65a1 GetProcAddress 2349->2347 2350->2349 2352 7ff71baa6598 FreeLibrary 2350->2352 2351->2353 2352->2349 2353->2347 2353->2348 2353->2349 2354 7ff71baa654d LoadLibraryExW 2353->2354 2354->2350 2354->2353 2405 7ff71baa1010 2355->2405 2357 7ff71baa148a __acrt_iob_func 2408 7ff71baa1000 2357->2408 2359 7ff71baa14a2 __stdio_common_vfprintf __acrt_iob_func fflush 2359->2288 2363 7ff71baa2690 2360->2363 2361 7ff71baa26aa malloc 2362 7ff71baa26b4 2361->2362 2361->2363 2362->2292 2363->2361 2364 7ff71baa26ba 2363->2364 2365 7ff71baa26c5 2364->2365 2410 7ff71baa2b30 2364->2410 2414 7ff71baa1720 2365->2414 2368 7ff71baa26cb 2368->2292 2370 7ff71baa2688 5 API calls 2369->2370 2371 7ff71baa23f5 OpenProcess 2370->2371 2372 7ff71baa2458 K32GetModuleBaseNameA 2371->2372 2373 7ff71baa243b GetLastError 2371->2373 2375 7ff71baa2470 GetLastError 2372->2375 2376 7ff71baa2492 2372->2376 2374 7ff71baa1450 6 API calls 2373->2374 2383 7ff71baa2453 2374->2383 2377 7ff71baa1450 6 API calls 2375->2377 2431 7ff71baa1800 2376->2431 2379 7ff71baa2484 CloseHandle 2377->2379 2379->2383 2381 7ff71baa25b3 CloseHandle 2381->2383 2382 7ff71baa24ae 2384 7ff71baa13c0 6 API calls 2382->2384 2386 7ff71baa25f3 _invalid_parameter_noinfo_noreturn 2383->2386 2387 7ff71baa25fa 2383->2387 2385 7ff71baa24cf CreateFileA 2384->2385 2388 7ff71baa250f GetLastError 2385->2388 2389 7ff71baa2543 2385->2389 2386->2387 2442 7ff71baa2660 2387->2442 2391 7ff71baa1450 6 API calls 2388->2391 2392 7ff71baa2550 MiniDumpWriteDump 2389->2392 2396 7ff71baa258a CloseHandle CloseHandle 2389->2396 2394 7ff71baa2538 CloseHandle 2391->2394 2395 7ff71baa2576 GetLastError 2392->2395 2392->2396 2394->2383 2395->2389 2397 7ff71baa258c 2395->2397 2396->2383 2399 7ff71baa1450 6 API calls 2397->2399 2399->2396 2400 7ff71baa13c0 __acrt_iob_func 2401 7ff71baa1010 fprintf __stdio_common_vfprintf 2400->2401 2402 7ff71baa13fa __acrt_iob_func 2401->2402 2501 7ff71baa1000 2402->2501 2404 7ff71baa1412 __stdio_common_vfprintf __acrt_iob_func fflush 2404->2303 2409 7ff71baa1000 2405->2409 2407 7ff71baa1036 __stdio_common_vfprintf 2407->2357 2408->2359 2409->2407 2411 7ff71baa2b3e std::bad_alloc::bad_alloc 2410->2411 2420 7ff71baa3f84 2411->2420 2413 7ff71baa2b4f 2415 7ff71baa172e Concurrency::cancel_current_task 2414->2415 2416 7ff71baa3f84 Concurrency::cancel_current_task 2 API calls 2415->2416 2417 7ff71baa173f 2416->2417 2425 7ff71baa3cc0 2417->2425 2421 7ff71baa3fc0 RtlPcToFileHeader 2420->2421 2422 7ff71baa3fa3 2420->2422 2423 7ff71baa3fd8 2421->2423 2424 7ff71baa3fe7 RaiseException 2421->2424 2422->2421 2423->2424 2424->2413 2426 7ff71baa3ce1 2425->2426 2427 7ff71baa176d 2425->2427 2426->2427 2428 7ff71baa3cf6 malloc 2426->2428 2427->2368 2429 7ff71baa3d23 free 2428->2429 2430 7ff71baa3d07 2428->2430 2429->2427 2430->2429 2432 7ff71baa1850 2431->2432 2433 7ff71baa1863 WSAStartup 2431->2433 2434 7ff71baa1450 6 API calls 2432->2434 2437 7ff71baa187f 2433->2437 2441 7ff71baa185c 2433->2441 2434->2441 2435 7ff71baa2660 __GSHandlerCheck_EH 8 API calls 2438 7ff71baa1d87 2435->2438 2436 7ff71baa1dd0 2440 7ff71baa1450 6 API calls 2436->2440 2437->2436 2437->2441 2451 7ff71baa20c0 2437->2451 2438->2381 2438->2382 2440->2441 2441->2435 2443 7ff71baa2669 2442->2443 2444 7ff71baa1334 2443->2444 2445 7ff71baa29c0 IsProcessorFeaturePresent 2443->2445 2444->2303 2444->2400 2446 7ff71baa29d8 2445->2446 2496 7ff71baa2a94 RtlCaptureContext 2446->2496 2452 7ff71baa2218 2451->2452 2454 7ff71baa20e9 2451->2454 2475 7ff71baa17e0 2452->2475 2457 7ff71baa2137 2454->2457 2458 7ff71baa216c 2454->2458 2460 7ff71baa2144 2454->2460 2456 7ff71baa221d 2459 7ff71baa1720 Concurrency::cancel_current_task 4 API calls 2456->2459 2457->2456 2457->2460 2462 7ff71baa2690 5 API calls 2458->2462 2464 7ff71baa2155 BuildCatchObjectHelperInternal 2458->2464 2463 7ff71baa2223 2459->2463 2466 7ff71baa2690 2460->2466 2461 7ff71baa21e0 _invalid_parameter_noinfo_noreturn 2465 7ff71baa21d3 BuildCatchObjectHelperInternal 2461->2465 2462->2464 2464->2461 2464->2465 2465->2437 2467 7ff71baa26aa malloc 2466->2467 2468 7ff71baa26b4 2467->2468 2469 7ff71baa269b 2467->2469 2468->2464 2469->2467 2470 7ff71baa26ba 2469->2470 2471 7ff71baa26c5 2470->2471 2472 7ff71baa2b30 Concurrency::cancel_current_task 2 API calls 2470->2472 2473 7ff71baa1720 Concurrency::cancel_current_task 4 API calls 2471->2473 2472->2471 2474 7ff71baa26cb 2473->2474 2474->2464 2488 7ff71baa34d4 2475->2488 2493 7ff71baa33f8 2488->2493 2491 7ff71baa3f84 Concurrency::cancel_current_task 2 API calls 2492 7ff71baa34f6 2491->2492 2494 7ff71baa3cc0 __std_exception_copy 2 API calls 2493->2494 2495 7ff71baa342c 2494->2495 2495->2491 2497 7ff71baa2aae RtlLookupFunctionEntry 2496->2497 2498 7ff71baa2ac4 RtlVirtualUnwind 2497->2498 2499 7ff71baa29eb 2497->2499 2498->2497 2498->2499 2500 7ff71baa2984 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2499->2500 2501->2404 2843 7ff71baa59ad 2844 7ff71baa43d0 _CreateFrameInfo 10 API calls 2843->2844 2845 7ff71baa59ba 2844->2845 2846 7ff71baa43d0 _CreateFrameInfo 10 API calls 2845->2846 2848 7ff71baa59c3 __GSHandlerCheck_EH 2846->2848 2847 7ff71baa5a0a RaiseException 2849 7ff71baa5a29 2847->2849 2848->2847 2850 7ff71baa3b54 11 API calls 2849->2850 2853 7ff71baa5a31 2850->2853 2851 7ff71baa43d0 _CreateFrameInfo 10 API calls 2852 7ff71baa5a6d 2851->2852 2854 7ff71baa43d0 _CreateFrameInfo 10 API calls 2852->2854 2856 7ff71baa4104 10 API calls 2853->2856 2858 7ff71baa5a5a __GSHandlerCheck_EH 2853->2858 2855 7ff71baa5a76 2854->2855 2857 7ff71baa43d0 _CreateFrameInfo 10 API calls 2855->2857 2856->2858 2859 7ff71baa5a7f 2857->2859 2858->2851 2860 7ff71baa43d0 _CreateFrameInfo 10 API calls 2859->2860 2861 7ff71baa5a8e 2860->2861 3046 7ff71baa1ce0 3047 7ff71baa2688 5 API calls 3046->3047 3048 7ff71baa1cea gethostname 3047->3048 3049 7ff71baa1d08 3048->3049 3050 7ff71baa1da9 WSAGetLastError 3048->3050 3053 7ff71baa2040 22 API calls 3049->3053 3051 7ff71baa1450 6 API calls 3050->3051 3052 7ff71baa1d76 3051->3052 3054 7ff71baa2660 __GSHandlerCheck_EH 8 API calls 3052->3054 3056 7ff71baa18a0 3053->3056 3055 7ff71baa1d87 3054->3055 3056->3052 3057 7ff71baa1dd0 3056->3057 3058 7ff71baa20c0 21 API calls 3056->3058 3059 7ff71baa1450 6 API calls 3057->3059 3058->3056 3059->3052 3060 7ff71baa5860 3061 7ff71baa43d0 _CreateFrameInfo 10 API calls 3060->3061 3062 7ff71baa58ad 3061->3062 3063 7ff71baa43d0 _CreateFrameInfo 10 API calls 3062->3063 3064 7ff71baa58bb __except_validate_context_record 3063->3064 3065 7ff71baa43d0 _CreateFrameInfo 10 API calls 3064->3065 3066 7ff71baa5914 3065->3066 3067 7ff71baa43d0 _CreateFrameInfo 10 API calls 3066->3067 3068 7ff71baa591d 3067->3068 3069 7ff71baa43d0 _CreateFrameInfo 10 API calls 3068->3069 3070 7ff71baa5926 3069->3070 3089 7ff71baa3b18 3070->3089 3073 7ff71baa43d0 _CreateFrameInfo 10 API calls 3074 7ff71baa5959 3073->3074 3075 7ff71baa5aa9 abort 3074->3075 3076 7ff71baa5991 3074->3076 3077 7ff71baa3b54 11 API calls 3076->3077 3081 7ff71baa5a31 3077->3081 3078 7ff71baa5a5a __GSHandlerCheck_EH 3079 7ff71baa43d0 _CreateFrameInfo 10 API calls 3078->3079 3080 7ff71baa5a6d 3079->3080 3082 7ff71baa43d0 _CreateFrameInfo 10 API calls 3080->3082 3081->3078 3084 7ff71baa4104 10 API calls 3081->3084 3083 7ff71baa5a76 3082->3083 3085 7ff71baa43d0 _CreateFrameInfo 10 API calls 3083->3085 3084->3078 3086 7ff71baa5a7f 3085->3086 3087 7ff71baa43d0 _CreateFrameInfo 10 API calls 3086->3087 3088 7ff71baa5a8e 3087->3088 3090 7ff71baa43d0 _CreateFrameInfo 10 API calls 3089->3090 3091 7ff71baa3b29 3090->3091 3092 7ff71baa3b34 3091->3092 3093 7ff71baa43d0 _CreateFrameInfo 10 API calls 3091->3093 3094 7ff71baa43d0 _CreateFrameInfo 10 API calls 3092->3094 3093->3092 3095 7ff71baa3b45 3094->3095 3095->3073 3095->3074 3096 7ff71baa7260 3097 7ff71baa7280 3096->3097 3098 7ff71baa7273 3096->3098 3099 7ff71baa1e80 _invalid_parameter_noinfo_noreturn 3098->3099 3099->3097 3103 7ff71baa195f 3104 7ff71baa196d 3103->3104 3104->3104 3105 7ff71baa1a23 3104->3105 3106 7ff71baa1ee0 22 API calls 3104->3106 3107 7ff71baa2230 22 API calls 3105->3107 3108 7ff71baa1a67 BuildCatchObjectHelperInternal 3105->3108 3106->3105 3107->3108 3109 7ff71baa1da2 _invalid_parameter_noinfo_noreturn 3108->3109 3111 7ff71baa18a0 3108->3111 3110 7ff71baa1da9 WSAGetLastError 3109->3110 3112 7ff71baa1450 6 API calls 3110->3112 3113 7ff71baa1dd0 3111->3113 3115 7ff71baa1d76 3111->3115 3116 7ff71baa20c0 21 API calls 3111->3116 3112->3115 3118 7ff71baa1450 6 API calls 3113->3118 3114 7ff71baa2660 __GSHandlerCheck_EH 8 API calls 3117 7ff71baa1d87 3114->3117 3115->3114 3116->3111 3118->3115 2865 7ff71baa4024 2872 7ff71baa642c 2865->2872 2870 7ff71baa4031 2884 7ff71baa6714 2872->2884 2875 7ff71baa402d 2875->2870 2877 7ff71baa44ac 2875->2877 2876 7ff71baa6460 __vcrt_uninitialize_locks DeleteCriticalSection 2876->2875 2889 7ff71baa65e8 2877->2889 2885 7ff71baa6498 __vcrt_InitializeCriticalSectionEx 5 API calls 2884->2885 2886 7ff71baa674a 2885->2886 2887 7ff71baa675f InitializeCriticalSectionAndSpinCount 2886->2887 2888 7ff71baa6444 2886->2888 2887->2888 2888->2875 2888->2876 2890 7ff71baa6498 __vcrt_InitializeCriticalSectionEx 5 API calls 2889->2890 2891 7ff71baa660d TlsAlloc 2890->2891 2893 7ff71baa1b18 _time64 2894 7ff71baa1b34 2893->2894 2894->2894 2895 7ff71baa1bf1 2894->2895 2909 7ff71baa1ee0 2894->2909 2897 7ff71baa2230 22 API calls 2895->2897 2898 7ff71baa1c34 BuildCatchObjectHelperInternal 2895->2898 2897->2898 2899 7ff71baa1da2 _invalid_parameter_noinfo_noreturn 2898->2899 2901 7ff71baa18a0 2898->2901 2900 7ff71baa1da9 WSAGetLastError 2899->2900 2902 7ff71baa1450 6 API calls 2900->2902 2903 7ff71baa1dd0 2901->2903 2905 7ff71baa1d76 2901->2905 2906 7ff71baa20c0 21 API calls 2901->2906 2902->2905 2908 7ff71baa1450 6 API calls 2903->2908 2904 7ff71baa2660 __GSHandlerCheck_EH 8 API calls 2907 7ff71baa1d87 2904->2907 2905->2904 2906->2901 2908->2905 2911 7ff71baa1f25 2909->2911 2922 7ff71baa1f04 BuildCatchObjectHelperInternal 2909->2922 2910 7ff71baa2031 2912 7ff71baa17e0 21 API calls 2910->2912 2911->2910 2913 7ff71baa1f74 2911->2913 2916 7ff71baa1fa9 2911->2916 2914 7ff71baa2036 2912->2914 2913->2914 2915 7ff71baa2690 5 API calls 2913->2915 2917 7ff71baa1720 Concurrency::cancel_current_task 4 API calls 2914->2917 2921 7ff71baa1f92 BuildCatchObjectHelperInternal 2915->2921 2919 7ff71baa2690 5 API calls 2916->2919 2916->2921 2920 7ff71baa203c 2917->2920 2918 7ff71baa202a _invalid_parameter_noinfo_noreturn 2918->2910 2919->2921 2921->2918 2921->2922 2922->2895 2923 7ff71baa191a 2924 7ff71baa194d 2923->2924 2926 7ff71baa18a0 2923->2926 2925 7ff71baa20c0 21 API calls 2924->2925 2925->2926 2927 7ff71baa1dd0 2926->2927 2929 7ff71baa20c0 21 API calls 2926->2929 2932 7ff71baa1d76 2926->2932 2931 7ff71baa1450 6 API calls 2927->2931 2928 7ff71baa2660 __GSHandlerCheck_EH 8 API calls 2930 7ff71baa1d87 2928->2930 2929->2926 2931->2932 2932->2928 2933 7ff71baa291a 2934 7ff71baa3020 __scrt_is_managed_app GetModuleHandleW 2933->2934 2935 7ff71baa2921 2934->2935 2936 7ff71baa2960 _exit 2935->2936 2937 7ff71baa2925 2935->2937 3119 7ff71baa7559 3122 7ff71baa4158 3119->3122 3123 7ff71baa4170 3122->3123 3124 7ff71baa4182 3122->3124 3123->3124 3125 7ff71baa4178 3123->3125 3126 7ff71baa43d0 _CreateFrameInfo 10 API calls 3124->3126 3128 7ff71baa43d0 _CreateFrameInfo 10 API calls 3125->3128 3131 7ff71baa4180 3125->3131 3127 7ff71baa4187 3126->3127 3129 7ff71baa43d0 _CreateFrameInfo 10 API calls 3127->3129 3127->3131 3130 7ff71baa41a7 3128->3130 3129->3131 3132 7ff71baa43d0 _CreateFrameInfo 10 API calls 3130->3132 3133 7ff71baa41b4 terminate 3132->3133

                                                                                    Executed Functions

                                                                                    Function 00007FF71BAA1060 Relevance: 65.0, APIs: 13, Strings: 24, Instructions: 214stringCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 0 7ff71baa1060-7ff71baa10ae 1 7ff71baa10b4-7ff71baa10c6 0->1 2 7ff71baa1386-7ff71baa1394 call 7ff71baa1450 0->2 3 7ff71baa10d0-7ff71baa10d6 1->3 7 7ff71baa1399 2->7 5 7ff71baa127f-7ff71baa1283 3->5 6 7ff71baa10dc-7ff71baa10df 3->6 5->3 9 7ff71baa1289-7ff71baa1299 5->9 10 7ff71baa10e1-7ff71baa10e5 6->10 11 7ff71baa10ed 6->11 8 7ff71baa139e-7ff71baa13b7 7->8 9->2 12 7ff71baa129f-7ff71baa12b7 call 7ff71baa2688 9->12 10->11 13 7ff71baa10e7-7ff71baa10eb 10->13 14 7ff71baa10f0-7ff71baa10fc 11->14 26 7ff71baa132a-7ff71baa1336 call 7ff71baa23c0 12->26 27 7ff71baa12b9-7ff71baa12c9 GetTempPathA 12->27 13->11 16 7ff71baa1104-7ff71baa110b 13->16 17 7ff71baa1110-7ff71baa1113 14->17 18 7ff71baa10fe-7ff71baa1102 14->18 20 7ff71baa127b 16->20 21 7ff71baa1125-7ff71baa1136 strcmp 17->21 22 7ff71baa1115-7ff71baa1119 17->22 18->14 18->16 20->5 24 7ff71baa1267-7ff71baa126e 21->24 25 7ff71baa113c-7ff71baa113f 21->25 22->21 23 7ff71baa111b-7ff71baa111f 22->23 23->21 23->24 28 7ff71baa1276 24->28 29 7ff71baa1151-7ff71baa1162 strcmp 25->29 30 7ff71baa1141-7ff71baa1145 25->30 41 7ff71baa1346 26->41 42 7ff71baa1338-7ff71baa1344 call 7ff71baa13c0 26->42 32 7ff71baa12e9-7ff71baa1302 strcat_s 27->32 33 7ff71baa12cb-7ff71baa12e7 GetLastError call 7ff71baa1450 GetLastError 27->33 28->20 36 7ff71baa1258-7ff71baa1265 29->36 37 7ff71baa1168-7ff71baa116b 29->37 30->29 34 7ff71baa1147-7ff71baa114b 30->34 39 7ff71baa1304-7ff71baa1312 call 7ff71baa1450 32->39 40 7ff71baa1325 32->40 52 7ff71baa1313-7ff71baa1323 call 7ff71baa2680 33->52 34->29 34->36 36->20 43 7ff71baa117d-7ff71baa118e strcmp 37->43 44 7ff71baa116d-7ff71baa1171 37->44 39->52 40->26 49 7ff71baa134b-7ff71baa1384 __acrt_iob_func fflush __acrt_iob_func fflush call 7ff71baa2680 41->49 42->49 50 7ff71baa1194-7ff71baa1197 43->50 51 7ff71baa1247-7ff71baa1256 43->51 44->43 48 7ff71baa1173-7ff71baa1177 44->48 48->43 48->51 49->8 57 7ff71baa11a5-7ff71baa11af 50->57 58 7ff71baa1199-7ff71baa119d 50->58 51->28 52->8 62 7ff71baa11b0-7ff71baa11bb 57->62 58->57 61 7ff71baa119f-7ff71baa11a3 58->61 61->57 63 7ff71baa11c3-7ff71baa11d2 61->63 64 7ff71baa11d7-7ff71baa11da 62->64 65 7ff71baa11bd-7ff71baa11c1 62->65 63->28 66 7ff71baa11ec-7ff71baa11f6 64->66 67 7ff71baa11dc-7ff71baa11e0 64->67 65->62 65->63 69 7ff71baa1200-7ff71baa120b 66->69 67->66 68 7ff71baa11e2-7ff71baa11e6 67->68 68->20 68->66 70 7ff71baa1215-7ff71baa1218 69->70 71 7ff71baa120d-7ff71baa1211 69->71 73 7ff71baa1226-7ff71baa1237 strcmp 70->73 74 7ff71baa121a-7ff71baa121e 70->74 71->69 72 7ff71baa1213 71->72 72->20 73->20 76 7ff71baa1239-7ff71baa1245 atoi 73->76 74->73 75 7ff71baa1220-7ff71baa1224 74->75 75->20 75->73 76->20
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.2294672268.00007FF71BAA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71BAA0000, based on PE: true
                                                                                    • Associated: 00000008.00000002.2294648219.00007FF71BAA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294728339.00007FF71BAAC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294753149.00007FF71BAAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_7ff71baa0000_createdump.jbxd
                                                                                    Similarity
                                                                                    • API ID: strcmp$ErrorLast__acrt_iob_funcfflush$PathTempatoistrcat_s
                                                                                    • String ID: -$-$-$-$-$-$-$--diag$--full$--name$--normal$--triage$--verbose$--withheap$Dump successfully written$GetTempPath failed (0x%08x)$createdump [options] pid-f, --name - dump path and file name. The default is '%TEMP%\dump.%p.dmp'. These specifiers are substituted with following values: %p PID of dumped process. %e The process executable filename. %h Hostname return by gethostn$dump.%p.dmp$full dump$minidump$minidump with heap$strcat_s failed (%d)$triage minidump$v
                                                                                    • API String ID: 2647627392-2367407095
                                                                                    • Opcode ID: 3e8843d71ddd811f5735ae345386871f6517bdd5673e2455e3aa9b185965a2cd
                                                                                    • Instruction ID: e9c01a7ce219a020f3db00d408769b56a5a66af3f7ae188c79280e7fcc60ed2d
                                                                                    • Opcode Fuzzy Hash: 3e8843d71ddd811f5735ae345386871f6517bdd5673e2455e3aa9b185965a2cd
                                                                                    • Instruction Fuzzy Hash: D3A16451D0CE8265FB61AF399410A79EAA4AB46FB4FC46335C94E065B5DE3CF44C83B0
                                                                                    Function 00007FF71BAA27EC Relevance: 13.6, APIs: 9, Instructions: 102COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.2294672268.00007FF71BAA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71BAA0000, based on PE: true
                                                                                    • Associated: 00000008.00000002.2294648219.00007FF71BAA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294728339.00007FF71BAAC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294753149.00007FF71BAAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_7ff71baa0000_createdump.jbxd
                                                                                    Similarity
                                                                                    • API ID: __p___argc__p___argv__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock_cexit_exit_get_initial_narrow_environment_register_thread_local_exe_atexit_callback
                                                                                    • String ID:
                                                                                    • API String ID: 2308368977-0
                                                                                    • Opcode ID: 5a9b20bb9eaae0def914decdfc47a4fcc48693c8541f2657ef11ecffac799aa6
                                                                                    • Instruction ID: 54e8fbf9333a7a78247788031cc053e69bda869134567d90cb0fdb53f608504a
                                                                                    • Opcode Fuzzy Hash: 5a9b20bb9eaae0def914decdfc47a4fcc48693c8541f2657ef11ecffac799aa6
                                                                                    • Instruction Fuzzy Hash: 58310B21E0CB1641FA14BB399451BB9D291AF45FA4FC47239E90D072B7DE6CE85C82F0
                                                                                    Function 00007FF71BAA1450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 34COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.2294672268.00007FF71BAA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71BAA0000, based on PE: true
                                                                                    • Associated: 00000008.00000002.2294648219.00007FF71BAA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294728339.00007FF71BAAC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294753149.00007FF71BAAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_7ff71baa0000_createdump.jbxd
                                                                                    Similarity
                                                                                    • API ID: __acrt_iob_func$__stdio_common_vfprintf$fflushfprintf
                                                                                    • String ID: [createdump]
                                                                                    • API String ID: 3735572767-2657508301
                                                                                    • Opcode ID: f7b41b5d75985a22341ebafe60962d777547180dfe076665e84a48d8af4ee52e
                                                                                    • Instruction ID: 75569e7231c1830acc4a4ea9127d985adde12519591a923ce2b35b674fd471a1
                                                                                    • Opcode Fuzzy Hash: f7b41b5d75985a22341ebafe60962d777547180dfe076665e84a48d8af4ee52e
                                                                                    • Instruction Fuzzy Hash: 1A018F25A08F4192E600AB65F81597AE364EF84FE0F805238DA9E03775CF3CD46DC3A0

                                                                                    Non-executed Functions

                                                                                    Function 00007FF71BAA2ECC Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.2294672268.00007FF71BAA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71BAA0000, based on PE: true
                                                                                    • Associated: 00000008.00000002.2294648219.00007FF71BAA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294728339.00007FF71BAAC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294753149.00007FF71BAAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_7ff71baa0000_createdump.jbxd
                                                                                    Similarity
                                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 3140674995-0
                                                                                    • Opcode ID: 92083fc3b2590fb7f42fdf2bff26a09e0be32edceb9cda99800bf26d983c5eac
                                                                                    • Instruction ID: 5eae15f94dd2063a55d66c392e056557a3bf4c54d3302ce309342b74925e1ca2
                                                                                    • Opcode Fuzzy Hash: 92083fc3b2590fb7f42fdf2bff26a09e0be32edceb9cda99800bf26d983c5eac
                                                                                    • Instruction Fuzzy Hash: 5E316F72609F8196EB609F74E8407EEB361FB84B54F80513ADA4E57AA4EF38C54CC760
                                                                                    Function 00007FF71BAA23C0 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 157COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    • OpenProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF71BAA242D
                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF71BAA243B
                                                                                      • Part of subcall function 00007FF71BAA1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF71BAA1475
                                                                                      • Part of subcall function 00007FF71BAA1450: fprintf.MSPDB140-MSVCRT ref: 00007FF71BAA1485
                                                                                      • Part of subcall function 00007FF71BAA1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF71BAA1494
                                                                                      • Part of subcall function 00007FF71BAA1450: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF71BAA14B3
                                                                                      • Part of subcall function 00007FF71BAA1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF71BAA14BE
                                                                                      • Part of subcall function 00007FF71BAA1450: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF71BAA14C7
                                                                                    • K32GetModuleBaseNameA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF71BAA2466
                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF71BAA2470
                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF71BAA2487
                                                                                    • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF71BAA25F3
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.2294672268.00007FF71BAA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71BAA0000, based on PE: true
                                                                                    • Associated: 00000008.00000002.2294648219.00007FF71BAA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294728339.00007FF71BAAC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294753149.00007FF71BAAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_7ff71baa0000_createdump.jbxd
                                                                                    Similarity
                                                                                    • API ID: __acrt_iob_func$ErrorLast$BaseCloseHandleModuleNameOpenProcess__stdio_common_vfprintf_invalid_parameter_noinfo_noreturnfflushfprintf
                                                                                    • String ID: Get process name FAILED %d$Invalid dump path '%s' error %d$Invalid process id '%d' error %d$Write dump FAILED 0x%08x$Writing %s to file %s
                                                                                    • API String ID: 3971781330-1292085346
                                                                                    • Opcode ID: 8ec448eeb6e8f02312a1538d84a3c8dfc991fc7cafdc13e8cd0ded943aea62a7
                                                                                    • Instruction ID: 997cc46394fd366d3c93712a78d3e61564f32426c9eda9a4936d264d6db9648f
                                                                                    • Opcode Fuzzy Hash: 8ec448eeb6e8f02312a1538d84a3c8dfc991fc7cafdc13e8cd0ded943aea62a7
                                                                                    • Instruction Fuzzy Hash: 59616731A08F4291E610AB29E450A7AE761FB45FB4F901234DA9E03AB5DF3DE459C7B0
                                                                                    Function 00007FF71BAA49A4 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 316COMMONLIBRARYCODE
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 177 7ff71baa49a4-7ff71baa4a07 call 7ff71baa4518 180 7ff71baa4a20-7ff71baa4a29 call 7ff71baa43d0 177->180 181 7ff71baa4a09-7ff71baa4a12 call 7ff71baa43d0 177->181 186 7ff71baa4a3f-7ff71baa4a42 180->186 187 7ff71baa4a2b-7ff71baa4a38 call 7ff71baa43d0 * 2 180->187 188 7ff71baa4a18-7ff71baa4a1e 181->188 189 7ff71baa4e99-7ff71baa4e9f abort 181->189 186->189 191 7ff71baa4a48-7ff71baa4a54 186->191 187->186 188->186 193 7ff71baa4a7f 191->193 194 7ff71baa4a56-7ff71baa4a7d 191->194 196 7ff71baa4a81-7ff71baa4a83 193->196 194->196 196->189 198 7ff71baa4a89-7ff71baa4a8f 196->198 199 7ff71baa4a95-7ff71baa4a99 198->199 200 7ff71baa4b59-7ff71baa4b6f call 7ff71baa5724 198->200 199->200 202 7ff71baa4a9f-7ff71baa4aaa 199->202 205 7ff71baa4def-7ff71baa4df3 200->205 206 7ff71baa4b75-7ff71baa4b79 200->206 202->200 203 7ff71baa4ab0-7ff71baa4ab5 202->203 203->200 207 7ff71baa4abb-7ff71baa4ac5 call 7ff71baa43d0 203->207 210 7ff71baa4df5-7ff71baa4dfc 205->210 211 7ff71baa4e2b-7ff71baa4e35 call 7ff71baa43d0 205->211 206->205 208 7ff71baa4b7f-7ff71baa4b8a 206->208 218 7ff71baa4e37-7ff71baa4e56 call 7ff71baa2660 207->218 219 7ff71baa4acb-7ff71baa4af1 call 7ff71baa43d0 * 2 call 7ff71baa3be8 207->219 208->205 212 7ff71baa4b90-7ff71baa4b94 208->212 210->189 214 7ff71baa4e02-7ff71baa4e26 call 7ff71baa4ea0 210->214 211->189 211->218 216 7ff71baa4dd4-7ff71baa4dd8 212->216 217 7ff71baa4b9a-7ff71baa4bd1 call 7ff71baa36d0 212->217 214->211 216->211 222 7ff71baa4dda-7ff71baa4de7 call 7ff71baa3670 216->222 217->216 231 7ff71baa4bd7-7ff71baa4be2 217->231 246 7ff71baa4b11-7ff71baa4b1b call 7ff71baa43d0 219->246 247 7ff71baa4af3-7ff71baa4af7 219->247 233 7ff71baa4e81-7ff71baa4e98 call 7ff71baa43d0 * 2 terminate 222->233 234 7ff71baa4ded 222->234 235 7ff71baa4be6-7ff71baa4bf6 231->235 233->189 234->211 238 7ff71baa4d2f-7ff71baa4dce 235->238 239 7ff71baa4bfc-7ff71baa4c02 235->239 238->216 238->235 239->238 242 7ff71baa4c08-7ff71baa4c31 call 7ff71baa56a8 239->242 242->238 253 7ff71baa4c37-7ff71baa4c7e call 7ff71baa3bbc * 2 242->253 246->200 255 7ff71baa4b1d-7ff71baa4b3d call 7ff71baa43d0 * 2 call 7ff71baa5fd8 246->255 247->246 250 7ff71baa4af9-7ff71baa4b04 247->250 250->246 254 7ff71baa4b06-7ff71baa4b0b 250->254 263 7ff71baa4c80-7ff71baa4ca5 call 7ff71baa3bbc call 7ff71baa52d0 253->263 264 7ff71baa4cba-7ff71baa4cd0 call 7ff71baa5ab0 253->264 254->189 254->246 273 7ff71baa4b3f-7ff71baa4b49 call 7ff71baa60c8 255->273 274 7ff71baa4b54 255->274 279 7ff71baa4cd7-7ff71baa4d26 call 7ff71baa48d0 263->279 280 7ff71baa4ca7-7ff71baa4cb3 263->280 275 7ff71baa4cd2 264->275 276 7ff71baa4d2b 264->276 283 7ff71baa4b4f-7ff71baa4e7a call 7ff71baa4090 call 7ff71baa5838 call 7ff71baa3f84 273->283 284 7ff71baa4e7b-7ff71baa4e80 terminate 273->284 274->200 275->253 276->238 279->276 280->263 282 7ff71baa4cb5 280->282 282->264 283->284 284->233
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.2294672268.00007FF71BAA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71BAA0000, based on PE: true
                                                                                    • Associated: 00000008.00000002.2294648219.00007FF71BAA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294728339.00007FF71BAAC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294753149.00007FF71BAAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_7ff71baa0000_createdump.jbxd
                                                                                    Similarity
                                                                                    • API ID: terminate$Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
                                                                                    • String ID: csm$csm$csm
                                                                                    • API String ID: 695522112-393685449
                                                                                    • Opcode ID: b33eca4017884e99d2f222704934a1d2e619e74398d1b95ed41b8d3f9756be10
                                                                                    • Instruction ID: 57d88fb02f4208f90b66e8beb4b7a27f1e9b7392259dbc722638f1ecb5fe78aa
                                                                                    • Opcode Fuzzy Hash: b33eca4017884e99d2f222704934a1d2e619e74398d1b95ed41b8d3f9756be10
                                                                                    • Instruction Fuzzy Hash: A1E1B832908E8289E710AF39D4407ADB7A0FB44F68F545235EA8D477A5DF38E549C7B0
                                                                                    Function 00007FF71BAA13C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 34COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.2294672268.00007FF71BAA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71BAA0000, based on PE: true
                                                                                    • Associated: 00000008.00000002.2294648219.00007FF71BAA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294728339.00007FF71BAAC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294753149.00007FF71BAAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_7ff71baa0000_createdump.jbxd
                                                                                    Similarity
                                                                                    • API ID: __acrt_iob_func$__stdio_common_vfprintf$fflushfprintf
                                                                                    • String ID: [createdump]
                                                                                    • API String ID: 3735572767-2657508301
                                                                                    • Opcode ID: 5b675bc39e039bc525fd467c26ca74d7b5bd1981a0b88a155956b168aee24ed4
                                                                                    • Instruction ID: 054b5ddde1448e8a06055ae56fadfe6db6f29acf2e8cd2b6ac8a62e6068f6ca3
                                                                                    • Opcode Fuzzy Hash: 5b675bc39e039bc525fd467c26ca74d7b5bd1981a0b88a155956b168aee24ed4
                                                                                    • Instruction Fuzzy Hash: 98012C35A08F4192E600AB65F8149AAF360EB95FE1F805235DA9D037758F7CD4ADC7A0
                                                                                    Function 00007FF71BAA1800 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 92networkCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    • WSAStartup.WS2_32 ref: 00007FF71BAA186C
                                                                                      • Part of subcall function 00007FF71BAA1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF71BAA1475
                                                                                      • Part of subcall function 00007FF71BAA1450: fprintf.MSPDB140-MSVCRT ref: 00007FF71BAA1485
                                                                                      • Part of subcall function 00007FF71BAA1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF71BAA1494
                                                                                      • Part of subcall function 00007FF71BAA1450: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF71BAA14B3
                                                                                      • Part of subcall function 00007FF71BAA1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF71BAA14BE
                                                                                      • Part of subcall function 00007FF71BAA1450: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF71BAA14C7
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.2294672268.00007FF71BAA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71BAA0000, based on PE: true
                                                                                    • Associated: 00000008.00000002.2294648219.00007FF71BAA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294728339.00007FF71BAAC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294753149.00007FF71BAAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_7ff71baa0000_createdump.jbxd
                                                                                    Similarity
                                                                                    • API ID: __acrt_iob_func$Startup__stdio_common_vfprintffflushfprintf
                                                                                    • String ID: %%%%%%%%$%%%%%%%%$--name$Invalid dump name format char '%c'$Pipe syntax in dump name not supported
                                                                                    • API String ID: 3378602911-3973674938
                                                                                    • Opcode ID: 6d691e12a95190b73438bc01f861d361a60469c0dc3d28550e2b0afd423a51ff
                                                                                    • Instruction ID: 3c3f28b663d7a0ed2efa17f16d0dba97ed42e44fbad38891d23eadaeca332bfe
                                                                                    • Opcode Fuzzy Hash: 6d691e12a95190b73438bc01f861d361a60469c0dc3d28550e2b0afd423a51ff
                                                                                    • Instruction Fuzzy Hash: C831F962E08E8166E7559F2E9854BF9A751BB4ABE4FC41236DD4D033A1CE3CE049C370
                                                                                    Function 00007FF71BAA6498 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    • LoadLibraryExW.KERNEL32(00000000,?,00000000,00007FF71BAA669F,?,?,?,00007FF71BAA441E,?,?,?,00007FF71BAA43D9), ref: 00007FF71BAA651D
                                                                                    • GetLastError.KERNEL32(?,00000000,00007FF71BAA669F,?,?,?,00007FF71BAA441E,?,?,?,00007FF71BAA43D9,?,?,?,?,00007FF71BAA3524), ref: 00007FF71BAA652B
                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00007FF71BAA669F,?,?,?,00007FF71BAA441E,?,?,?,00007FF71BAA43D9,?,?,?,?,00007FF71BAA3524), ref: 00007FF71BAA6555
                                                                                    • FreeLibrary.KERNEL32(?,00000000,00007FF71BAA669F,?,?,?,00007FF71BAA441E,?,?,?,00007FF71BAA43D9,?,?,?,?,00007FF71BAA3524), ref: 00007FF71BAA659B
                                                                                    • GetProcAddress.KERNEL32(?,00000000,00007FF71BAA669F,?,?,?,00007FF71BAA441E,?,?,?,00007FF71BAA43D9,?,?,?,?,00007FF71BAA3524), ref: 00007FF71BAA65A7
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.2294672268.00007FF71BAA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71BAA0000, based on PE: true
                                                                                    • Associated: 00000008.00000002.2294648219.00007FF71BAA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294728339.00007FF71BAAC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294753149.00007FF71BAAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_7ff71baa0000_createdump.jbxd
                                                                                    Similarity
                                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                    • String ID: api-ms-
                                                                                    • API String ID: 2559590344-2084034818
                                                                                    • Opcode ID: 91eaabdab86b5d7484fb536d38c8d26551698fbc6984510a5f5d6d43d06b7795
                                                                                    • Instruction ID: 29a44bb979c48ee8b5551248491109b8cda6128438a20507aa87f188d51464d5
                                                                                    • Opcode Fuzzy Hash: 91eaabdab86b5d7484fb536d38c8d26551698fbc6984510a5f5d6d43d06b7795
                                                                                    • Instruction Fuzzy Hash: 7031B321A09E4291EE61BB2D9800975A294FF88F70F996735ED1D467A4DF3CE04887B0
                                                                                    Function 00007FF71BAA1B18 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 149COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 360 7ff71baa1b18-7ff71baa1b32 _time64 361 7ff71baa1b80-7ff71baa1ba8 360->361 362 7ff71baa1b34-7ff71baa1b37 360->362 361->361 363 7ff71baa1baa-7ff71baa1bd8 361->363 364 7ff71baa1b40-7ff71baa1b68 362->364 365 7ff71baa1bfa-7ff71baa1c32 363->365 366 7ff71baa1bda-7ff71baa1bf5 call 7ff71baa1ee0 363->366 364->364 367 7ff71baa1b6a-7ff71baa1b71 364->367 369 7ff71baa1c64-7ff71baa1c78 call 7ff71baa2230 365->369 370 7ff71baa1c34-7ff71baa1c43 365->370 366->365 367->363 378 7ff71baa1c7d-7ff71baa1c88 369->378 372 7ff71baa1c45 370->372 373 7ff71baa1c48-7ff71baa1c62 call 7ff71baa68c0 370->373 372->373 373->378 379 7ff71baa1c8a-7ff71baa1c98 378->379 380 7ff71baa1cbb-7ff71baa1cde 378->380 382 7ff71baa1cb3-7ff71baa1cb6 call 7ff71baa2680 379->382 383 7ff71baa1c9a-7ff71baa1cad 379->383 381 7ff71baa1d55-7ff71baa1d70 380->381 388 7ff71baa18a0-7ff71baa18a3 381->388 389 7ff71baa1d76 381->389 382->380 383->382 384 7ff71baa1da2-7ff71baa1dce _invalid_parameter_noinfo_noreturn WSAGetLastError call 7ff71baa1450 call 7ff71baa2680 383->384 390 7ff71baa1d78-7ff71baa1da1 call 7ff71baa2660 384->390 392 7ff71baa18f3-7ff71baa18fe 388->392 393 7ff71baa18a5-7ff71baa18b7 388->393 389->390 394 7ff71baa1dd0-7ff71baa1dde call 7ff71baa1450 392->394 395 7ff71baa1904-7ff71baa1915 392->395 398 7ff71baa18e2-7ff71baa18ee call 7ff71baa20c0 393->398 399 7ff71baa18b9-7ff71baa18c8 393->399 394->390 395->381 398->381 404 7ff71baa18ca 399->404 405 7ff71baa18cd-7ff71baa18dd 399->405 404->405 405->381
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.2294672268.00007FF71BAA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71BAA0000, based on PE: true
                                                                                    • Associated: 00000008.00000002.2294648219.00007FF71BAA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294728339.00007FF71BAAC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294753149.00007FF71BAAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_7ff71baa0000_createdump.jbxd
                                                                                    Similarity
                                                                                    • API ID: _time64
                                                                                    • String ID: %%%%%%%%$Could not get the host name for dump name: %d
                                                                                    • API String ID: 1670930206-4114407318
                                                                                    • Opcode ID: 30f253d6cb86930f70187238c9af70fef4a32202514a54efb800f102df6d23dc
                                                                                    • Instruction ID: f5fbdbebfd1cbe7803b8af662876d6a238a994ddc5c62194ff957a17d6bba612
                                                                                    • Opcode Fuzzy Hash: 30f253d6cb86930f70187238c9af70fef4a32202514a54efb800f102df6d23dc
                                                                                    • Instruction Fuzzy Hash: FB51F462A18F8156EB009F3DD450BA9A7A4EB46BE0F801235DA5D13BF5DF3CE049D3A0
                                                                                    Function 00007FF71BAA4EA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.2294672268.00007FF71BAA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71BAA0000, based on PE: true
                                                                                    • Associated: 00000008.00000002.2294648219.00007FF71BAA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294728339.00007FF71BAAC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294753149.00007FF71BAAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_7ff71baa0000_createdump.jbxd
                                                                                    Similarity
                                                                                    • API ID: EncodePointerabort
                                                                                    • String ID: MOC$RCC
                                                                                    • API String ID: 1188231555-2084237596
                                                                                    • Opcode ID: 97abe66515cb1414aeefc8003222462485e27fa84eefc4111ad6d0138f6fd2ea
                                                                                    • Instruction ID: 89c7fbe0ef21c723264d638463366193139488a6dabbb07f416ccbf25d1af509
                                                                                    • Opcode Fuzzy Hash: 97abe66515cb1414aeefc8003222462485e27fa84eefc4111ad6d0138f6fd2ea
                                                                                    • Instruction Fuzzy Hash: 0691D573A04F818AE710DB78D4806ADBBA0F704B98F54523AEB8D17B64DF38D159C760
                                                                                    Function 00007FF71BAA5414 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 459 7ff71baa5414-7ff71baa5461 call 7ff71baa63f4 call 7ff71baa43d0 464 7ff71baa5463-7ff71baa5469 459->464 465 7ff71baa548e-7ff71baa5492 459->465 464->465 466 7ff71baa546b-7ff71baa546e 464->466 467 7ff71baa55b2-7ff71baa55c7 call 7ff71baa5724 465->467 468 7ff71baa5498-7ff71baa549b 465->468 469 7ff71baa5480-7ff71baa5483 466->469 470 7ff71baa5470-7ff71baa5474 466->470 479 7ff71baa55d2-7ff71baa55d8 467->479 480 7ff71baa55c9-7ff71baa55cc 467->480 471 7ff71baa5680 468->471 472 7ff71baa54a1-7ff71baa54d1 468->472 469->465 475 7ff71baa5485-7ff71baa5488 469->475 474 7ff71baa5476-7ff71baa547e 470->474 470->475 477 7ff71baa5685-7ff71baa56a1 471->477 472->471 476 7ff71baa54d7-7ff71baa54de 472->476 474->465 474->469 475->465 475->471 476->471 481 7ff71baa54e4-7ff71baa54e8 476->481 482 7ff71baa5647-7ff71baa567b call 7ff71baa49a4 479->482 483 7ff71baa55da-7ff71baa55de 479->483 480->471 480->479 484 7ff71baa559f-7ff71baa55ad call 7ff71baa3678 481->484 485 7ff71baa54ee-7ff71baa54f1 481->485 482->471 483->482 486 7ff71baa55e0-7ff71baa55e7 483->486 484->471 489 7ff71baa54f3-7ff71baa5508 call 7ff71baa4520 485->489 490 7ff71baa5556-7ff71baa5559 485->490 486->482 491 7ff71baa55e9-7ff71baa55f0 486->491 496 7ff71baa56a2-7ff71baa56a7 abort 489->496 501 7ff71baa550e-7ff71baa5511 489->501 490->484 492 7ff71baa555b-7ff71baa5563 490->492 491->482 495 7ff71baa55f2-7ff71baa5605 call 7ff71baa3bbc 491->495 492->496 497 7ff71baa5569-7ff71baa5593 492->497 495->482 508 7ff71baa5607-7ff71baa5645 495->508 497->496 500 7ff71baa5599-7ff71baa559d 497->500 505 7ff71baa5546-7ff71baa5551 call 7ff71baa5cf0 500->505 502 7ff71baa5513-7ff71baa5538 501->502 503 7ff71baa553a-7ff71baa553d 501->503 502->503 503->496 506 7ff71baa5543 503->506 505->471 506->505 508->477
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.2294672268.00007FF71BAA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71BAA0000, based on PE: true
                                                                                    • Associated: 00000008.00000002.2294648219.00007FF71BAA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294728339.00007FF71BAAC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294753149.00007FF71BAAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_7ff71baa0000_createdump.jbxd
                                                                                    Similarity
                                                                                    • API ID: __except_validate_context_recordabort
                                                                                    • String ID: csm$csm
                                                                                    • API String ID: 746414643-3733052814
                                                                                    • Opcode ID: 1056e810e0031d83590426beccc43492b2f2866ca19cabfb7471893f0b3bcd0b
                                                                                    • Instruction ID: 95f7819e6fe72f7d7a810742a136da6c3c134f74132056bcae6a8aba902f03e2
                                                                                    • Opcode Fuzzy Hash: 1056e810e0031d83590426beccc43492b2f2866ca19cabfb7471893f0b3bcd0b
                                                                                    • Instruction Fuzzy Hash: 7971D732508A828AD7246F39D050B7DBBA1FB40FA5F889235DA8D07AA5CF3CD455C7A4
                                                                                    Function 00007FF71BAA195F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.2294672268.00007FF71BAA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71BAA0000, based on PE: true
                                                                                    • Associated: 00000008.00000002.2294648219.00007FF71BAA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294728339.00007FF71BAAC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294753149.00007FF71BAAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_7ff71baa0000_createdump.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: %%%%%%%%$Could not get the host name for dump name: %d
                                                                                    • API String ID: 0-4114407318
                                                                                    • Opcode ID: 3a1402493b52144332fc7ef885a246e0bef5bb5eddb931c8bdeb75c83dbb8659
                                                                                    • Instruction ID: 4b5b3a9d0fa2004fee1696cbe397765b692dd7dd6cbb68bbff3a8c8aad66cac8
                                                                                    • Opcode Fuzzy Hash: 3a1402493b52144332fc7ef885a246e0bef5bb5eddb931c8bdeb75c83dbb8659
                                                                                    • Instruction Fuzzy Hash: 3451DA32A18F8556D7109B3ED440BAAA751EB82BE0F801235DA9D17BE5CF3DE045D7A0
                                                                                    Function 00007FF71BAA5860 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.2294672268.00007FF71BAA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71BAA0000, based on PE: true
                                                                                    • Associated: 00000008.00000002.2294648219.00007FF71BAA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294728339.00007FF71BAAC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294753149.00007FF71BAAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_7ff71baa0000_createdump.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateFrameInfo__except_validate_context_record
                                                                                    • String ID: csm
                                                                                    • API String ID: 2558813199-1018135373
                                                                                    • Opcode ID: 08459d2de849ea082ca6f7467207d0873ef5a0572d3180cf677e49d91fe67cef
                                                                                    • Instruction ID: f9bce86a1fb0c2ca1dec3e1392194335f2c3ab4bcb92d66742290acf4e987f6b
                                                                                    • Opcode Fuzzy Hash: 08459d2de849ea082ca6f7467207d0873ef5a0572d3180cf677e49d91fe67cef
                                                                                    • Instruction Fuzzy Hash: 20516332618F4186D620BB29E04066EB7B4FB88FA4F542635EB8D07B65CF7CD464CB60
                                                                                    Function 00007FF71BAA17E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 59networkCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 00007FF71BAA17EB
                                                                                    • WSAStartup.WS2_32 ref: 00007FF71BAA186C
                                                                                      • Part of subcall function 00007FF71BAA1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF71BAA1475
                                                                                      • Part of subcall function 00007FF71BAA1450: fprintf.MSPDB140-MSVCRT ref: 00007FF71BAA1485
                                                                                      • Part of subcall function 00007FF71BAA1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF71BAA1494
                                                                                      • Part of subcall function 00007FF71BAA1450: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF71BAA14B3
                                                                                      • Part of subcall function 00007FF71BAA1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF71BAA14BE
                                                                                      • Part of subcall function 00007FF71BAA1450: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF71BAA14C7
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.2294672268.00007FF71BAA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71BAA0000, based on PE: true
                                                                                    • Associated: 00000008.00000002.2294648219.00007FF71BAA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294728339.00007FF71BAAC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294753149.00007FF71BAAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_7ff71baa0000_createdump.jbxd
                                                                                    Similarity
                                                                                    • API ID: __acrt_iob_func$StartupXinvalid_argument__stdio_common_vfprintffflushfprintfstd::_
                                                                                    • String ID: --name$Pipe syntax in dump name not supported$string too long
                                                                                    • API String ID: 1412700758-3183687674
                                                                                    • Opcode ID: 937e6b2c28cea08e1eee527b5bf6a7363096d6cc0634c1c423fcc3cad23f2144
                                                                                    • Instruction ID: 9bef4db2a6d425670f05a2266fa7f946c610855b2ef899ccba630f56c3f2d88a
                                                                                    • Opcode Fuzzy Hash: 937e6b2c28cea08e1eee527b5bf6a7363096d6cc0634c1c423fcc3cad23f2144
                                                                                    • Instruction Fuzzy Hash: DE01B932A14D81A5F761AF26EC41BA6E754BB49BE4F801135DE0D06661CE3CD499C760
                                                                                    Function 00007FF71BAA1CE0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54networkCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.2294672268.00007FF71BAA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71BAA0000, based on PE: true
                                                                                    • Associated: 00000008.00000002.2294648219.00007FF71BAA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294728339.00007FF71BAAC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294753149.00007FF71BAAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_7ff71baa0000_createdump.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorLastgethostname
                                                                                    • String ID: %%%%%%%%$Could not get the host name for dump name: %d
                                                                                    • API String ID: 3782448640-4114407318
                                                                                    • Opcode ID: 320cb389b9e396755b8a5578c83a0b73153155c3fa84c5d330cc0819ada1fb95
                                                                                    • Instruction ID: 4d52d54219450e1bd8bc5ed4eb0d63e3b931b8089ef1c65de59acda718d0c25e
                                                                                    • Opcode Fuzzy Hash: 320cb389b9e396755b8a5578c83a0b73153155c3fa84c5d330cc0819ada1fb95
                                                                                    • Instruction Fuzzy Hash: 3E11EB11A09A4255E644BB39A450BBAA240DF86FF4F803335D95F172F5DE3CE44A43F0
                                                                                    Function 00007FF71BAA4158 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.2294672268.00007FF71BAA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71BAA0000, based on PE: true
                                                                                    • Associated: 00000008.00000002.2294648219.00007FF71BAA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294728339.00007FF71BAAC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294753149.00007FF71BAAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_7ff71baa0000_createdump.jbxd
                                                                                    Similarity
                                                                                    • API ID: terminate
                                                                                    • String ID: MOC$RCC$csm
                                                                                    • API String ID: 1821763600-2671469338
                                                                                    • Opcode ID: 2eecf08628838b8288b91de4d166118c23004d29b6453832f1ed38693e8fa958
                                                                                    • Instruction ID: 82e19d9bcfc4180008a1c7d3326e8f09bfa9aa772b45e276a46ef8e82fd7fad9
                                                                                    • Opcode Fuzzy Hash: 2eecf08628838b8288b91de4d166118c23004d29b6453832f1ed38693e8fa958
                                                                                    • Instruction Fuzzy Hash: 47F08136908E4681E3647B79A14247CB664EF58F58F886632E70806262CF7CE4A486B1
                                                                                    Function 00007FF71BAA20C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(-3333333333333333,?,00000000,00007FF71BAA18EE), ref: 00007FF71BAA21E0
                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF71BAA221E
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.2294672268.00007FF71BAA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71BAA0000, based on PE: true
                                                                                    • Associated: 00000008.00000002.2294648219.00007FF71BAA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294728339.00007FF71BAAC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294753149.00007FF71BAAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_7ff71baa0000_createdump.jbxd
                                                                                    Similarity
                                                                                    • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                    • String ID: Invalid process id '%d' error %d
                                                                                    • API String ID: 73155330-4244389950
                                                                                    • Opcode ID: bba2875ca5ab07f9a8534c7e54732a79a80581b419c8ee845a73c6edf0a3127c
                                                                                    • Instruction ID: 1ca9082e7b4a3bed4bf3401b474b6a9748d3b6da91096b07013a42961a1ca8f2
                                                                                    • Opcode Fuzzy Hash: bba2875ca5ab07f9a8534c7e54732a79a80581b419c8ee845a73c6edf0a3127c
                                                                                    • Instruction Fuzzy Hash: 7B310532709B9195EA10AF3995446B9E7A1EB05FE0F841732DB5D07BE5CE7CE06883B0
                                                                                    Function 00007FF71BAA3F84 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF71BAA173F), ref: 00007FF71BAA3FC8
                                                                                    • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF71BAA173F), ref: 00007FF71BAA400E
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.2294672268.00007FF71BAA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71BAA0000, based on PE: true
                                                                                    • Associated: 00000008.00000002.2294648219.00007FF71BAA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294699710.00007FF71BAA8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294728339.00007FF71BAAC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                    • Associated: 00000008.00000002.2294753149.00007FF71BAAD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_7ff71baa0000_createdump.jbxd
                                                                                    Similarity
                                                                                    • API ID: ExceptionFileHeaderRaise
                                                                                    • String ID: csm
                                                                                    • API String ID: 2573137834-1018135373
                                                                                    • Opcode ID: 7531413fd5ba05c8efc2732aab9693bebd0b5d96e62eb0afc70bc4d0601aafd3
                                                                                    • Instruction ID: 633da32e5e7569688e9c598ef986115121d4d9439293fac1a5eefb70006c52ee
                                                                                    • Opcode Fuzzy Hash: 7531413fd5ba05c8efc2732aab9693bebd0b5d96e62eb0afc70bc4d0601aafd3
                                                                                    • Instruction Fuzzy Hash: 50116D32618F4182EB119B29F440669B7E0FB88F94F585230EE8D07B68DF3CC459C750