Snoozegnat.7z Here

: Creation of temporary .tmp files in the %AppData% directory that match the size of your system's ntdll.dll . Conclusion & Mitigation

Upon extracting the archive, we find a multi-stage execution chain designed to evade detection by standard Windows Defender signatures. The archive contains: SnoozeGnat.7z

: The legitimate launcher looks for its required library. Because gnat_api.dll is in the same folder, it loads the malicious version instead of the system version. : Creation of temporary