Edit tour

Windows Analysis Report
https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe

Overview

General Information

Sample URL:	https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
Analysis ID:	1420288
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Modifies the windows firewall

Uses netsh to modify the Windows network and firewall settings

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Enables debug privileges

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

PE file contains an invalid checksum

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Usage Of Web Request Commands And Cmdlets

Stores files to the Windows start menu directory

Tries to load missing DLLs

Uses Microsoft's Enhanced Cryptographic Provider

Uses taskkill to terminate processes

Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64

cmd.exe (PID: 5428 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe" > cmdline.out 2>&1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

wget.exe (PID: 3704 cmdline: wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe" MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)

SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe (PID: 2800 cmdline: "C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe" MD5: E1C148070E7E9856B50B4AB3AA6C096B)

taskkill.exe (PID: 4480 cmdline: taskkill /im SRTMiniServer.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 1908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6888 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\SRTMiniServer\post_install.cmd"" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 1720 cmdline: netsh advfirewall firewall add rule name=SRTMiniServer dir=in action=allow program="C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe" enable=yes profile=public,private MD5: 4E89A1A088BE715D6C946E55AB07C7DF)

SRTMiniServer.exe (PID: 792 cmdline: "C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe" MD5: D7C8D83952710C569E3671A42CF71773)

cleanup

Sigma Signatures

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe" > cmdline.out 2>&1, CommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe" > cmdline.out 2>&1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1596, ProcessCommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe" > cmdline.out 2>&1, ProcessId: 5428, ProcessName: cmd.exe

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D011030 ?fromStdString@QString@@SA?AV1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z,?fromStdString@QString@@SA?AV1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z,?toULongLong@QString@@QEBA_KPEA_NH@Z,??0QByteArray@@QEAA@AEBV0@@Z,?fromUtf8@QString@@SA?AV1@PEBDH@Z,?append@QString@@QEAAAEAV1@AEBV1@@Z,??1QString@@QEAA@XZ,??1QString@@QEAA@XZ,?toLocal8Bit@QString@@QEHAA?AVQByteArray@@XZ,?hash@QCryptographicHash@@SA?AVQByteArray@@AEBV2@W4Algorithm@1@@Z,?toHex@QByteArray@@QEBA?AV1@XZ,??0QString@@QEAA@AEBVQByteArray@@@Z,??1QByteArray@@QEAA@XZ,??1QByteArray@@QEAA@XZ,??1QByteArray@@QEAA@XZ,??8@YA_NAEBVQString@@0@Z,??1QString@@QEAA@XZ,??1QString@@QEAA@XZ,??1QString@@QEAA@XZ,??1QString@@QEAA@XZ,??1QString@@QEAA@XZ,??1QString@@QEAA@XZ,??1QString@@QEAA@XZ,??1QString@@QEAA@XZ,	15_2_00007FF60D011030
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D046870 ??0QByteArray@@QEAA@XZ,?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z,??0QSettings@@QEAA@AEBVQString@@W4Format@0@PEAVQObject@@@Z,?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z,??0QVariant@@QEAA@XZ,?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z,?toString@QVariant@@QEBA?AVQString@@XZ,??4QByteArray@@QEAAAEAV0@$$QEAV0@@Z,??1QString@@QEAA@XZ,??1QVariant@@QEAA@XZ,??1QVariant@@QEAA@XZ,??1QString@@QEAA@XZ,?toLocal8Bit@QString@@QEHAA?AVQByteArray@@XZ,?hash@QCryptographicHash@@SA?AVQByteArray@@AEBV2@W4Algorithm@1@@Z,??1QByteArray@@QEAA@XZ,?toHex@QByteArray@@QEBA?AV1@XZ,??4QString@@QEAAAEAV0@AEBVQByteArray@@@Z,??1QByteArray@@QEAA@XZ,??0QMessageLogger@@QEAA@PEBDH0@Z,?debug@QMessageLogger@@QEBA?AVQDebug@@XZ,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@AEBVQString@@@Z,??1QDebug@@QEAA@XZ,??0QByteArray@@QEAA@AEBV0@@Z,??1QByteArray@@QEAA@XZ,??1QSettings@@UEAA@XZ,??1QString@@QEAA@XZ,??1QString@@QEAA@XZ,	15_2_00007FF60D046870
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF66AF770 ??0QUrl@@QEAA@AEBV0@@Z,??0QString@@QEAA@XZ,?setPassword@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z,??1QString@@QEAA@XZ,??0QString@@QEAA@XZ,?setFragment@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z,??1QString@@QEAA@XZ,??0QCryptographicHash@@QEAA@W4Algorithm@0@@Z,?toEncoded@QUrl@@QEBA?AVQByteArray@@V?$QUrlTwoFlags@W4UrlFormattingOption@QUrl@@W4ComponentFormattingOption@2@@@@Z,?addData@QCryptographicHash@@QEAAXAEBVQByteArray@@@Z,??1QByteArray@@QEAA@XZ,?result@QCryptographicHash@@QEBA?AVQByteArray@@XZ,?constData@QString@@QEBAPEBVQChar@@XZ,?number@QByteArray@@SA?AV1@_JH@Z,?left@QByteArray@@QEBA?AV1@H@Z,??1QByteArray@@QEAA@XZ,??1QByteArray@@QEAA@XZ,?size@QString@@QEBAHXZ,?at@QByteArray@@QEBADH@Z,?size@QString@@QEBAHXZ,?constData@QString@@QEBAPEBVQChar@@XZ,?constData@QString@@QEBAPEBVQChar@@XZ,?number@QString@@SA?AV1@IH@Z,?size@QString@@QEBAHXZ,??0QString@@QEAA@HW4Initialization@Qt@@@Z,?constData@QString@@QEBAPEBVQChar@@XZ,?size@QString@@QEBAHXZ,?constData@QString@@QEBAPEBVQChar@@XZ,memcpy,??0QChar@@QEAA@UQLatin1Char@@@Z,?appendLatin1To@QAbstractConcatenable@@KAXPEBDHPEAVQChar@@@Z,?appendLatin1To@QAbstractConcatenable@@KAXPEBDHPEAVQChar@@@Z,??1QString@@QEAA@XZ,??1QByteArray@@QEAA@XZ,??1QCryptographicHash@@QEAA@XZ,??1QUrl@@QEAA@XZ,	15_2_00007FFDF66AF770

Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_0d159b48-0

Source:	Binary string: D:\CFILES\Projects\WinSSL\openssl-1.1.1d\libcrypto-1_1-x64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2079638186.00000000029CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: SRTMiniServer.exe, 0000000F.00000002.3099127380.00007FFE120C5000.00000002.00000001.01000000.00000025.sdmp
Source:	Binary string: msvcrt.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2089562175.0000000002705000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Age does not matchThe module age and .pdb age do not match. source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdb8 source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\Work\cvsroot\MPlatform\trunk\Objects\MPlatform\x64\ReleasePX\MLProxy.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2105630700.0000000002709000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdbSS source: SRTMiniServer.exe, 0000000F.00000002.3098379559.00007FFE0CFD9000.00000002.00000001.01000000.00000026.sdmp
Source:	Binary string: E:\Work\cvsroot\MPlatform\trunk\MFormats\MFormats\x64\ReleasePX\Medialooks.Codecs.SRT.x64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\DEV\GA_SRTMINISERVER\build-sdiout\release\SDIOutAddon.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2024132479.0000000002709000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\FFMPEG_ORIG\libavcodec\avcodec-58.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2039719264.0000000002D8D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2102576289.0000000002701000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, 0000000F.00000002.3099769472.00007FFE1A455000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: C:\DEV\build-confaddon\release\Conference.pdbPP) source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\OpenSSL\Temp\openssl-1.0.2i-x64\out32dll\ssleay32.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2093942975.0000000002701000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2018647689.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, 0000000F.00000002.3098539160.00007FFE0E161000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: C:\FFMPEG_ORIG\libavformat\avformat-58.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2069234131.0000000002A09000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\Work\cvsroot\MPlatform\trunk\MFormats\MFormats\x64\ReleasePX\Medialooks.Codecs.GPU.x64.pdb? source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp120.amd64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2085733686.000000000270E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_43.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2104648764.0000000002704000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Z:\Development\winsparkle\x64\Release\WinSparkle.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2029047588.000000000270B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\DEV\GA_SRTMINISERVER\build-sdiout\release\SDIOutAddon.pdb99) source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2024132479.0000000002709000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vcruntime140.amd64.pdbGCTL source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2101285682.0000000002707000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\FFMPEG_ORIG\libavutil\avutil-56.pdbl source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2072268697.000000000281B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\FFMPEG_ORIG\libavfilter\avfilter-7.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2062619979.0000000002B7C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcr120.amd64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2088538506.00000000050FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\DEV\build-confaddon\release\Conference.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\CFILES\Projects\WinSSL\openssl-1.1.1d\libssl-1_1-x64.pdb?? source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2084811984.0000000002772000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002707000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_43.pdbH source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2104648764.0000000002704000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Signature does not matchThe module signature does not match with .pdb signature source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vcruntime140.amd64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2101285682.0000000002707000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbF source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2010370107.0000000002BB1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Developer\Desktop\rtp\bin\x64\CrashRpt1403.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1966774367.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, 0000000F.00000002.3099567751.00007FFE1323A000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: msvcp140.amd64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2087340958.00000000050FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: zzz_AsmCodeRange_*FrameData.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb!! source: SRTMiniServer.exe, 0000000F.00000002.3099127380.00007FFE120C5000.00000002.00000001.01000000.00000025.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2010370107.0000000002BB1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: SRTMiniServer.exe, 0000000F.00000002.3097531375.00007FFDFF173000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Sql.pdb11 source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2017647324.000000000270A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: *.pdb source: SRTMiniServer.exe, 0000000F.00000002.3086834020.00000246CEBF4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\Work\cvsroot\MPlatform\trunk\MFormats\MFormats\x64\ReleasePX\Medialooks.Codecs.Core.x64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: yC:\DEV\GA_SRTMINISERVER\build-srtminiserver\bin\SRTMiniServer.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Developer\Desktop\rtp\bin\x64\CrashRpt1403.pdb$$ source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1966774367.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, 0000000F.00000002.3099567751.00007FFE1323A000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: C:\FFMPEG_ORIG\libavdevice\avdevice-58.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2053590759.000000000278F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Code\TriCaster\NDI 4\Bin64\Release\Processing.NDI.Lib.x64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2004179942.000000000270C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\CFILES\Projects\WinSSL\openssl-1.1.1d\libssl-1_1-x64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2084811984.0000000002772000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: SRTMiniServer.exe, 0000000F.00000002.3098936268.00007FFE11EA4000.00000002.00000001.01000000.00000029.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb++ source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2018647689.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, 0000000F.00000002.3098539160.00007FFE0E161000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: E:\Work\cvsroot\MPlatform\trunk\MFormats\MFormats\x64\ReleasePX\Medialooks.Codecs.FFM.x64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.0000000002BC8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Z7 /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D_USING_V110_SDK71_ -D_WINSOCK_DEPRECATED_NO_WARNINGS -D_WIN32_WINNT=0x0502 source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2083486089.0000000002B8D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Z7 /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_USING_V110_SDK71_ -D_WINSOCK_DEPRECATED_NO_WARNINGS -D_WIN32_WINNT=0x0502 source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2079638186.000000000294E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp140.amd64.pdbGCTL source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2087340958.00000000050FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: @ compiler: cl /Z7 /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_USING_V110_SDK71_ -D_WINSOCK_DEPRECATED_NO_WARNINGS -D_WIN32_WINNT=0x0502OpenSSL 1.1.1d 10 Sep 2019built on: Wed Sep 11 13:24:44 2019 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2079638186.000000000294E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Sql.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2017647324.000000000270A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbCC source: SRTMiniServer.exe, 0000000F.00000002.3097531375.00007FFDFF173000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: C:\DEV\GA_SRTMINISERVER\build-srtminiserver\bin\SRTMiniServer.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Drive not readyThis error indicates a .pdb file related failure. source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\CFILES\Projects\WinSSL\openssl-3.1.2-temp_64\libcrypto-3-x64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2083486089.0000000002C25000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\Work\cvsroot\MPlatform\trunk\MFormats\MFormats\x64\ReleasePX\Medialooks.Codecs.SRT.x64.pdb] source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\Work\cvsroot\MPlatform\trunk\Objects\MPlatform\x64\ReleasePX\MServer.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2106395467.000000000270B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Unable to locate the .pdb file in this location source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\FFMPEG_ORIG\libswresample\swresample-3.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2095719882.0000000002789000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, 0000000F.00000002.3088799008.00007FFDF6652000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: C:\FFMPEG_ORIG\libswscale\swscale-5.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2099488639.0000000002815000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: The module signature does not match with .pdb signature. source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdb.dbg source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\FFMPEG_ORIG\libavutil\avutil-56.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2072268697.000000000281B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\Work\cvsroot\MPlatform\trunk\MFormats\MFormats\x64\ReleasePX\Medialooks.Device.AJA.x64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2133607089.0000000002A90000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: or you do not have access permission to the .pdb location. source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: An Exception happened while downloading the module .pdbPlease open a bug if this is a consistent repro. source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: @ compiler: cl /Z7 /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D_USING_V110_SDK71_ -D_WINSOCK_DEPRECATED_NO_WARNINGS -D_WIN32_WINNT=0x0502OpenSSL 3.1.2 1 Aug 20233.1.2built on: Wed Aug 2 14:43:24 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lockcrypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8crypto\getenv.ccompiler: cl /Z7 /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D_USING_V110_SDK71_ -D_WINSOCK_DEPRECATED_NO_WARNINGS -D_WIN32_WINNT=0x0502;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: crypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\initthread.ccrypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL \|\| WITHIN_ARENA(temp->next)assertion failed: (char *)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) \|\| WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/0123456789ABCDEFCRYPTO_memdupcrypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sepcrypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_paramossl_param_build_set_bn_padcrypto\param_build_set.ccopy_integercrypto\params.cunsigned_from_signedgeneral_get_intgeneral_set_intgeneral_get_uintgeneral_set_uintOSSL_PARAM_get_int32OSSL_PARAM_set_int32OSSL_PARA
Source:	Binary string: E:\Work\cvsroot\MPlatform\trunk\MFormats\MFormats\x64\ReleasePX\Medialooks.Codecs.GPU.x64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2023152263.0000000002702000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, 0000000F.00000002.3090610938.00007FFDF774D000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: C:\Users\Developer\Desktop\rtp\bin\x64\CrashSender1403.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002703000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdb source: SRTMiniServer.exe, 0000000F.00000002.3098379559.00007FFE0CFD9000.00000002.00000001.01000000.00000026.sdmp

Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe

Code function: 15_2_00007FF60CFCCE40 srt_getsockstate,srt_recv,_Mtx_lock,_Mtx_unlock,_Mtx_unlock,srt_getsockstate,srt_getlasterror_str,?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z,_Mtx_lock,_Mtx_unlock,??1QString@@QEAA@XZ,?_Throw_C_error@std@@YAXH@Z,?_Throw_C_error@std@@YAXH@Z,srt_getsockstate,srt_recv,_Mtx_lock,_Mtx_unlock,_Mtx_unlock,srt_getsockstate,srt_getlasterror_str,?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z,??0QMessageLogger@@QEAA@PEBDH0@Z,?debug@QMessageLogger@@QEBA?AVQDebug@@XZ,??6QDebug@@QEAAAEAV0@AEBVQString@@@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@H@Z,??1QDebug@@QEAA@XZ,_Mtx_lock,_Mtx_unlock,??1QString@@QEAA@XZ,?_Throw_C_error@std@@YAXH@Z,?_Throw_C_error@std@@YAXH@Z,

15_2_00007FF60CFCCE40

Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp

String found in binary or memory: 04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1email.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06www.google.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3login.yahoo.com39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:293e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47login.skype.com92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43addons.mozilla.orgb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0login.live.comd8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0global trustee05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56*.google.com0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4cDigiNotar Root CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Services CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services 1024 CA0a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Root CA G2a4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21CertiID Enterprise Certificate Authority5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41DigiNotar Qualified CA46:9c:2c:b007:27:10:0dDigiNotar Cyber CA07:27:0f:f907:27:10:0301:31:69:b0DigiNotar PKIoverheid CA Overheid en Bedrijven01:31:34:bfDigiNotar PKIoverheid CA Organisatie - G2d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar Extended Validation CA1e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Public CA 202546:9c:2c:af46:9c:3c:c907:27:14:a9Digisign Server ID (Enrich)4c:0e:63:6aDigisign Server ID - (Enrich)72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0UTN-USERFirst-Hardware41MD5 Collisions Inc. (http://www.phreedom.org/md5)08:27*.EGO.GOV.TR08:64e-islem.kktcmerkezbankasi.org03:1d:a7AC DG Tr equals www.yahoo.com (Yahoo)

Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	String found in binary or memory: http://bugreports.qt.io/
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugreports.qt.io/_q_receiveReplyMicrosoft-IIS/4.Microsoft-IIS/5.Netscape-Enterprise/3.WebLogi
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2133607089.0000000002A90000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.0000000002BC8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2106395467.000000000270B000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2105630700.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2133607089.0000000002A90000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.0000000002BC8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2106395467.000000000270B000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2105630700.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002703000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.google.com/p/crashrpt/wiki/FAQ
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	String found in binary or memory: http://core1.garaninapps.com/api/dns/reg2
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://core1.garaninapps.com/api/dns/reg2SHOW_DYNDNSERROR
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	String found in binary or memory: http://core1.garaninapps.com/api/srtproxy/list
Source: wget.exe, 00000002.00000003.1812369594.0000000002BAE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1812369594.0000000002BA6000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2090431197.0000000002708000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002811000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2024132479.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
Source: wget.exe, 00000002.00000003.1812369594.0000000002BAE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1812369594.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.1837570647.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1812369594.0000000002BA6000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2090431197.0000000002708000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002811000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2024132479.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl0
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2090431197.0000000002708000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002811000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2024132479.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: wget.exe, 00000002.00000003.1812369594.0000000002BAE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1812369594.0000000002BA6000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2133607089.0000000002A90000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2090431197.0000000002708000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002811000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.0000000002BC8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2024132479.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2106395467.000000000270B000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2105630700.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2010370107.0000000002CBB000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2023152263.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002CEA000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2018647689.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2017647324.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2133607089.0000000002A90000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.0000000002BC8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2106395467.000000000270B000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2105630700.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2133607089.0000000002A90000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.0000000002BC8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2106395467.000000000270B000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2105630700.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2133607089.0000000002A90000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.0000000002BC8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2106395467.000000000270B000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2105630700.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: wget.exe, 00000002.00000003.1812369594.0000000002BAE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1812369594.0000000002BA6000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2133607089.0000000002A90000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2090431197.0000000002708000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002811000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.0000000002BC8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2024132479.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2106395467.000000000270B000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2105630700.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2069234131.000000000297F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dashif.org/guidelines/trickmode
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	String found in binary or memory: http://downloads.garaninapps.com/srtminiserver_win.json
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://downloads.garaninapps.com/srtminiserver_win.jsonQMenuBar
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	String found in binary or memory: http://garaninapps.com/rtmpminiserver/help/testndi
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://https://%02d:%02d:%02d%ws%02d.%d%02d:%02d:%02d%ws%02d%s..%s(%ws)F%05XGUID_NULLcbuffer
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	String found in binary or memory: http://keys3.garaninapps.com
Source: SRTMiniServer.exe, 0000000F.00000002.3087743351.00000246CF05E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://keys3.garaninapps.com/134
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://keys3.garaninapps.comhttps://srtminiserver.com/trial-info/https://srtminiserver.com/store.htm
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2004179942.000000000270C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://new.tk/ndisdk_license/
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000000.1859842351.0000000000409000.00000008.00000001.01000000.00000004.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000000.1859842351.0000000000409000.00000008.00000001.01000000.00000004.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2133607089.0000000002A90000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.0000000002BC8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2106395467.000000000270B000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2105630700.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2133607089.0000000002A90000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.0000000002BC8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2106395467.000000000270B000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2105630700.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: wget.exe, 00000002.00000003.1812369594.0000000002BAE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1812369594.0000000002BA6000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2090431197.0000000002708000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002811000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2024132479.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: wget.exe, 00000002.00000003.1812369594.0000000002BAE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1812369594.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.1837570647.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1812369594.0000000002BA6000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2090431197.0000000002708000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002811000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2024132479.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca20200V
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2090431197.0000000002708000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002811000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2024132479.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: wget.exe, 00000002.00000003.1812369594.0000000002BAE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1812369594.0000000002BA6000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2133607089.0000000002A90000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2090431197.0000000002708000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002811000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.0000000002BC8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2024132479.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2106395467.000000000270B000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2105630700.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2010370107.0000000002CBB000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2023152263.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002CEA000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2018647689.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2017647324.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: wget.exe, 00000002.00000003.1812369594.0000000002BAE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1812369594.0000000002BA6000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2090431197.0000000002708000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002811000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2024132479.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: wget.exe, 00000002.00000003.1812369594.0000000002BAE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1812369594.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.1837570647.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1812369594.0000000002BA6000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2090431197.0000000002708000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002811000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2024132479.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2090431197.0000000002708000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002811000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2024132479.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2069234131.000000000297F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://standards.iso.org/ittf/PubliclyAvailableStandards/MPEG-DASH_schema_files/DASH-MPD.xsd
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2010370107.0000000002CBB000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2023152263.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002CEA000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2018647689.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2017647324.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2010370107.0000000002CBB000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2023152263.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002CEA000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2018647689.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2017647324.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://t2.symcb.com0
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2010370107.0000000002CBB000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2023152263.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002CEA000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2018647689.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2017647324.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tl.symcb.com/tl.crl0
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2010370107.0000000002CBB000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2023152263.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002CEA000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2018647689.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2017647324.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tl.symcb.com/tl.crt0
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2010370107.0000000002CBB000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2023152263.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002CEA000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2018647689.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2017647324.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tl.symcd.com0&
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2010370107.0000000002CBB000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2023152263.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002CEA000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2018647689.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2017647324.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2010370107.0000000002CBB000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2023152263.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002CEA000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2018647689.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2017647324.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2010370107.0000000002CBB000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2023152263.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002CEA000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2018647689.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2017647324.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2133607089.000000000270C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://video1.sdpv=0video2.sdptxvideo3.sdp1video4.sdpVIDaudio1.sdp2audio2.sdpVIDaudio3.sdp/audio4.sd
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002707000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, 0000000F.00000002.3089926205.00007FFDF715F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2029047588.000000000270B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle#installerArguments
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2029047588.000000000270B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle#minimumSystemVersion
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2029047588.000000000270B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle#os
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2029047588.000000000270B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle#releaseNotesLink
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2029047588.000000000270B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle#releaseNotesLinktitledescriptionlinkhttp://www.a
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2029047588.000000000270B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle#shortVersionString
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2029047588.000000000270B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle#version
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002707000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, 0000000F.00000002.3089926205.00007FFDF715F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.color.org)
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2133607089.0000000002A90000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.0000000002BC8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2106395467.000000000270B000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2105630700.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.gimp.org/xmp/
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.medialooks.com/extend_trialopenhttp://www.medialooks.com/cancel_trial_pDevChild
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2093942975.0000000002701000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.openssl.org/V
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.phreedom.org/md5)
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.phreedom.org/md5)08:27
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.000000000270D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.smpte-ra.org/schemas/434/2006/groups/S377M/2004
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.000000000270D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.smpte-ra.org/schemas/434/2006/groups/S380M/2004
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.000000000270D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.smpte-ra.org/schemas/434/2006/multiplex/S377M/2004
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.000000000270D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.smpte-ra.org/schemas/434/2006/properties/S335M
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.000000000270D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.smpte-ra.org/schemas/434/2006/types/S377M/2004
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002703000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	String found in binary or memory: https://api.garaninapps.com/api/srt/get_number
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.garaninapps.com/api/srt/get_numberapplication/x-www-form-urlencodedLinkGenerator/URLLink
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2100683220.000000000270B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://developers.google.com/chart/interactive/docs/reference#events
Source: wget.exe, 00000002.00000002.1837268025.0000000000B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
Source: wget.exe, 00000002.00000002.1837268025.0000000000B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exeCP
Source: wget.exe, 00000002.00000002.1837268025.0000000000B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exeOCESSORZP
Source: wget.exe, 00000002.00000002.1837268025.0000000000B75000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.1837268025.0000000000B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exeVP
Source: wget.exe, 00000002.00000002.1837268025.0000000000B75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exeYP
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	String found in binary or memory: https://garaninapps.com/sdioutaddon
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://garaninapps.com/sdioutaddonPlease
Source: wget.exe, 00000002.00000003.1812369594.0000000002BAE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1812369594.0000000002BA6000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2090431197.0000000002708000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002811000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2024132479.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2133607089.0000000002A90000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.0000000002BC8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2106395467.000000000270B000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2105630700.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0D
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	String found in binary or memory: https://srtminiserver.com/help
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	String found in binary or memory: https://srtminiserver.com/help/custom_proxy_server.html
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	String found in binary or memory: https://srtminiserver.com/help/dynamic_dns.html
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://srtminiserver.com/help/dynamic_dns.htmlselectedProxyServerautoconnect_proxytab_indexSTART_LI
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	String found in binary or memory: https://srtminiserver.com/help/internet_connection_setup.html
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	String found in binary or memory: https://srtminiserver.com/help/larix_broadcaster_setup.html
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://srtminiserver.com/help/larix_broadcaster_setup.htmlSyncBroadcaster
Source: SRTMiniServer.exe	String found in binary or memory: https://srtminiserver.com/help/proxy_addon.html
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	String found in binary or memory: https://srtminiserver.com/help/settings_window.html
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	String found in binary or memory: https://srtminiserver.com/help/stream_to_studio.html
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://srtminiserver.com/help/stream_to_studio.htmlLarixBroadcaster
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	String found in binary or memory: https://srtminiserver.com/help/syncbroadcaster_setup.html
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://srtminiserver.com/help/syncbroadcaster_setup.htmlRemoteExperthttps://srtminiserver.com/remot
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	String found in binary or memory: https://srtminiserver.com/help/tv_guest.html
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://srtminiserver.com/help/tv_guest.htmlStream
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://srtminiserver.com/helpStart1onStartTriggered()2clicked():PREVIEWPreview1onPreviewTriggered()
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	String found in binary or memory: https://srtminiserver.com/remote_expert.html
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	String found in binary or memory: https://srtminiserver.com/remoteslides/
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, SRTMiniServer.exe, 0000000F.00000002.3086551070.00000246CEAF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://srtminiserver.com/store.html
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, SRTMiniServer.exe, 0000000F.00000002.3087743351.00000246CF05E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://srtminiserver.com/trial-info/
Source: SRTMiniServer.exe, 0000000F.00000002.3086551070.00000246CEAF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://srtminiserver.com/trial-info/an
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2072268697.000000000281B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://streams.videolan.org/upload/
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2100683220.000000000270B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://svg-path-visualizer.netlify.app/
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2029047588.000000000270B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://winsparkle.org).
Source: wget.exe, 00000002.00000003.1812369594.0000000002BAE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1812369594.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.1837570647.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1812369594.0000000002BA6000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2090431197.0000000002708000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002811000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2024132479.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2100683220.000000000270B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/charts/loader.js
Source: SRTMiniServer.exe	String found in binary or memory: https://www.medialooks.com)
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.0000000002BC8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2106395467.000000000270B000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2105630700.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.medialooks.com)B
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2133607089.0000000002A90000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.medialooks.com)D
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.medialooks.com/contacts/label_namecategory_namepurchase_msgcancelG
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2079638186.0000000002A39000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2083486089.0000000002CC7000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2084811984.0000000002772000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.openssl.org/H
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.openssl.org/docs/faq.html
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2010370107.0000000002CBB000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2023152263.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002CEA000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2018647689.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2017647324.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.thawte.com/cps0/
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2010370107.0000000002CBB000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2023152263.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002CEA000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2018647689.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2017647324.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.thawte.com/repository0W

Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFE3110	15_2_00007FF60CFE3110
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D03A580	15_2_00007FF60D03A580
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D004110	15_2_00007FF60D004110
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFC1A40	15_2_00007FF60CFC1A40
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D02EE40	15_2_00007FF60D02EE40
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D016E60	15_2_00007FF60D016E60
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFD8EC0	15_2_00007FF60CFD8EC0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D070D48	15_2_00007FF60D070D48
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFD0DD0	15_2_00007FF60CFD0DD0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFE0DD0	15_2_00007FF60CFE0DD0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFFEE20	15_2_00007FF60CFFEE20
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFF6F80	15_2_00007FF60CFF6F80
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFF8FB0	15_2_00007FF60CFF8FB0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D056FD0	15_2_00007FF60D056FD0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFCEFF0	15_2_00007FF60CFCEFF0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFE9000	15_2_00007FF60CFE9000
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D027010	15_2_00007FF60D027010
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFFAA60	15_2_00007FF60CFFAA60
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D070AC8	15_2_00007FF60D070AC8
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFF2B00	15_2_00007FF60CFF2B00
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D01CB00	15_2_00007FF60D01CB00
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFCE940	15_2_00007FF60CFCE940
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D0109A0	15_2_00007FF60D0109A0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFC8C90	15_2_00007FF60CFC8C90
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFD8CA0	15_2_00007FF60CFD8CA0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D012CA0	15_2_00007FF60D012CA0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D034CD0	15_2_00007FF60D034CD0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFD6D00	15_2_00007FF60CFD6D00
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D074D30	15_2_00007FF60D074D30
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFD4B90	15_2_00007FF60CFD4B90
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D024BA0	15_2_00007FF60D024BA0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFF4C00	15_2_00007FF60CFF4C00
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFC6C10	15_2_00007FF60CFC6C10
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D000C20	15_2_00007FF60D000C20
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D070686	15_2_00007FF60D070686
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D05E6B0	15_2_00007FF60D05E6B0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D0346E0	15_2_00007FF60D0346E0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D008710	15_2_00007FF60D008710
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D03C5E0	15_2_00007FF60D03C5E0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFCA630	15_2_00007FF60CFCA630
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D002850	15_2_00007FF60D002850
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D00E860	15_2_00007FF60D00E860
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D02C770	15_2_00007FF60D02C770
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D02A7B0	15_2_00007FF60D02A7B0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D01E7B0	15_2_00007FF60D01E7B0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFCC800	15_2_00007FF60CFCC800
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFD82C0	15_2_00007FF60CFD82C0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D0022D0	15_2_00007FF60D0022D0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFFA330	15_2_00007FF60CFFA330
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D0121A0	15_2_00007FF60D0121A0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D0221A0	15_2_00007FF60D0221A0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFE01D0	15_2_00007FF60CFE01D0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFC6230	15_2_00007FF60CFC6230
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D00A220	15_2_00007FF60D00A220
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D018220	15_2_00007FF60D018220
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D020470	15_2_00007FF60D020470
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D070470	15_2_00007FF60D070470
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D06A460	15_2_00007FF60D06A460
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D01A4B0	15_2_00007FF60D01A4B0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D068520	15_2_00007FF60D068520
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D00C350	15_2_00007FF60D00C350
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFFE360	15_2_00007FF60CFFE360
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D01E3F0	15_2_00007FF60D01E3F0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D02C410	15_2_00007FF60D02C410
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D01FE50	15_2_00007FF60D01FE50
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFFDE60	15_2_00007FF60CFFDE60
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D009EB0	15_2_00007FF60D009EB0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D015EC0	15_2_00007FF60D015EC0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D00DD70	15_2_00007FF60D00DD70
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D02BD90	15_2_00007FF60D02BD90
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D05FE20	15_2_00007FF60D05FE20
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D0000A0	15_2_00007FF60D0000A0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFC2100	15_2_00007FF60CFC2100
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D014120	15_2_00007FF60D014120
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60CFCFF60	15_2_00007FF60CFCFF60
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D01BFB0	15_2_00007FF60D01BFB0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D5D5A0	15_2_00007FFDF5D5D5A0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D834A0	15_2_00007FFDF5D834A0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D7B830	15_2_00007FFDF5D7B830
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D79800	15_2_00007FFDF5D79800
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D55800	15_2_00007FFDF5D55800
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D6F7F0	15_2_00007FFDF5D6F7F0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D577C0	15_2_00007FFDF5D577C0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D5D750	15_2_00007FFDF5D5D750
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D8B6E0	15_2_00007FFDF5D8B6E0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D5D680	15_2_00007FFDF5D5D680
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D97210	15_2_00007FFDF5D97210
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D751D0	15_2_00007FFDF5D751D0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D77190	15_2_00007FFDF5D77190
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D910C0	15_2_00007FFDF5D910C0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D7B0B0	15_2_00007FFDF5D7B0B0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D67090	15_2_00007FFDF5D67090
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D6D400	15_2_00007FFDF5D6D400
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D533C0	15_2_00007FFDF5D533C0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D69340	15_2_00007FFDF5D69340
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D79320	15_2_00007FFDF5D79320
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D8D2E0	15_2_00007FFDF5D8D2E0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D8DE10	15_2_00007FFDF5D8DE10
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D79DE0	15_2_00007FFDF5D79DE0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF5D6DD30	15_2_00007FFDF5D6DD30
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF6291780	15_2_00007FFDF6291780
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF62D34F0	15_2_00007FFDF62D34F0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF62A1C30	15_2_00007FFDF62A1C30
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF62A5870	15_2_00007FFDF62A5870
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF62967E0	15_2_00007FFDF62967E0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF6296480	15_2_00007FFDF6296480
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF62A42A0	15_2_00007FFDF62A42A0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF6302230	15_2_00007FFDF6302230
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF629CDA0	15_2_00007FFDF629CDA0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF62F6B00	15_2_00007FFDF62F6B00
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF631D6A0	15_2_00007FFDF631D6A0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF62D56D0	15_2_00007FFDF62D56D0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF63036F0	15_2_00007FFDF63036F0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF66EFE40	15_2_00007FFDF66EFE40
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF67083E0	15_2_00007FFDF67083E0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF66F00A0	15_2_00007FFDF66F00A0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF66CD750	15_2_00007FFDF66CD750
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF66CD745	15_2_00007FFDF66CD745
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF66CD6F0	15_2_00007FFDF66CD6F0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF66E57D0	15_2_00007FFDF66E57D0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF66DB840	15_2_00007FFDF66DB840
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF6697820	15_2_00007FFDF6697820
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF66B9810	15_2_00007FFDF66B9810
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF671F7C0	15_2_00007FFDF671F7C0
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF66B3490	15_2_00007FFDF66B3490

Source: avutil-56.dll.5.dr	Static PE information: Number of sections : 12 > 10
Source: swresample-3.dll0.5.dr	Static PE information: Number of sections : 12 > 10
Source: avdevice-58.dll.5.dr	Static PE information: Number of sections : 12 > 10
Source: avfilter-7.dll.5.dr	Static PE information: Number of sections : 12 > 10
Source: avcodec-58.dll.5.dr	Static PE information: Number of sections : 13 > 10
Source: avresample-4.dll.5.dr	Static PE information: Number of sections : 12 > 10
Source: avformat-58.dll.5.dr	Static PE information: Number of sections : 13 > 10

Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ifmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasmontr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mfc42u.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: authfwcfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpolicyiomgr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcmonitor.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3cfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3api.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: onex.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappcfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappprxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwcfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: hnetmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netshell.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netsetupapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netiohlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: httpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshipsec.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: activeds.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: polstore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winipsec.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshwfp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2pnetsh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2p.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rpcnsh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: whhelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlancfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlanapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wshelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wevtapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: peerdistsh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wcmapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mobilenetworking.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprmsg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: avformat-58.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: avcodec-58.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: avfilter-7.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: avutil-56.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: swscale-5.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: processing.ndi.lib.x64.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: srt.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: crashrpt1403.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: qt5widgets.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: qt5gui.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: qt5sql.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: qt5network.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: avcodec-58.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: avutil-56.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: swresample-3.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: avutil-56.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: mfplat.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: swscale-5.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: swresample-3.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: avutil-56.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: dxva2.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: qt5gui.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: rtworkq.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: qt5svg.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Section loaded: wintypes.dll	Jump to behavior

Source: avformat-58.dll.5.dr

Static PE information: Section: .rodata ZLIB complexity 1.021484375

Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2010370107.0000000002A61000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: com.slnishinomiya.hyogo.jpkustanai.rucom.snpassenger-association.aerocom.sotsushima.nagasaki.jpcom.stuy.comx.seisa-geek.comcom.sv

Source: classification engine

Classification label: mal48.evad.win@16/116@0/1

Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe

Code function: 15_2_00007FF60CFC1A40 memset,printf,??0QApplication@@QEAA@AEAHPEAPEADH@Z,?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z,?instance@QCoreApplication@@SAPEAV1@XZ,?setStyleSheet@QApplication@@QEAAXAEBVQString@@@Z,??1QString@@QEAA@XZ,?number@QByteArray@@SA?AV1@HH@Z,?qputenv@@YA_NPEBDAEBVQByteArray@@@Z,??1QByteArray@@QEAA@XZ,CoCreateInstance,SysAllocString,SysFreeString,srand,rand,??0QMessageLogger@@QEAA@PEBDH0@Z,?debug@QMessageLogger@@QEBA?AVQDebug@@XZ,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@_N@Z,??1QDebug@@QEAA@XZ,av_log_set_level,?show@QWidget@@QEAAXXZ,?exec@QApplication@@SAHXZ,#9,??1QApplication@@UEAA@XZ,

15_2_00007FF60CFC1A40

Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe

File created: C:\Program Files (x86)\SRTMiniServer

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\Desktop\cmdline.out

Jump to behavior

Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Mutant created: \Sessions\1\BaseNamedObjects\NewTek_AirPlay_UdpPingMutex
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1908:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6920:120:WilError_03
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Mutant created: \Sessions\1\BaseNamedObjects\NewTek_AirPlay_UdpSendMutex
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6892:120:WilError_03

Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe

File created: C:\Users\user\AppData\Local\Temp\nsrF213.tmp

Jump to behavior

Source: C:\Windows\SysWOW64\taskkill.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "SRTMiniServer.exe")

Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	Binary or memory string: insert into process (line_num, width_frame, height_frame, input_fps, start_delay, crit_delay, decoder, decode_fps, audio_bufs, video_bufs, bitrate, auto_resets, total_pkt, loss_pkt, drops_pkt) values %1;
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS process ( id INTEGER PRIMARY KEY AUTOINCREMENT, cur_timestamp INTEGER DEFAULT(julianday(datetime('now','localtime'))), line_num INTEGER, width_frame INTEGER, height_frame INTEGER, input_fps INTEGER, start_delay INTEGER, crit_delay INTEGER, decoder bool, decode_fps INTEGER, audio_bufs INTEGER, video_bufs INTEGER, bitrate INTEGER, auto_resets INTEGER, total_pkt INTEGER, loss_pkt INTEGER, drops_pkt INTEGER );
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: select line_num, datetime(cur_timestamp) as timestamp, input_fps, decode_fps, audio_bufs, video_bufs, bitrate, auto_resets, total_pkt, loss_pkt, drops_pkt, width_frame, height_frame, start_delay, crit_delay, decoder from process WHERE timestamp >= datetime('now','-24 hour','localtime') order by line_num ASC, timestamp ASC;

Source: SRTMiniServer.exe

String found in binary or memory:

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe"
Source: unknown	Process created: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe "C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe"
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im SRTMiniServer.exe
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\SRTMiniServer\post_install.cmd""
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name=SRTMiniServer dir=in action=allow program="C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe" enable=yes profile=public,private
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Process created: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe "C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe"	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im SRTMiniServer.exe	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\SRTMiniServer\post_install.cmd""	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Process created: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe "C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name=SRTMiniServer dir=in action=allow program="C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe" enable=yes profile=public,private	Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe

File written: C:\Program Files (x86)\SRTMiniServer\crashrpt_lang.ini

Jump to behavior

Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Automated click: Next >
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Automated click: Next >
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: D:\CFILES\Projects\WinSSL\openssl-1.1.1d\libcrypto-1_1-x64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2079638186.00000000029CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: SRTMiniServer.exe, 0000000F.00000002.3099127380.00007FFE120C5000.00000002.00000001.01000000.00000025.sdmp
Source:	Binary string: msvcrt.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2089562175.0000000002705000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Age does not matchThe module age and .pdb age do not match. source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdb8 source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\Work\cvsroot\MPlatform\trunk\Objects\MPlatform\x64\ReleasePX\MLProxy.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2105630700.0000000002709000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdbSS source: SRTMiniServer.exe, 0000000F.00000002.3098379559.00007FFE0CFD9000.00000002.00000001.01000000.00000026.sdmp
Source:	Binary string: E:\Work\cvsroot\MPlatform\trunk\MFormats\MFormats\x64\ReleasePX\Medialooks.Codecs.SRT.x64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\DEV\GA_SRTMINISERVER\build-sdiout\release\SDIOutAddon.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2024132479.0000000002709000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\FFMPEG_ORIG\libavcodec\avcodec-58.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2039719264.0000000002D8D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2102576289.0000000002701000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, 0000000F.00000002.3099769472.00007FFE1A455000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: C:\DEV\build-confaddon\release\Conference.pdbPP) source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\OpenSSL\Temp\openssl-1.0.2i-x64\out32dll\ssleay32.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2093942975.0000000002701000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2018647689.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, 0000000F.00000002.3098539160.00007FFE0E161000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: C:\FFMPEG_ORIG\libavformat\avformat-58.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2069234131.0000000002A09000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\Work\cvsroot\MPlatform\trunk\MFormats\MFormats\x64\ReleasePX\Medialooks.Codecs.GPU.x64.pdb? source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp120.amd64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2085733686.000000000270E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_43.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2104648764.0000000002704000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Z:\Development\winsparkle\x64\Release\WinSparkle.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2029047588.000000000270B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\DEV\GA_SRTMINISERVER\build-sdiout\release\SDIOutAddon.pdb99) source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2024132479.0000000002709000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vcruntime140.amd64.pdbGCTL source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2101285682.0000000002707000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\FFMPEG_ORIG\libavutil\avutil-56.pdbl source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2072268697.000000000281B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\FFMPEG_ORIG\libavfilter\avfilter-7.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2062619979.0000000002B7C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcr120.amd64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2088538506.00000000050FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\DEV\build-confaddon\release\Conference.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\CFILES\Projects\WinSSL\openssl-1.1.1d\libssl-1_1-x64.pdb?? source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2084811984.0000000002772000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002707000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_43.pdbH source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2104648764.0000000002704000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Signature does not matchThe module signature does not match with .pdb signature source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vcruntime140.amd64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2101285682.0000000002707000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbF source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2010370107.0000000002BB1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Developer\Desktop\rtp\bin\x64\CrashRpt1403.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1966774367.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, 0000000F.00000002.3099567751.00007FFE1323A000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: msvcp140.amd64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2087340958.00000000050FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: zzz_AsmCodeRange_*FrameData.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb!! source: SRTMiniServer.exe, 0000000F.00000002.3099127380.00007FFE120C5000.00000002.00000001.01000000.00000025.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2010370107.0000000002BB1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: SRTMiniServer.exe, 0000000F.00000002.3097531375.00007FFDFF173000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Sql.pdb11 source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2017647324.000000000270A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: *.pdb source: SRTMiniServer.exe, 0000000F.00000002.3086834020.00000246CEBF4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\Work\cvsroot\MPlatform\trunk\MFormats\MFormats\x64\ReleasePX\Medialooks.Codecs.Core.x64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: yC:\DEV\GA_SRTMINISERVER\build-srtminiserver\bin\SRTMiniServer.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Developer\Desktop\rtp\bin\x64\CrashRpt1403.pdb$$ source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1966774367.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, 0000000F.00000002.3099567751.00007FFE1323A000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: C:\FFMPEG_ORIG\libavdevice\avdevice-58.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2053590759.000000000278F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Code\TriCaster\NDI 4\Bin64\Release\Processing.NDI.Lib.x64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2004179942.000000000270C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\CFILES\Projects\WinSSL\openssl-1.1.1d\libssl-1_1-x64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2084811984.0000000002772000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: SRTMiniServer.exe, 0000000F.00000002.3098936268.00007FFE11EA4000.00000002.00000001.01000000.00000029.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb++ source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2018647689.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, 0000000F.00000002.3098539160.00007FFE0E161000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: E:\Work\cvsroot\MPlatform\trunk\MFormats\MFormats\x64\ReleasePX\Medialooks.Codecs.FFM.x64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.0000000002BC8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Z7 /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D_USING_V110_SDK71_ -D_WINSOCK_DEPRECATED_NO_WARNINGS -D_WIN32_WINNT=0x0502 source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2083486089.0000000002B8D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Z7 /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_USING_V110_SDK71_ -D_WINSOCK_DEPRECATED_NO_WARNINGS -D_WIN32_WINNT=0x0502 source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2079638186.000000000294E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp140.amd64.pdbGCTL source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2087340958.00000000050FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: @ compiler: cl /Z7 /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_USING_V110_SDK71_ -D_WINSOCK_DEPRECATED_NO_WARNINGS -D_WIN32_WINNT=0x0502OpenSSL 1.1.1d 10 Sep 2019built on: Wed Sep 11 13:24:44 2019 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2079638186.000000000294E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Sql.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2017647324.000000000270A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbCC source: SRTMiniServer.exe, 0000000F.00000002.3097531375.00007FFDFF173000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: C:\DEV\GA_SRTMINISERVER\build-srtminiserver\bin\SRTMiniServer.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Drive not readyThis error indicates a .pdb file related failure. source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\CFILES\Projects\WinSSL\openssl-3.1.2-temp_64\libcrypto-3-x64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2083486089.0000000002C25000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\Work\cvsroot\MPlatform\trunk\MFormats\MFormats\x64\ReleasePX\Medialooks.Codecs.SRT.x64.pdb] source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\Work\cvsroot\MPlatform\trunk\Objects\MPlatform\x64\ReleasePX\MServer.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2106395467.000000000270B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Unable to locate the .pdb file in this location source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\FFMPEG_ORIG\libswresample\swresample-3.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2095719882.0000000002789000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, 0000000F.00000002.3088799008.00007FFDF6652000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: C:\FFMPEG_ORIG\libswscale\swscale-5.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2099488639.0000000002815000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: The module signature does not match with .pdb signature. source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdb.dbg source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\FFMPEG_ORIG\libavutil\avutil-56.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2072268697.000000000281B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\Work\cvsroot\MPlatform\trunk\MFormats\MFormats\x64\ReleasePX\Medialooks.Device.AJA.x64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2133607089.0000000002A90000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: or you do not have access permission to the .pdb location. source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: An Exception happened while downloading the module .pdbPlease open a bug if this is a consistent repro. source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2076756563.0000000002702000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: @ compiler: cl /Z7 /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D_USING_V110_SDK71_ -D_WINSOCK_DEPRECATED_NO_WARNINGS -D_WIN32_WINNT=0x0502OpenSSL 3.1.2 1 Aug 20233.1.2built on: Wed Aug 2 14:43:24 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lockcrypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8crypto\getenv.ccompiler: cl /Z7 /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D_USING_V110_SDK71_ -D_WINSOCK_DEPRECATED_NO_WARNINGS -D_WIN32_WINNT=0x0502;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: crypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\initthread.ccrypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL \|\| WITHIN_ARENA(temp->next)assertion failed: (char *)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) \|\| WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/0123456789ABCDEFCRYPTO_memdupcrypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sepcrypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_paramossl_param_build_set_bn_padcrypto\param_build_set.ccopy_integercrypto\params.cunsigned_from_signedgeneral_get_intgeneral_set_intgeneral_get_uintgeneral_set_uintOSSL_PARAM_get_int32OSSL_PARAM_set_int32OSSL_PARA
Source:	Binary string: E:\Work\cvsroot\MPlatform\trunk\MFormats\MFormats\x64\ReleasePX\Medialooks.Codecs.GPU.x64.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2023152263.0000000002702000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, 0000000F.00000002.3090610938.00007FFDF774D000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: C:\Users\Developer\Desktop\rtp\bin\x64\CrashSender1403.pdb source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002703000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdb source: SRTMiniServer.exe, 0000000F.00000002.3098379559.00007FFE0CFD9000.00000002.00000001.01000000.00000026.sdmp

Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe

Code function: 15_2_00007FFDF62D56D0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,DefWindowProcW,RegisterClassW,CreateWindowExW,GetDC,ChoosePixelFormat,SetPixelFormat,GetProcAddress,??0QByteArray@@QEAA@PEBDH@Z,?indexOf@QByteArray@@QEBAHDH@Z,?indexOf@QByteArray@@QEBAHDH@Z,?mid@QByteArray@@QEBA?AV1@HH@Z,?toInt@QByteArray@@QEBAHPEA_NH@Z,??1QByteArray@@QEAA@XZ,?mid@QByteArray@@QEBA?AV1@HH@Z,?toInt@QByteArray@@QEBAHPEA_NH@Z,??1QByteArray@@QEAA@XZ,?isDebugEnabled@QLoggingCategory@@QEBA_NXZ,??0QMessageLogger@@QEAA@PEBDH00@Z,?debug@QMessageLogger@@QEBAXPEBDZZ,?isDebugEnabled@QLoggingCategory@@QEBA_NXZ,??0QMessageLogger@@QEAA@PEBDH00@Z,?debug@QMessageLogger@@QEBAXPEBDZZ,??1QByteArray@@QEAA@XZ,?isDebugEnabled@QLoggingCategory@@QEBA_NXZ,??0QMessageLogger@@QEAA@PEBDH00@Z,?debug@QMessageLogger@@QEBAXPEBDZZ,?isDebugEnabled@QLoggingCategory@@QEBA_NXZ,??0QMessageLogger@@QEAA@PEBDH00@Z,?debug@QMessageLogger@@QEBAXPEBDZZ,?isDebugEnabled@QLoggingCategory@@QEBA_NXZ,??0QMessageLogger@@QEAA@PEBDH00@Z,?debug@QMessageLogger@@QEBAXPEBDZZ,ReleaseDC,DestroyWindow,GetModuleHandleW,UnregisterClassW,?isDebugEnabled@QLoggingCategory@@QEBA_NXZ,??0QMessageLogger@@QEAA@PEBDH00@Z,?debug@QMessageLogger@@QEBAXPEBDZZ,

15_2_00007FFDF62D56D0

Source: Qt5Core.dll.5.dr	Static PE information: real checksum: 0x5ee5c3 should be: 0x5e576d
Source: WinSparkle.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0x1ce621
Source: avdevice-58.dll0.5.dr	Static PE information: real checksum: 0x0 should be: 0xc8541
Source: avfilter.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0x50ec18
Source: swresample.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0xab5e2
Source: avfilter-7.dll0.5.dr	Static PE information: real checksum: 0x0 should be: 0x50ec18
Source: avformat.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0x37f3fa
Source: nsDialogs.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0x10157
Source: avutil-56.dll0.5.dr	Static PE information: real checksum: 0x0 should be: 0x17df01
Source: srt.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0x26dee1
Source: avdevice.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0xc8541
Source: swresample-3.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0xab5e2
Source: CrashRpt1403.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0x2514e
Source: System.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0xd8f8
Source: StartMenu.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0x9ebb
Source: swscale.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0x143af0
Source: avutil.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0x17df01
Source: libcrypto-3-x64.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0x5d2e33
Source: swscale-5.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0x143af0
Source: libssl-1_1-x64.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0xaf896
Source: libcrypto-1_1-x64.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0x33e8ec
Source: avformat-58.dll0.5.dr	Static PE information: real checksum: 0x0 should be: 0x37f3fa

Source: Processing.NDI.Lib.x64.dll.5.dr	Static PE information: section name: _RDATA
Source: avcodec-58.dll.5.dr	Static PE information: section name: .rodata
Source: avcodec-58.dll.5.dr	Static PE information: section name: .xdata
Source: qgenericbearer.dll.5.dr	Static PE information: section name: .qtmetad
Source: qsvgicon.dll.5.dr	Static PE information: section name: .qtmetad
Source: qgif.dll.5.dr	Static PE information: section name: .qtmetad
Source: qicns.dll.5.dr	Static PE information: section name: .qtmetad
Source: qico.dll.5.dr	Static PE information: section name: .qtmetad
Source: qjpeg.dll.5.dr	Static PE information: section name: .qtmetad
Source: avdevice-58.dll.5.dr	Static PE information: section name: .xdata
Source: qsvg.dll.5.dr	Static PE information: section name: .qtmetad
Source: avfilter-7.dll.5.dr	Static PE information: section name: .xdata
Source: qtga.dll.5.dr	Static PE information: section name: .qtmetad
Source: avformat-58.dll.5.dr	Static PE information: section name: .rodata
Source: avformat-58.dll.5.dr	Static PE information: section name: .xdata
Source: qtiff.dll.5.dr	Static PE information: section name: .qtmetad
Source: avresample-4.dll.5.dr	Static PE information: section name: .xdata
Source: avutil-56.dll.5.dr	Static PE information: section name: .xdata
Source: ipp90legacy.dll.5.dr	Static PE information: section name: IPPCODE
Source: ipp90legacy.dll.5.dr	Static PE information: section name: IPPDATA
Source: libmfxsw64.dll.5.dr	Static PE information: section name: IPPCODE
Source: libmfxsw64.dll.5.dr	Static PE information: section name: IPPDATA
Source: qwbmp.dll.5.dr	Static PE information: section name: .qtmetad
Source: qwebp.dll.5.dr	Static PE information: section name: .qtmetad
Source: qwebp.dll.5.dr	Static PE information: section name: _RDATA
Source: qwindows.dll.5.dr	Static PE information: section name: .qtmetad
Source: qsqlite.dll.5.dr	Static PE information: section name: .qtmetad
Source: avcodec-58.dll0.5.dr	Static PE information: section name: _RDATA
Source: avcodec-58.dll0.5.dr	Static PE information: section name: .00cfg
Source: avcodec.dll.5.dr	Static PE information: section name: _RDATA
Source: avcodec.dll.5.dr	Static PE information: section name: .00cfg
Source: avdevice-58.dll0.5.dr	Static PE information: section name: .00cfg
Source: avdevice.dll.5.dr	Static PE information: section name: .00cfg
Source: avfilter-7.dll0.5.dr	Static PE information: section name: _RDATA
Source: avfilter-7.dll0.5.dr	Static PE information: section name: .00cfg
Source: avfilter.dll.5.dr	Static PE information: section name: _RDATA
Source: avfilter.dll.5.dr	Static PE information: section name: .00cfg
Source: avformat-58.dll0.5.dr	Static PE information: section name: .00cfg
Source: avformat.dll.5.dr	Static PE information: section name: .00cfg
Source: avutil-56.dll0.5.dr	Static PE information: section name: _RDATA
Source: avutil-56.dll0.5.dr	Static PE information: section name: .00cfg
Source: avutil.dll.5.dr	Static PE information: section name: _RDATA
Source: avutil.dll.5.dr	Static PE information: section name: .00cfg
Source: libcrypto-1_1-x64.dll.5.dr	Static PE information: section name: .00cfg
Source: libcrypto-3-x64.dll.5.dr	Static PE information: section name: .00cfg
Source: libssl-1_1-x64.dll.5.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.5.dr	Static PE information: section name: .didat
Source: swresample-3.dll.5.dr	Static PE information: section name: .00cfg
Source: swresample.dll.5.dr	Static PE information: section name: .00cfg
Source: swscale-5.dll.5.dr	Static PE information: section name: _RDATA
Source: swscale-5.dll.5.dr	Static PE information: section name: .00cfg
Source: swscale.dll.5.dr	Static PE information: section name: _RDATA
Source: swscale.dll.5.dr	Static PE information: section name: .00cfg
Source: MLProxy.dll.5.dr	Static PE information: section name: .orpc
Source: MLProxy.dll.5.dr	Static PE information: section name: _RDATA
Source: MServer.exe.5.dr	Static PE information: section name: _RDATA
Source: Medialooks.Codecs.Core.x64.dll.5.dr	Static PE information: section name: IPPCODE
Source: Medialooks.Codecs.Core.x64.dll.5.dr	Static PE information: section name: IPPDATA
Source: Medialooks.Codecs.Core.x64.dll.5.dr	Static PE information: section name: _RDATA
Source: Medialooks.Codecs.FFM.x64.dll.5.dr	Static PE information: section name: IPPCODE
Source: Medialooks.Codecs.FFM.x64.dll.5.dr	Static PE information: section name: IPPDATA
Source: Medialooks.Codecs.FFM.x64.dll.5.dr	Static PE information: section name: _RDATA
Source: Medialooks.Codecs.GPU.x64.dll.5.dr	Static PE information: section name: IPPCODE
Source: Medialooks.Codecs.GPU.x64.dll.5.dr	Static PE information: section name: _RDATA
Source: Medialooks.Codecs.SRT.x64.dll.5.dr	Static PE information: section name: IPPCODE
Source: Medialooks.Codecs.SRT.x64.dll.5.dr	Static PE information: section name: IPPDATA
Source: Medialooks.Codecs.SRT.x64.dll.5.dr	Static PE information: section name: _RDATA
Source: Medialooks.Device.AJA.x64.dll.5.dr	Static PE information: section name: IPPCODE
Source: Medialooks.Device.AJA.x64.dll.5.dr	Static PE information: section name: IPPDATA
Source: Medialooks.Device.AJA.x64.dll.5.dr	Static PE information: section name: _RDATA
Source: Medialooks.Device.BMD.x64.dll.5.dr	Static PE information: section name: IPPCODE
Source: Medialooks.Device.BMD.x64.dll.5.dr	Static PE information: section name: IPPDATA
Source: Medialooks.Device.BMD.x64.dll.5.dr	Static PE information: section name: _RDATA
Source: Medialooks.Device.DS.x64.dll.5.dr	Static PE information: section name: IPPCODE
Source: Medialooks.Device.DS.x64.dll.5.dr	Static PE information: section name: IPPDATA
Source: Medialooks.Device.DS.x64.dll.5.dr	Static PE information: section name: _RDATA
Source: Medialooks.Device.NDI.x64.dll.5.dr	Static PE information: section name: IPPCODE
Source: Medialooks.Device.NDI.x64.dll.5.dr	Static PE information: section name: IPPDATA
Source: Medialooks.Device.NDI.x64.dll.5.dr	Static PE information: section name: _RDATA
Source: Medialooks.Device.SCR.x64.dll.5.dr	Static PE information: section name: IPPCODE
Source: Medialooks.Device.SCR.x64.dll.5.dr	Static PE information: section name: IPPDATA
Source: Medialooks.Device.SCR.x64.dll.5.dr	Static PE information: section name: _RDATA
Source: swresample-3.dll0.5.dr	Static PE information: section name: .xdata

Source: srt.dll.5.dr

Static PE information: section name: .text entropy: 6.839813709825436

Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\Qt5Sql.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\Qt5Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\avcodec-58.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\avdevice-58.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\bearer\qgenericbearer.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\avresample-4.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\Qt5Widgets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\Conference.exe	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\avformat.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Codecs.SRT.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\avutil-56.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Runtime.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\SDIOutAddon.exe	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\Qt5Gui.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\MServer.exe	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Users\user\AppData\Local\Temp\nsoF5ED.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.NDI.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.BMD.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\CrashRpt1403.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\sqldrivers\qsqlite.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\iconengines\qsvgicon.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\swscale-5.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\wget.exe	File created: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Codecs.Core.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\avfilter.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Codecs.FFM.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\Processing.NDI.Lib.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\avdevice.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.DS.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\avformat-58.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\preview.exe	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\msvcp120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\MLProxy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\imageformats\qgif.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\libcrypto-1_1-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\D3DCompiler_43.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\Processing.NDI.Lib.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\ssleay32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\avfilter-7.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\msvcrt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Users\user\AppData\Local\Temp\nsoF5ED.tmp\StartMenu.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\msvcr120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\msvcp120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\CrashSender1403.exe	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\avcodec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\avfilter-7.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\swscale-5.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.SCR.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\swscale.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\msvcr120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\msvcrt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\dbghelp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\avcodec-58.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\libcrypto-3-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\swresample-3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\Qt5Network.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\ipp90legacy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Codecs.GPU.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\avutil.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\swresample-3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\libmfxsw64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\srt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Users\user\AppData\Local\Temp\nsoF5ED.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\Qt5Svg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.MFormats.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Plugin.Delay.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\avformat-58.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\libssl-1_1-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\glew32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\vcruntime140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.MFReader.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\WinSparkle.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.AJA.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\avutil-56.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\avdevice-58.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.MFWriter.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Program Files (x86)\SRTMiniServer\swresample.dll	Jump to dropped file

Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SRTMiniServer	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SRTMiniServer\SRTMiniServer.lnk	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SRTMiniServer\Uninstall.lnk	Jump to behavior

Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\avdevice-58.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\bearer\qgenericbearer.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\avresample-4.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\Conference.exe	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\avformat.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Codecs.SRT.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Runtime.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\SDIOutAddon.exe	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\MServer.exe	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsoF5ED.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.NDI.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.BMD.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\sqldrivers\qsqlite.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\iconengines\qsvgicon.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Codecs.Core.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\avfilter.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Codecs.FFM.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\avdevice.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.DS.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\preview.exe	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\msvcp120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\MLProxy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\D3DCompiler_43.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\imageformats\qgif.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\libcrypto-1_1-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\ssleay32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\msvcr120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsoF5ED.tmp\StartMenu.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\msvcp120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\CrashSender1403.exe	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\avcodec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.SCR.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\swscale.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\msvcr120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\libcrypto-3-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\ipp90legacy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Codecs.GPU.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\avutil.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\libmfxsw64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsoF5ED.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.MFormats.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Plugin.Delay.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\libssl-1_1-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\glew32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.MFReader.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\WinSparkle.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.AJA.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.MFWriter.x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\avdevice-58.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SRTMiniServer\swresample.dll	Jump to dropped file

Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe

API coverage: 9.1 %

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe

Code function: 15_2_00007FFDF629E400 GetKeyboardLayoutList followed by cmp: cmp eax, 31h and CTI: je 00007FFDF629E65Ch

15_2_00007FFDF629E400

Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File Volume queried: C:\Program Files (x86) FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File Volume queried: C:\Program Files (x86) FullSizeInformation			Jump to behavior

Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Source: wget.exe, 00000002.00000002.1837350149.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, 0000000F.00000002.3083716781.00000246C81CE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002CEA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: .?AVQEmulationPaintEngine@@
Source: SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2039719264.0000000002A8E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Screen Codec / VMware Video

Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe

15_2_00007FFDF62D56D0

Source: C:\Windows\SysWOW64\taskkill.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe

Code function: 15_2_00007FF60D076860 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

15_2_00007FF60D076860

Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\SRTMiniServer\post_install.cmd""			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name=SRTMiniServer dir=in action=allow program="C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe" enable=yes profile=public,private			Jump to behavior

Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe

Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im SRTMiniServer.exe

Jump to behavior

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://downloadsnew.garaninapps.com/srtminiserver_2.4.3_2024-02-26_install.exe" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://downloadsnew.garaninapps.com/srtminiserver_2.4.3_2024-02-26_install.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://downloadsnew.garaninapps.com/srtminiserver_2.4.3_2024-02-26_install.exe"	Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe	Queries volume information: C:\Users\user\Desktop\download VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Queries volume information: C:\Program Files (x86)\SRTMiniServer\platforms\qwindows.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Queries volume information: C:\Program Files (x86)\SRTMiniServer\styles\qwindowsvistastyle.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Queries volume information: C:\Program Files (x86)\SRTMiniServer\WEB VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Queries volume information: C:\Program Files (x86)\SRTMiniServer\WEB VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Queries volume information: C:\Program Files (x86)\SRTMiniServer\iconengines\qsvgicon.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Queries volume information: C:\Program Files (x86)\SRTMiniServer\imageformats\qgif.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Queries volume information: C:\Program Files (x86)\SRTMiniServer\imageformats\qicns.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Queries volume information: C:\Program Files (x86)\SRTMiniServer\imageformats\qico.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Queries volume information: C:\Program Files (x86)\SRTMiniServer\imageformats\qjpeg.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Queries volume information: C:\Program Files (x86)\SRTMiniServer\imageformats\qsvg.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Queries volume information: C:\Program Files (x86)\SRTMiniServer\imageformats\qtga.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Queries volume information: C:\Program Files (x86)\SRTMiniServer\imageformats\qtiff.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Queries volume information: C:\Program Files (x86)\SRTMiniServer\imageformats\qwbmp.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Queries volume information: C:\Program Files (x86)\SRTMiniServer\imageformats\qwebp.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Queries volume information: C:\Program Files (x86)\SRTMiniServer\bearer\qgenericbearer.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation	Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Modifies the windows firewall

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name=SRTMiniServer dir=in action=allow program="C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe" enable=yes profile=public,private

Uses netsh to modify the Windows network and firewall settings

Source: C:\Windows\SysWOW64\cmd.exe

Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D016E60 ??0QMessageLogger@@QEAA@PEBDH0@Z,?debug@QMessageLogger@@QEBA?AVQDebug@@XZ,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@H@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@H@Z,??1QDebug@@QEAA@XZ,WSAStartup,??0QMessageLogger@@QEAA@PEBDH0@Z,?debug@QMessageLogger@@QEBA?AVQDebug@@XZ,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@H@Z,??1QDebug@@QEAA@XZ,socket,??0QMessageLogger@@QEAA@PEBDH0@Z,?debug@QMessageLogger@@QEBA?AVQDebug@@XZ,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@H@Z,??1QDebug@@QEAA@XZ,inet_addr,bind,??0QMessageLogger@@QEAA@PEBDH0@Z,?debug@QMessageLogger@@QEBA?AVQDebug@@XZ,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@H@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@H@Z,??1QDebug@@QEAA@XZ,inet_addr,htons,	15_2_00007FF60D016E60
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FF60D02C770 ?setTerminationEnabled@QThread@@KAX_N@Z,srt_create_socket,htons,inet_pton,??0QMessageLogger@@QEAA@PEBDH0@Z,?debug@QMessageLogger@@QEBA?AVQDebug@@XZ,??6QDebug@@QEAAAEAV0@PEBD@Z,??1QDebug@@QEAA@XZ,srt_getlasterror_str,__acrt_iob_func,fprintf,srt_setsockopt,??0QMessageLogger@@QEAA@PEBDH0@Z,?debug@QMessageLogger@@QEBA?AVQDebug@@XZ,srt_getlasterror_str,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??1QDebug@@QEAA@XZ,??0QMessageLogger@@QEAA@PEBDH0@Z,?debug@QMessageLogger@@QEBA?AVQDebug@@XZ,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@H@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@H@Z,??1QDebug@@QEAA@XZ,?toLocal8Bit@QString@@QEHAA?AVQByteArray@@XZ,?data@QByteArray@@QEAAPEADXZ,srt_setsockopt,??0QMessageLogger@@QEAA@PEBDH0@Z,?debug@QMessageLogger@@QEBA?AVQDebug@@XZ,srt_getlasterror_str,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??1QDebug@@QEAA@XZ,??1QByteArray@@QEAA@XZ,srt_listen_callback,??0QMessageLogger@@QEAA@PEBDH0@Z,?debug@QMessageLogger@@QEBA?AVQDebug@@XZ,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@H@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@H@Z,??1QDebug@@QEAA@XZ,srt_getlasterror_str,__acrt_iob_func,fprintf,srt_listen,srt_getlasterror_str,__acrt_iob_func,fprintf,??0QMessageLogger@@QEAA@PEBDH0@Z,?debug@QMessageLogger@@QEBA?AVQDebug@@XZ,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@H@Z,??1QDebug@@QEAA@XZ,srt_setsockopt,??0QMessageLogger@@QEAA@PEBDH0@Z,?debug@QMessageLogger@@QEBA?AVQDebug@@XZ,??6QDebug@@QEAAAEAV0@PEBD@Z,??1QDebug@@QEAA@XZ,?shared_null@QListData@@2UData@1@B,??0QMessageLogger@@QEAA@PEBDH0@Z,?debug@QMessageLogger@@QEBA?AVQDebug@@XZ,??6QDebug@@QEAAAEAV0@PEBD@Z,??1QDebug@@QEAA@XZ,srt_accept,??0QMessageLogger@@QEAA@PEBDH0@Z,?debug@QMessageLogger@@QEBA?AVQDebug@@XZ,??6QDebug@@QEAAAEAV0@PEBD@Z,??1QDebug@@QEAA@XZ,srt_getpeername,??0QMessageLogger@@QEAA@PEBDH0@Z,?debug@QMessageLogger@@QEBA?AVQDebug@@XZ,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@H@Z,??1QDebug@@QEAA@XZ,?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z,?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z,??0QString@@QEAA@$$QEAV0@@Z,??1QString@@QEAA@XZ,??0QMessageLogger@@QEAA@PEBDH0@Z,?debug@QMessageLogger@@QEBA?AVQDebug@@XZ,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@AEBVQString@@@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@H@Z,??1QDebug@@QEAA@XZ,?parent@QObject@@QEBAPEAV1@XZ,srt_getsockflag,?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z,??0QMessageLogger@@QEAA@PEBDH0@Z,?debug@QMessageLogger@@QEBA?AVQDebug@@XZ,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@AEBVQString@@@Z,??6QDebug@@QEAAAEAV0@H@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@H@Z,??1QDebug@@QEAA@XZ,?fromAscii_he	15_2_00007FF60D02C770
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF62E1200 ??1QString@@QEAA@XZ,AddClipboardFormatListener,?qErrnoWarning@@YAXPEBDZZ,SetClipboardViewer,?isDebugEnabled@QLoggingCategory@@QEBA_NXZ,??0QMessageLogger@@QEAA@PEBDH00@Z,?debug@QMessageLogger@@QEBA?AVQDebug@@XZ,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBX@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@_N@Z,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@PEBX@Z,??1QDebug@@QEAA@XZ,	15_2_00007FFDF62E1200
Source: C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	Code function: 15_2_00007FFDF6721710 htons,htonl,??1QString@@QEAA@XZ,htons,setsockopt,bind,WSAGetLastError,htons,htonl,bind,WSAGetLastError,	15_2_00007FFDF6721710

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	11 Process Injection	2 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	11 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	12 Command and Scripting Interpreter	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	21 Disable or Modify Tools	LSASS Memory	3 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Native API	Logon Script (Windows)	1 DLL Side-Loading	11 Process Injection	Security Account Manager	24 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Obfuscated Files or Information	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	0%	Avira URL Cloud	safe

Dropped Files

Source	Detection	Scanner
C:\Program Files (x86)\SRTMiniServer\Conference.exe	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\CrashRpt1403.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\CrashSender1403.exe	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\D3DCompiler_43.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\MLProxy.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\MServer.exe	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Codecs.Core.x64.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Codecs.FFM.x64.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Codecs.GPU.x64.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Codecs.SRT.x64.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.AJA.x64.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.BMD.x64.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.DS.x64.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.NDI.x64.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.SCR.x64.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.MFReader.x64.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.MFWriter.x64.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.MFormats.x64.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Plugin.Delay.x64.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Runtime.x64.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\Processing.NDI.Lib.x64.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\avcodec-58.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\avdevice-58.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\avfilter-7.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\avformat-58.dll	2%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\avresample-4.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\avutil-56.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\d3dcompiler_47.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\glew32.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\ipp90legacy.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\libmfxsw64.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\msvcp120.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\msvcr120.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\msvcrt.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\swresample-3.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\DLLs\swscale-5.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\Processing.NDI.Lib.x64.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\Qt5Core.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\Qt5Gui.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\Qt5Network.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\Qt5Sql.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\Qt5Svg.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\Qt5Widgets.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\SDIOutAddon.exe	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\WinSparkle.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\avcodec-58.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\avcodec.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\avdevice-58.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\avdevice.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\avfilter-7.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\avfilter.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\avformat-58.dll	2%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\avformat.dll	2%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\avutil-56.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\avutil.dll	0%	ReversingLabs
C:\Program Files (x86)\SRTMiniServer\bearer\qgenericbearer.dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://www.medialooks.com)D	0%	Avira URL Cloud	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
https://sectigo.com/CPS0D	0%	URL Reputation	safe
http://ns.useplus.org/ldf/xmp/1.0/	0%	URL Reputation	safe
https://sectigo.com/CPS0	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	0%	URL Reputation	safe
http://ocsp.thawte.com0	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	0%	URL Reputation	safe
https://www.medialooks.com)	0%	Avira URL Cloud	safe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	0%	URL Reputation	safe
http://dashif.org/guidelines/trickmode	0%	URL Reputation	safe
http://downloads.garaninapps.com/srtminiserver_win.jsonQMenuBar	0%	Avira URL Cloud	safe
https://www.medialooks.com)B	0%	Avira URL Cloud	safe
https://winsparkle.org).	0%	Avira URL Cloud	safe
http://www.andymatuschak.org/xml-namespaces/sparkle#shortVersionString	0%	Avira URL Cloud	safe
http://garaninapps.com/rtmpminiserver/help/testndi	0%	Avira URL Cloud	safe
http://core1.garaninapps.com/api/dns/reg2SHOW_DYNDNSERROR	0%	Avira URL Cloud	safe
http://www.andymatuschak.org/xml-namespaces/sparkle#releaseNotesLink	0%	Avira URL Cloud	safe
http://www.phreedom.org/md5)08:27	0%	Avira URL Cloud	safe
http://video1.sdpv=0video2.sdptxvideo3.sdp1video4.sdpVIDaudio1.sdp2audio2.sdpVIDaudio3.sdp/audio4.sd	0%	Avira URL Cloud	safe
https://srtminiserver.com/help/stream_to_studio.html	0%	Avira URL Cloud	safe
http://www.andymatuschak.org/xml-namespaces/sparkle#os	0%	Avira URL Cloud	safe
http://www.andymatuschak.org/xml-namespaces/sparkle#installerArguments	0%	Avira URL Cloud	safe
https://srtminiserver.com/remoteslides/	0%	Avira URL Cloud	safe
http://core1.garaninapps.com/api/srtproxy/list	0%	Avira URL Cloud	safe
https://srtminiserver.com/help/larix_broadcaster_setup.html	0%	Avira URL Cloud	safe
https://srtminiserver.com/help/tv_guest.htmlStream	0%	Avira URL Cloud	safe
https://srtminiserver.com/trial-info/an	0%	Avira URL Cloud	safe
https://api.garaninapps.com/api/srt/get_numberapplication/x-www-form-urlencodedLinkGenerator/URLLink	0%	Avira URL Cloud	safe
https://srtminiserver.com/store.html	0%	Avira URL Cloud	safe
http://core1.garaninapps.com/api/dns/reg2	0%	Avira URL Cloud	safe
http://www.smpte-ra.org/schemas/434/2006/multiplex/S377M/2004	0%	Avira URL Cloud	safe
https://srtminiserver.com/trial-info/	0%	Avira URL Cloud	safe
http://www.smpte-ra.org/schemas/434/2006/properties/S335M	0%	Avira URL Cloud	safe
https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exeCP	0%	Avira URL Cloud	safe
http://new.tk/ndisdk_license/	0%	Avira URL Cloud	safe
https://srtminiserver.com/help/syncbroadcaster_setup.html	0%	Avira URL Cloud	safe
https://svg-path-visualizer.netlify.app/	0%	Avira URL Cloud	safe
https://srtminiserver.com/help/larix_broadcaster_setup.htmlSyncBroadcaster	0%	Avira URL Cloud	safe
https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exeOCESSORZP	0%	Avira URL Cloud	safe
https://garaninapps.com/sdioutaddonPlease	0%	Avira URL Cloud	safe
http://www.andymatuschak.org/xml-namespaces/sparkle#version	0%	Avira URL Cloud	safe
https://api.garaninapps.com/api/srt/get_number	0%	Avira URL Cloud	safe
https://srtminiserver.com/help/stream_to_studio.htmlLarixBroadcaster	0%	Avira URL Cloud	safe
http://www.phreedom.org/md5)	0%	Avira URL Cloud	safe
https://srtminiserver.com/help/proxy_addon.html	0%	Avira URL Cloud	safe
https://srtminiserver.com/help/custom_proxy_server.html	0%	Avira URL Cloud	safe
https://srtminiserver.com/help/settings_window.html	0%	Avira URL Cloud	safe
http://downloads.garaninapps.com/srtminiserver_win.json	0%	Avira URL Cloud	safe
https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exeYP	0%	Avira URL Cloud	safe
http://www.smpte-ra.org/schemas/434/2006/groups/S380M/2004	0%	Avira URL Cloud	safe
http://www.color.org)	0%	Avira URL Cloud	safe
http://www.smpte-ra.org/schemas/434/2006/types/S377M/2004	0%	Avira URL Cloud	safe
http://keys3.garaninapps.comhttps://srtminiserver.com/trial-info/https://srtminiserver.com/store.htm	0%	Avira URL Cloud	safe
https://srtminiserver.com/helpStart1onStartTriggered()2clicked():PREVIEWPreview1onPreviewTriggered()	0%	Avira URL Cloud	safe
http://keys3.garaninapps.com/134	0%	Avira URL Cloud	safe
https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exeVP	0%	Avira URL Cloud	safe
http://www.andymatuschak.org/xml-namespaces/sparkle#releaseNotesLinktitledescriptionlinkhttp://www.a	0%	Avira URL Cloud	safe
https://garaninapps.com/sdioutaddon	0%	Avira URL Cloud	safe
http://keys3.garaninapps.com	0%	Avira URL Cloud	safe
http://www.smpte-ra.org/schemas/434/2006/groups/S377M/2004	0%	Avira URL Cloud	safe
https://srtminiserver.com/help/tv_guest.html	0%	Avira URL Cloud	safe
https://srtminiserver.com/help	0%	Avira URL Cloud	safe
https://srtminiserver.com/help/dynamic_dns.htmlselectedProxyServerautoconnect_proxytab_indexSTART_LI	0%	Avira URL Cloud	safe
http://https://%02d:%02d:%02d%ws%02d.%d%02d:%02d:%02d%ws%02d%s..%s(%ws)F%05XGUID_NULLcbuffer	0%	Avira URL Cloud	safe
https://srtminiserver.com/help/internet_connection_setup.html	0%	Avira URL Cloud	safe
http://www.andymatuschak.org/xml-namespaces/sparkle#minimumSystemVersion	0%	Avira URL Cloud	safe
https://srtminiserver.com/help/dynamic_dns.html	0%	Avira URL Cloud	safe

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.medialooks.com)D	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2133607089.0000000002A90000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://downloads.garaninapps.com/srtminiserver_win.jsonQMenuBar	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.medialooks.com)	SRTMiniServer.exe	false	Avira URL Cloud: safe	low
http://core1.garaninapps.com/api/dns/reg2SHOW_DYNDNSERROR	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.medialooks.com/extend_trialopenhttp://www.medialooks.com/cancel_trial_pDevChild	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.phreedom.org/md5)08:27	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.medialooks.com)B	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.0000000002BC8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2106395467.000000000270B000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2105630700.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://garaninapps.com/rtmpminiserver/help/testndi	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	false	Avira URL Cloud: safe	unknown
http://ocsp.sectigo.com0	wget.exe, 00000002.00000003.1812369594.0000000002BAE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1812369594.0000000002BA6000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2133607089.0000000002A90000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2090431197.0000000002708000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002811000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.0000000002BC8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2024132479.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2106395467.000000000270B000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2105630700.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.andymatuschak.org/xml-namespaces/sparkle#shortVersionString	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2029047588.000000000270B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.andymatuschak.org/xml-namespaces/sparkle#releaseNotesLink	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2029047588.000000000270B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.openssl.org/V	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2093942975.0000000002701000.00000004.00000020.00020000.00000000.sdmp	false		high
https://winsparkle.org).	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2029047588.000000000270B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://www.gimp.org/xmp/	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://video1.sdpv=0video2.sdptxvideo3.sdp1video4.sdpVIDaudio1.sdp2audio2.sdpVIDaudio3.sdp/audio4.sd	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2133607089.000000000270C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://srtminiserver.com/help/stream_to_studio.html	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	false	Avira URL Cloud: safe	unknown
http://www.andymatuschak.org/xml-namespaces/sparkle#os	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2029047588.000000000270B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.andymatuschak.org/xml-namespaces/sparkle#installerArguments	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2029047588.000000000270B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://code.google.com/p/crashrpt/wiki/FAQ	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002703000.00000004.00000020.00020000.00000000.sdmp	false		high
http://core1.garaninapps.com/api/srtproxy/list	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	false	Avira URL Cloud: safe	unknown
http://bugreports.qt.io/	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	false		high
https://srtminiserver.com/remoteslides/	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	false	Avira URL Cloud: safe	unknown
https://srtminiserver.com/trial-info/an	SRTMiniServer.exe, 0000000F.00000002.3086551070.00000246CEAF0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://srtminiserver.com/help/larix_broadcaster_setup.html	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	false	Avira URL Cloud: safe	unknown
https://srtminiserver.com/help/tv_guest.htmlStream	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.garaninapps.com/api/srt/get_numberapplication/x-www-form-urlencodedLinkGenerator/URLLink	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://srtminiserver.com/store.html	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, SRTMiniServer.exe, 0000000F.00000002.3086551070.00000246CEAF0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2010370107.0000000002CBB000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2023152263.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002CEA000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2018647689.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2017647324.000000000270A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://streams.videolan.org/upload/	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2072268697.000000000281B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://core1.garaninapps.com/api/dns/reg2	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	false	Avira URL Cloud: safe	unknown
http://www.smpte-ra.org/schemas/434/2006/multiplex/S377M/2004	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.000000000270D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://srtminiserver.com/trial-info/	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, SRTMiniServer.exe, 0000000F.00000002.3087743351.00000246CF05E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sectigo.com/CPS0D	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2133607089.0000000002A90000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.0000000002BC8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2106395467.000000000270B000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2105630700.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exeCP	wget.exe, 00000002.00000002.1837268025.0000000000B70000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.smpte-ra.org/schemas/434/2006/properties/S335M	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.000000000270D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://new.tk/ndisdk_license/	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2004179942.000000000270C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://srtminiserver.com/help/syncbroadcaster_setup.html	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	false	Avira URL Cloud: safe	unknown
https://srtminiserver.com/help/larix_broadcaster_setup.htmlSyncBroadcaster	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://svg-path-visualizer.netlify.app/	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2100683220.000000000270B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exeOCESSORZP	wget.exe, 00000002.00000002.1837268025.0000000000B70000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://garaninapps.com/sdioutaddonPlease	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.andymatuschak.org/xml-namespaces/sparkle#version	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2029047588.000000000270B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.garaninapps.com/api/srt/get_number	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	false	Avira URL Cloud: safe	unknown
https://srtminiserver.com/help/stream_to_studio.htmlLarixBroadcaster	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://developers.google.com/chart/interactive/docs/reference#events	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2100683220.000000000270B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.phreedom.org/md5)	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://srtminiserver.com/help/proxy_addon.html	SRTMiniServer.exe	false	Avira URL Cloud: safe	unknown
https://srtminiserver.com/help/custom_proxy_server.html	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	false	Avira URL Cloud: safe	unknown
http://ns.useplus.org/ldf/xmp/1.0/	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sectigo.com/CPS0	wget.exe, 00000002.00000003.1812369594.0000000002BAE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1812369594.0000000002BA6000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2090431197.0000000002708000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002811000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2024132479.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://srtminiserver.com/help/settings_window.html	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	false	Avira URL Cloud: safe	unknown
https://www.openssl.org/docs/faq.html	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.aiim.org/pdfa/ns/id/	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002707000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, 0000000F.00000002.3089926205.00007FFDF715F000.00000002.00000001.01000000.00000014.sdmp	false		high
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ocsp.thawte.com0	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2010370107.0000000002CBB000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2023152263.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002CEA000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2018647689.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2017647324.000000000270A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://downloads.garaninapps.com/srtminiserver_win.json	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	false	Avira URL Cloud: safe	unknown
https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exeYP	wget.exe, 00000002.00000002.1837268025.0000000000B75000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.smpte-ra.org/schemas/434/2006/types/S377M/2004	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.000000000270D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://standards.iso.org/ittf/PubliclyAvailableStandards/MPEG-DASH_schema_files/DASH-MPD.xsd	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2069234131.000000000297F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.smpte-ra.org/schemas/434/2006/groups/S380M/2004	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.000000000270D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe	wget.exe, 00000002.00000002.1837268025.0000000000B70000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://nsis.sf.net/NSIS_ErrorError	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000000.1859842351.0000000000409000.00000008.00000001.01000000.00000004.sdmp	false		high
https://srtminiserver.com/helpStart1onStartTriggered()2clicked():PREVIEWPreview1onPreviewTriggered()	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.color.org)	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002707000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe, 0000000F.00000002.3089926205.00007FFDF715F000.00000002.00000001.01000000.00000014.sdmp	false	Avira URL Cloud: safe	low
http://keys3.garaninapps.comhttps://srtminiserver.com/trial-info/https://srtminiserver.com/store.htm	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	wget.exe, 00000002.00000003.1812369594.0000000002BAE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1812369594.0000000002BA6000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2133607089.0000000002A90000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2090431197.0000000002708000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002811000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.0000000002BC8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2024132479.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2106395467.000000000270B000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2105630700.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://keys3.garaninapps.com/134	SRTMiniServer.exe, 0000000F.00000002.3087743351.00000246CF05E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exeVP	wget.exe, 00000002.00000002.1837268025.0000000000B75000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.1837268025.0000000000B70000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://bugreports.qt.io/_q_receiveReplyMicrosoft-IIS/4.Microsoft-IIS/5.Netscape-Enterprise/3.WebLogi	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.andymatuschak.org/xml-namespaces/sparkle#releaseNotesLinktitledescriptionlinkhttp://www.a	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2029047588.000000000270B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://nsis.sf.net/NSIS_Error	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000000.1859842351.0000000000409000.00000008.00000001.01000000.00000004.sdmp	false		high
https://www.thawte.com/cps0/	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2010370107.0000000002CBB000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2023152263.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002CEA000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2018647689.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2017647324.000000000270A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://keys3.garaninapps.com	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	false	Avira URL Cloud: safe	unknown
https://www.medialooks.com/contacts/label_namecategory_namepurchase_msgcancelG	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	wget.exe, 00000002.00000003.1812369594.0000000002BAE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1812369594.0000000002BA6000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2133607089.0000000002A90000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2090431197.0000000002708000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002811000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.0000000002BC8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2125942295.000000000270E000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2024132479.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1965575570.000000000270A000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2106395467.000000000270B000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2111448679.0000000002707000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2105630700.0000000002709000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://garaninapps.com/sdioutaddon	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	false	Avira URL Cloud: safe	unknown
https://www.thawte.com/repository0W	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2010370107.0000000002CBB000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2023152263.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2014895414.0000000002CEA000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2018647689.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2016813506.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2017647324.000000000270A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://srtminiserver.com/help/tv_guest.html	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	false	Avira URL Cloud: safe	unknown
https://www.openssl.org/H	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2079638186.0000000002A39000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2083486089.0000000002CC7000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2084811984.0000000002772000.00000004.00000020.00020000.00000000.sdmp	false		high
http://dashif.org/guidelines/trickmode	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2069234131.000000000297F000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.smpte-ra.org/schemas/434/2006/groups/S377M/2004	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2120328314.000000000270D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://srtminiserver.com/help	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	false	Avira URL Cloud: safe	unknown
http://www.winimage.com/zLibDll	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.1971396155.0000000002703000.00000004.00000020.00020000.00000000.sdmp	false		high
https://srtminiserver.com/help/dynamic_dns.htmlselectedProxyServerautoconnect_proxytab_indexSTART_LI	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://https://%02d:%02d:%02d%ws%02d.%d%02d:%02d:%02d%ws%02d%s..%s(%ws)F%05XGUID_NULLcbuffer	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2122731031.0000000002700000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://www.andymatuschak.org/xml-namespaces/sparkle#minimumSystemVersion	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2029047588.000000000270B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://srtminiserver.com/help/internet_connection_setup.html	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	false	Avira URL Cloud: safe	unknown
https://srtminiserver.com/help/dynamic_dns.html	SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe, 00000005.00000003.2026527391.0000000002704000.00000004.00000020.00020000.00000000.sdmp, SRTMiniServer.exe	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
209.50.49.25	unknown	United States		25697	UPCLOUDUSAUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1420288
Start date and time:	2024-04-04 17:25:03 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 20s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	urldownload.jbs
Sample URL:	https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.evad.win@16/116@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Skipping network analysis since amount of network traffic is too extensive
VT rate limit hit for: https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe

Simulations

Behavior and APIs

Time	Type	Description
17:27:14	API Interceptor	6x Sleep call for process: SRTMiniServer.exe modified

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	290432
Entropy (8bit):	6.67247427858707
Encrypted:	false
SSDEEP:	6144:y7+a9NFU8wuNC43sIajsKd6EYsF8ylLRJq8dXpREDzLX6bJVedq0BzEvA5GwjuzG:da9NK2bajsKd6EYsF8ylLRJq8dXpRou6
MD5:	821F1AA194A78D454B3B6221F9C1F9D3
SHA1:	50D08CE417E58DD80BD553B6A12491FACE8B63FE
SHA-256:	9C5FFF537463564AA27B1E24020B63B13B4A4196B08ADC2E7D905BC428D37D5C
SHA-512:	E0FF4342E23804879A138EF185469DFBE48E1AD7DC3A67FAC7500CBEF2C2F14307211DA46693B64FF05C686A4697F720E295BBB596298913545A682AD4445198
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........~.................w......w......w......w......i......i....................`.........c..........8......8......Rich............PE..d...!{)c.........."......X..........<E.........@.............................p.......*....`.................................................`v...............P..$....F...(...`...... #..T....................$..(....#...............p..@............................text....V.......X.................. ..`.rdata..B....p.......\..............@..@.data........0......................@....pdata..$....P.......(..............@..@.reloc.......`.......8..............@..B........................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\Conference.exe.manifest

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	30761
Entropy (8bit):	5.519495101310609
Encrypted:	false
SSDEEP:	384:OXgPzDHtlM8M2/MD3yXfTBEt87etgXaW8ssvE1cGB0kPE1jyydPTYH0cSaSuiHNC:ZtMr6yb/6pM1jyyxYJSuitC
MD5:	C4150E31D589604C6ABD0F1359637007
SHA1:	182380BA6AFD2D39FE4504BE4A1F7834820FD06B
SHA-256:	EC985BF8231448EB9272112BC25929A1C4A0E1041D6B6C200732F5F20E246FC5
SHA-512:	164C7A5BA53BB01DD2C8209D372C34B5A853B72E5D5B8952F3825EB4C8C3F24F0D16849C4DEDA81851846AEF35C9ECE3E4947F55AA1FCAA1ED1BD580C9AB254A
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">.. <file name="DLLs\Medialooks.Codecs.Core.x64.dll">.. <comClass clsid="{96EB1C14-4CC0-4830-9CC3-F064196B2626}" description="MFSplitter Class" threadingModel="free"/>.. <comClass clsid="{96EB1C64-4CC0-4830-9CC3-F064196B2626}" description="MFDecoder Class" threadingModel="free"/>.. <comClass clsid="{96EB1C74-4CC0-4830-9CC3-F064196B2626}" description="MFMuxer Class" threadingModel="free"/>.. <comClass clsid="{96EB1C94-4CC0-4830-9CC3-F064196B2626}" description="MFEncoder Class" threadingModel="free"/>.. </file>.. <file name="DLLs\Medialooks.Codecs.FFM.x64.dll">.. <comClass clsid="{9285699B-E779-4B2E-92CA-26DDEE01AA2A}" description="MFCaptionsDecoder Class" threadingModel="free"/>.. <comClass clsid="{96EB1F14-4CC0-4830-9CC3-F064196B2626}" description="MFSplitterFFM Class" threadin

C:\Program Files (x86)\SRTMiniServer\CrashRpt1403.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	138240
Entropy (8bit):	5.615855915083794
Encrypted:	false
SSDEEP:	3072:3SBBmBH2vHO7GNtUdUOiNvTrr4lK1MaPaX:CBBmwPNolK1t
MD5:	E7F78CA310050942951A226F558D9B8C
SHA1:	728867AF983911B2A7864F3AC6B8BA325DC82AF3
SHA-256:	2DEBEF10B5FC4AD348136132672A7C4AA27BACF57B662B0C6B390FD20758714A
SHA-512:	F57542ADD262DBB6A654DD7C14C9EE1D59562D50AEF87362F57D06F38A61F54703B748581BB4A52ACA00C096E8C003A611B955FD2D4B6AC16C8CD2A922474A49
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................R............................................C..................>.......V............Rich............PE..d....}.a.........." ................p........................................`............`.........................................`...t.......\|....@...........#...........P..x.......T...........................p...8...............0............................text............................... ..`.rdata...W.......X..................@..@.data...p...........................@....pdata...#.......$..................@..@.rsrc........@......................@..@.reloc..x....P......................@..B................................................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\CrashRpt1403.lib

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	current ar archive
Category:	dropped
Size (bytes):	6034
Entropy (8bit):	4.896233453488442
Encrypted:	false
SSDEEP:	96:GFoabriAa5w0FNl3LKLXLKjLKQXVwfI0dXL:go+iAdWkUVL0dXL
MD5:	1418EC77BED9C051146DCAA8049EE149
SHA1:	4C5D1C22E65E09FBBBCBECB4FAFFEE9393AB16DC
SHA-256:	C5B1AEAFE74073B4283AF663EC1B06DFB57FD07CBC28D36FBC5392BD825308DD
SHA-512:	19475CFA37A956C4CC79A4DB50CD031C5182E8401CF986A53E31B0CE49002E22452DD476F2A96C0954A710C239C5C3B82B82A88AABD53ABAC475BE0012012730
Malicious:	false
Reputation:	low
Preview:	!<arch>./ -1 0 1090 `....-...\...........N...N...f...f...................................:...:..........................................."..."...........~...~...d...d...........D...D...........0...0........__IMPORT_DESCRIPTOR_CrashRpt1403.__NULL_IMPORT_DESCRIPTOR..CrashRpt1403_NULL_THUNK_DATA.__imp_crInstallW.crInstallW.__imp_crInstallA.crInstallA.__imp_crUninstall.crUninstall.__imp_crInstallToCurrentThread2.crInstallToCurrentThread2.__imp_crUninstallFromCurrentThread.crUninstallFromCurrentThread.__imp_crAddFile2W.crAddFile2W.__imp_crAddFile2A.crAddFile2A.__imp_crAddScreenshot.crAddScreenshot.__imp_crAddPropertyW.crAddPropertyW.__imp_crAddPropertyA.crAddPropertyA.__imp_crGenerateErrorReport.crGenerateErrorReport.__imp_crExceptionFilter.crExceptionFilter.__imp_crEmulateCrash.crEmulateCrash.__imp_crGetLastErrorMsgW.crGetLastErrorMsgW.__imp_crGetLastErrorMsgA.crGetLastErrorMsgA.__imp_crAddRegKeyW.crAddRegKeyW.__imp_crAddRegKeyA.crAddRegKeyA.__

C:\Program Files (x86)\SRTMiniServer\CrashSender1403.exe

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1128576
Entropy (8bit):	6.467454234098882
Encrypted:	false
SSDEEP:	24576:nvaVYZzumcdTPfE/sfejV9A/g4n/9f4IjT9Y0UF:nvaSPcdTP8/sfK9Gg0/9f42Tg
MD5:	2A7E1CE296153DEF6C9559F38E002C6C
SHA1:	DD0B50770594217DFF3B25219C34135A022C576E
SHA-256:	3DA0CE43355E4599B6FD8D755BF5658267FBB1E36B60AD8C3D67C6EBF37E7443
SHA-512:	919D070DCC835B988E7C2984DC094268676C18F4DF3C75D84C6A63E8751C9F9FCC7FAE821294FBA7BB50B19DB4A7FFE30C53E51A333687C3D0D8641267914F87
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Feo_Feo_Feo_O.._Peo_ .._Geo_..k^Leo_..l^Beo_..n^@eo_..j^beo_R.k^Geo_R.n^Yeo_Fen_.do_..g^&eo_..j^Reo_..._Geo_Fe._Geo_..m^Geo_RichFeo_................PE..d....%.a.........."......\..........H..........@.............................@.......\|....`.....................................................X.......0....0..tm.......(...0......`...T...............................8............p..0............................text...@[.......\.................. ..`.rdata.......p.......`..............@..@.data...(...........................@....pdata..tm...0...n..................@..@.rsrc...0............x..............@..@.reloc.......0......................@..B........................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\D3DCompiler_43.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2526056
Entropy (8bit):	6.326395907728081
Encrypted:	false
SSDEEP:	49152:zf59zPxKcvHzDB6t3+C0/aJfyLg7Ie4Xy+5j4m2CTB:M2642o7lftd
MD5:	ADA0C39D4EACDC81FD84163A95D62079
SHA1:	207321F1B449985B2D06ED50B989FA6259E4EB8E
SHA-256:	44C3A7E330B54A35A9EFA015831392593AA02E7DA1460BE429D17C3644850E8A
SHA-512:	1AFC63DB5D2030B76ABC19094FC9FEF28CC6250BD265294647E65DB81F13749C867722924460F7A6021C739F4057F95501F0322CDEC28A2101BF94164557A1A5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L..^L..^L..^..X^N..^..m^]..^L..^..^..Z^K..^..l^w..^..]^M..^..i^>..^kz.^M..^..\^M..^..[^M..^RichL..^........................PE..d......K.........." ......$.........\.#.......................................&.......&...@...........................................%.......$.P.....&.......%......t&.h.....&..0...................................................................................text.....$.......$................. ..`.data...X.....%..V....$.............@....pdata........%......T%.............@..@.rsrc.........&......(&.............@..@.reloc..0G....&..H...,&.............@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\MLProxy.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	546136
Entropy (8bit):	6.422852728483225
Encrypted:	false
SSDEEP:	6144:OPrw4l4zkHK5NnXD9lJ/dhm2JBnDvkjk0x5orErO5DUVlV6A8fLXeZN:9Lh5NnXD9lJ/dhm2JBnDFIrEqMHiZN
MD5:	AB8359DED125108AE09DACE8BF9C7DF8
SHA1:	3E730FB798F3224308CBDA122B41E3A09AE9ADDA
SHA-256:	40901BC4F2C07B18C4BDF5B308A4845A1C4D7B1FC65FEB796BF4EA08A8DBD4DB
SHA-512:	29F2D54B54B1F28545EBAA95144A6583EA6A75231FAE95BD88067CCE1B0C76D5E94C67EADBD581B9AE93F0FF8AF54FFFC9F04BF50C85409121DB0DBAF9EBCAFA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........d.r.7.r.7.r.7...6.r.7...6.r.7...6gr.7...6.r.7...6.r.7..;7.r.7...6.r.7..?7.r.7../7.r.7.r.7~r.77..6.r.77..6.r.77..6.r.77.C7.r.7.r+7.r.77..6.r.7Rich.r.7................PE..d...Z.Mb.........." .........N.......$....................................................`......................................... ...............p..h.......DU...2..X#......@...8,..T............................,..8...............(............................text...\........................... ..`.orpc............................... ..`.rdata.............................@..@.data....1..........................@....pdata..DU.......V..................@..@_RDATA.......`......................@..@.rsrc...h....p......................@..@.reloc..@............&..............@..B........................................................................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\MServer.exe

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	227672
Entropy (8bit):	6.049473469907997
Encrypted:	false
SSDEEP:	3072:FY12aXKCdRRguv1tRgde74B6LPBx6UpvOppenimUeTNppja72P:oRKK9dtR7VLOojUUNppfP
MD5:	D49B210D8D11C47B85D2C5A15172B1C4
SHA1:	9999AAE98AD5E41B20456CB9AD8CAE8948E1CB1E
SHA-256:	845803E40C06A9B147D7D148B255DB8FAF04BFD4456F11B1D266D03A9801FB23
SHA-512:	7A856D3F382EF5000EF209DBE18370A4B9B4BC44628220DB64D0DB573869997ABA931776F3EBB10226E146E2E39C75FEFF8B9FD076C0DBE26269D65E0E1333AF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................................$......................6.....&.......)...y......y.J....."....y......Rich............PE..d...b.Mb.........."............................@....................................S.....`.................................................(c..x.......X............V..X#..........pC..p....................E..(....C..8............................................text.............................. ..`.rdata..............................@..@.data........p.......^..............@....pdata...............j..............@..@_RDATA..............................@..@.rsrc...X...........................@..@.reloc...............N..............@..B................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\MServer.exe.manifest

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	30610
Entropy (8bit):	5.5077760140436824
Encrypted:	false
SSDEEP:	384:OyZ8MvOkHZeUXbcZud1jyyAYH0cSaSuiHN5w:fuMGgZeUrCw1jyyAYJSuitC
MD5:	E0BD3550BF8DD8001CD490FE7123339B
SHA1:	4693963B3F438164185DCE33640DA6F1BA6A426E
SHA-256:	56FAD2263B546D0334A9B40AF81CD715815A6D34752E2542B982A1CC6B855BCC
SHA-512:	B4758ADF25CF12368228CC2DFE0133772A6D32766D352C2196C999E0A645035746220A82BC641585B5DDBD3AB998F2A5AA1545E1FA7EEC6DA1D331A8B38C5AF1
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">.. <file name="Medialooks.Codecs.Core.x64.dll">.. <comClass clsid="{96EB1C14-4CC0-4830-9CC3-F064196B2626}" description="MFSplitter Class" threadingModel="free"/>.. <comClass clsid="{96EB1C64-4CC0-4830-9CC3-F064196B2626}" description="MFDecoder Class" threadingModel="free"/>.. <comClass clsid="{96EB1C74-4CC0-4830-9CC3-F064196B2626}" description="MFMuxer Class" threadingModel="free"/>.. <comClass clsid="{96EB1C94-4CC0-4830-9CC3-F064196B2626}" description="MFEncoder Class" threadingModel="free"/>.. </file>.. <file name="Medialooks.Codecs.FFM.x64.dll">.. <comClass clsid="{9285699B-E779-4B2E-92CA-26DDEE01AA2A}" description="MFCaptionsDecoder Class" threadingModel="free"/>.. <comClass clsid="{96EB1F14-4CC0-4830-9CC3-F064196B2626}" description="MFSplitterFFM Class" threadingModel="fr

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Codecs.Core.x64.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	7054192
Entropy (8bit):	6.631499214368884
Encrypted:	false
SSDEEP:	49152:RkEJXQYYu1PfIUQeOU82StGhN9fn87/0/uh8VxoeYKSmrKE6b6yFYoYUvqCmi9QK:fIUQyEIv4O6zQaYFvVZVdlu073DHU
MD5:	7438DE4D788419B876E91FA782E9F011
SHA1:	D257E5E3D6621AB8AA62F9200169C58BB7229056
SHA-256:	C30470526FC0F4962A7946B4600414C2A9E617780CEF51E6DBCDE8E1437757BA
SHA-512:	0EC04757820EDF96923B134AA18297784EFBEA866BA9FA35B68D7DB85AA1C95D5F6BEDEC6DB236ED955ADC6F61203590783A78D88084DDF8D5ED231AF529E4C7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$...........S..S..S..G.._..G..]..G.......Z.Q..?..\..?..Z..Z.A.R..S......?.....?..\|..Z.E.V..Z.U.@..S........W.....R....9.R..S.Q.R.....R..RichS..........PE..d...'.Mb.........." .....rY.........$5T.......................................k.....K.k...`...........................................b.......b......@f.x~....c.......k.p#....k.X...`&`.T....................(`.(....&`.8.............Y..............................text...4.V.......V................. ..`IPPCODE.......V.......V............. ..`.rdata...\|....Y..~...vY.............@..@.data...$o....c..V....b.............@....pdata........c......Jc.............@..@IPPDATA......`e.......e.............@..._RDATA.......0f.......e.............@..@.rsrc...x~...@f.......e.............@..@.reloc..X.....k......bk.............@..B........................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Codecs.FFM.x64.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14270320
Entropy (8bit):	6.726898743089476
Encrypted:	false
SSDEEP:	98304:v2W2+MACgshC5nIfugOQ77zuAdjU6loYcVigmXrXf9a/Xt:CoshC5/gOQ77zxdXtNrXla/Xt
MD5:	A1C12542A82E786C0F5DD20A845DAA2B
SHA1:	085BAD716F98FBA1B199935215B361846FE8459F
SHA-256:	43744509C9AD421F2ABF4B06AAA0F0CDDD926024FE2454F0641C5595A52C2351
SHA-512:	E9B330D7D0B2A4D53D731983AF1E211EE4710F9C9FE6E17826F622C451D8185337C586C44AF52B26F5468EC6012AF662E47FE2E01B34F997AE9CA67C0C2E3E86
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........T..:L.:L.:L..>M.:L..9M.:L..?Mo.:L...L.:L..>M..:L..9M.:L..;M.:L.:L..:L.~.L..:L..?M..:L..L.:L..L.:L.;L.:L..9M.:L..?M.:L..:M.:L...L.:L..L.:L..8M.:LRich.:L........PE..d...0.Mb.........." ..........-..............................................@......p.....`....................................................T.......................p#.......J......T.......................(.......8............ ...............................text...D[.......\.................. ..`IPPCODE.-....p.......`.............. ..`.rdata....'.. ....'.................@..@.data...L...........................@....pdata...............J..............@..@IPPDATA.p........ ..................@..._RDATA...............>..............@..@.rsrc................@..............@..@.reloc...J.......L...P..............@..B................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Codecs.GPU.x64.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2504048
Entropy (8bit):	6.224157622012352
Encrypted:	false
SSDEEP:	49152:AYMqm/fKAv/opjam9wATSR+z2WZ6GLXMSlx:4jv9R+Xz
MD5:	8C457D8534E66C6A6492BAB7683C16AC
SHA1:	6C6E908CFD9735708B730BB93B3861D3935DD00E
SHA-256:	280DA97D4FD1C090C84C2F8128E949E430BCB9AA33A6CD0B505D3511C594B061
SHA-512:	6CF4732593DFA6F385E790E3C1A94734DB46177CA3A80C6EA013F1CD10680A1D086884956C76FBE3696F0D5D7613F95F8725C6914A92F9A103122F82DB0AF047
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$........e`....F...F...F.o.G...F.o.G...F.o.GO..F.l.G...F/V.F...F.o.G...F...F...F...F...F.k.F...F.p.G...F.p.G...F.p.G...F.\|.F...F.\|.F...F...F...F+p.G...F+p.G...F+p.G...F+p.F...F...F...F+p.G...FRich...F........PE..d...+.Mb.........." ................t.........................................&......<&...`.........................................0.".......".@....P%. .....#.......&.p#...`&.t#...! .T....................# .(...0" .8............0..0............................text...(........................... ..`IPPCODE.]........ .................. ..`.rdata.......0......................@..@.data...L.....#..`....".............@....pdata........#......@#.............@..@_RDATA.......@%.......$.............@..@.rsrc... ....P%.......$.............@..@.reloc..t#...`&..$....%.............@..B........................................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Codecs.SRT.x64.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	4066160
Entropy (8bit):	6.3926179861702614
Encrypted:	false
SSDEEP:	49152:yo6Ba4A9YMjxSKJTiXH8AugQcLxS944LRodKFvYKpt9FqysYv7QYs1qPninWeL1s:qomtxdood3K9j+giHs
MD5:	E6522B81A70691930BDD03AB212EB8A2
SHA1:	1CA614DC47843A9A2B21DB6CBCA38A7788F2AEF1
SHA-256:	0FD015ED4BEDCDABC42A0EBA70E586731C645803D1657D6FAD763A6C91DFAAC9
SHA-512:	999CC03B3ACA911919D93DF9A3F8C51016B3689BCD082527A8403AB0E59C3ECC1B9E8D3BF4691FA79EFAD2CD3AB5BC59A9DCFEDA7363A889A7B3531B0916DCE8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.......9%..}Dd.}Dd.}Dd.i/`.iDd.i/g.pDd.i/a..Dd..0l.HDd..%`..Ed..-`.vDd..-a.nDd.}Dd.kDd.'...eDd..0`.rDd..0g.wDd..0a.+Dd.t<.xDd.t<..hDd.}De.gEd..0g.\|Dd..0a.uDd..0d.\|Dd..0..\|Dd.}D.\|Dd..0f.\|Dd.Rich}Dd.........................PE..d...(.Mb.........." .....>+.........xz........................................>......f>...`.........................................`&9.....$D9.......>.H`....:.L.....=.p#...p>. f...Y4.T....................[4.(....Y4.8............`+. ............................text...\|......................... ..`IPPCODE.-......................... ..`.rdata.......`+......B+.............@..@.data...Ps...p9......D9.............@....pdata..L.....:......8:.............@..@IPPDATA.......=.......=.............@..._RDATA........=.......=.............@..@.rsrc...H`....>..b....=.............@..@.reloc.. f...p>..h....=.............@..B................................

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.AJA.x64.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13284208
Entropy (8bit):	6.727606571603292
Encrypted:	false
SSDEEP:	98304:s2t33uN95/mY9ObFT1OQVuivpKWSxUUdnHVqcoMdQzhK77Idg/HU9:HEZEl1OQVuGpCaUGzw77Idgvm
MD5:	600646B41E513458C0527A63A8320EBF
SHA1:	FD1585DE29C5E8AB94772DCD7BDC4465A48F122E
SHA-256:	13B05B872058A7C23DE1A9665644068B2C779CB72E5069C5B609960FFB9BDA1C
SHA-512:	DBC3BF3BA48D339C04AA0E8F586341645B69594283E6E4FD7CA6E35D90F541D325A58723F2C63F8EE9E505F896B54A77CBEFE2193CA424C1674FE7949E864DCB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$........<...].X.].X.].X.6.Y.].X.6.Y"].X.2CX.].X.).Y.].X.).Y.].X4.uX.].Xp/.Y.].XL4.Y.].X..sX.].X.].XQ.X.).Y.].X.6.Y.].X.6.Y.].X.].X.\.X?).Y.].X?).Y.].X?).Y.].X?)AX.].X.])X.].X?).Y.].XRich.].X........................PE..d....Mb.........." ..........9......Vz.............................................j(....`.........................................@....... ...........<....p...k......p#.......g..\|[..T....................]..(....[..8............................................text............................... ..`IPPCODE.=........................... ..`.rdata...[0......\0.................@..@.data.......@......................@....pdata...k...p...l..................@..@IPPDATA.@...........................@..._RDATA..............................@..@.rsrc...<...........................@..@.reloc...g.......h...(..............@..B........................................

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.BMD.x64.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	21487984
Entropy (8bit):	6.725517729659603
Encrypted:	false
SSDEEP:	196608:JfVIUQwVLazu8NV3UuQ4DTaMytyUH9dK6WjOQ+S7MimIf7OjBn:fIUQw2V3x6MmIjM
MD5:	759B27BD8A63ADF60555B46DC9B0519F
SHA1:	28E87196352D27E6F15578E7D164FBCAB785A61B
SHA-256:	34B8C8875171B815FBB59D13A5C29496674850BBFAD79654296D7866D428AE1C
SHA-512:	0995BF5931ACF055517B0354E18D93F87F094CED587B7613494B507F0D5E740C5908891E8B3F771C0837FC9D71DCB7A4E17678ACE5BE3CA5CFBC50FD03F21000
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......n..u..&..&..&>.'$..&>.' ..&>.'...&F.'%..&F.'#..&^.'(..&..&...&pa~&...&F.'...&#.0&/..&#. &9..&..&...&..'+..&..',..&..'+..&..L&+..&.$&+..&..'+..&Rich..&................PE..d....Mb.........." .........3.....d........................................@H......~H...`.........................................P.B.......B.......G.X....`C.."....G.p#....G..E....:.T.....................:.(.....:.8............P...............................text...l'.......(.................. ..`IPPCODE."....@.......,.............. ..`.rdata...d...P...f..................@..@.data.........B.......B.............@....pdata..."...`C..$....C.............@..@IPPDATA.p(....G..*...:G.............@..._RDATA........G......dG.............@..@.rsrc...X.....G......fG.............@..@.reloc...E....G..F...xG.............@..B................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.DS.x64.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	22927728
Entropy (8bit):	6.683714700524515
Encrypted:	false
SSDEEP:	196608:IfgIUQW0ZLS6VtuUDfsZDyayUHqo/HEFNOQT5xcXInBk:HIUQHV+HrYnB
MD5:	2E4C105A2473B4CA80762498FB041B74
SHA1:	CA290D97C1BA12733B741A96F6866ABAAE87C651
SHA-256:	3303AB55745473F143FE1675DB32EA65707D671AB3D8F880E1D83D89BB20E686
SHA-512:	9ABFC78BE4254D81C70AC7A417F2B0EDDD7608C3D300FD283D6B7E8891FB7102C9261416D4346E57636919B8AB430927E91E7052DB61624D1FAD6AFC4BAB6324
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......ON.../../../..D../..D../..D../..WY../..}M../.g[../.g[../..D../.Q......./..4.g[.:/..WR../..WB../../../..[../..[../..[../..[.../../F../..[../.Rich./.........................PE..d....Mb.........." ......#...9.....\C.......................................0^......^...`.........................................0VW......VW.......].X....pX.T.....].p#....]..]....N.T.....................N.(...`.N.8............ $..............................text............................... ..`IPPCODE............................. ..`.rdata...P3.. $..R3...#.............@..@.data...$.....W......PW.............@....pdata..T....pX.......X.............@..@IPPDATA.0)...p]..*....].............@..._RDATA........]......>].............@..@.rsrc...X.....]......@].............@..@.reloc...]....]..^...X].............@..B........................................

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.NDI.x64.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	9675632
Entropy (8bit):	6.705660584110193
Encrypted:	false
SSDEEP:	98304:dCYiQvgZdOnOjkOQVs/Y+28zP9sTIK3XUAR0:oVLvkOQVsA+dP9ssK3XUAR0
MD5:	0EE566DE084986A188C1C0849B720195
SHA1:	63165BE7B637AD6B43FF03EFEAB85DF850F48E1F
SHA-256:	A66DA973F9DE3953CEF4EDF525B342D3B91582600700B84E356ED0BF0834F7BE
SHA-512:	B0573314205DCC163CB5CC2B91ECCA3F8418EC74C3529887B1C22B8AD7BB4CF433CEDFEAAC3440EE720803F0A066F66A2BF4C1C48D5F6394DEE616BFF2C64175
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......[d...............n.......n.......n......sq......sq.......q......E.7.............sq../....}y......}i..............q.......q.......q.......q........m......q......Rich....................PE..d....Mb.........." .....<j..@).....,.X............................................2....`.........................................p?......<@..........h........z......p#.......6..P...T.......................(.......8............`j..............................text... (Z......*Z................. ..`IPPCODE.}....@Z.......Z............. ..`.rdata....&..`j...&..@j.............@..@.data...tu...`...`...<..............@....pdata...z.......\|..................@..@IPPDATA.@....`......................@..._RDATA...............4..............@..@.rsrc...h............6..............@..@.reloc...6.......8...H..............@..B................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.SCR.x64.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14327664
Entropy (8bit):	6.681344736513694
Encrypted:	false
SSDEEP:	98304:0IUQJpxIAlD4dAK09V//yVpblWsfTkm4D/7kOQSgX/CWqBwSK5V:0IUQJbIQVI7k9PkOQSwqWAK3
MD5:	B43CFC6D323FF34BE2BA692D5037C076
SHA1:	96AF5A2448DD024E29911BD6F9371C5A81E8869E
SHA-256:	25FC2C8D9BA7EE70F11D07D73DE416E90619235E5B4DE70FBDB634AB5FC22CD3
SHA-512:	D80FEF1B4383934950B3083D12096D9262BB5BDB30E7B4B054FFD99D9F16BCB7AA252C2EF0B3DACECB4BB063560F8521FBF91FFD1B25EAA73E8611E754D21C52
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......I.s4...g...g...g...f...g...f...g...f...ga..f...ga..f...g..g...gW\|.g%..g...g...g.F.g...ga..f8..g.F.g...g.F.g...g.F.g...g...g...g...f...g...f...g...f...g...f...g...g...g...g...g...f...gRich...g................PE..d....Mb.........." .........z'.....`%...............................................l....`.................................................\|...@.......T............\|..p#......\3.. U..T....................W..(....U..8............ ...............................text...~F.......H.................. ..`IPPCODE.}....`.......L.............. ..`.rdata....!.. ....!.................@..@.data....x... ...`..................@....pdata...............\..............@..@IPPDATA..............B..............@..._RDATA...............`..............@..@.rsrc...T............b..............@..@.reloc..\3.......4...H..............@..B........................................

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.MFReader.x64.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	28375912
Entropy (8bit):	6.072634678034487
Encrypted:	false
SSDEEP:	196608:LIUNQyyfCHVjdiDT7rKOQLUC3UkeePbbbrcB+VfGzeI:LIUNQ6VjsDT7+eu++s6I
MD5:	DCBC88D64D18E42B10449D898F3E0BC4
SHA1:	D41FA542A2FB9D409F8A4FFBAD43DE860921C0FF
SHA-256:	51FD4E220748805D31124C14DA7D5DAB430C66033268CD61A58BEC595FA8B25D
SHA-512:	FFE3B508D4A22F24A9E0C124054983BA4F794B175C04C8909475D38AC3C4C0B2AD3B28C2C557B66FCBFBAFA8FC8181B24F9504099089C259E411898ED18DD2CD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$.......&PX.b16.b16.b16.vZ2.}16.vZ5.{16.vZ3.16..Y3.h16.c..`16.@Q7.j16..P2.?16.kI..c16.b16.\|&6.8....06..^..k16..E3.116..E2.p16..E5.n16.kI..g16.kI...16.b17..06.E5.c16.E2.}16.E3.o16.E6.c16.E..c16.b1..c16.E4.c16.Richb16.........................PE..d...>.Mb.........." ......f...J.....T....................................................`..................................................y..........<......\|......h#...`...l...`..8.......................(... a..8............`...............................text...G.K.......K................. ..`IPPCODE.......K.......K............. ..`.rdata....8..0f...8...f.............@..@.data........ ......................@....pdata...h......j..................@..@.idata...\...`...^...z..............@..@.tls...............................@....00cfg..Q.........................@..@IPPDATA...........................@..._RDATA..

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.MFWriter.x64.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	35211624
Entropy (8bit):	6.134930863063333
Encrypted:	false
SSDEEP:	196608:QfkIUNQA0KF8dDVTuM6Op7pySyjHVLq+A2tWdOQRf6W0POg9vMCImCv0E8+Id3:/IUNQ3VL+A2t/Og9vBIl0E8+Id3
MD5:	C4D65D7061DFA8CDAC34AB900579572E
SHA1:	29E0164BD585926E8D3661305EF3AF0C1EE60229
SHA-256:	C790EA3F292BA45EAE3A2984A4EEA0277489EC0ECCB76843F4B2538CCABEE150
SHA-512:	62799EBC88C6FD61FF6862D264F027FD24856A74DDBBC5472F612936E3F1C82F88670F0815508D1761AED5864119132F2AB7DF8B7563EDB77FDBA68DADA7EAB8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.......R..a.w.2.w.2.w.2...3.w.2...3.w.2...3.w.2z..3.w.2z..3.w.2z..3.w.2.%P2.w.2b..3.w.2..K2.w.2.w.2Ck.2L..2.v.2z..3+w.2..O2.w.2.._2.w.2.w.2Tv.2...3.w.2...3.w.2...3.w.2..32.w.2.w[2.w.2...3.w.2Rich.w.2........................PE..d...:.Mb.........." .........lU.....7.....................................................`.....................................................\|........k.......h...&..h#.......O...<..8................... ...(....<..8............................................text....&.......(.................. ..`IPPCODE.*....@...................... ..`.rdata....@.......@.................@..@.data...............................@....pdata..4............v..............@..@.idata..tG.......H..................@..@IPPDATA.N....0......................@....tls.........P......................@....00cfg..Q....`......................@..@_RDATA.."....p..................

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.MFormats.x64.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	28575080
Entropy (8bit):	6.75056444650105
Encrypted:	false
SSDEEP:	196608:lf+IUNQeO4fya6VCu5EVpmZyoynHgF5/p1bADOQA3U+c4GU6BksjoObk1On:0IUNQhVlp1brR6Bp7bXn
MD5:	D89A992C64B621E87193E8199867FDE9
SHA1:	3FBA3BD4D53B62BDA1866ED6439638BC68187B71
SHA-256:	08643AA1AE5BDA73404B35297D38C8DF59C1A2FD183EED4F7BAC773A9A73F2D2
SHA-512:	B983985AA63BBDF8FFA75F7AB8006A0EF55AAF291289166603E0744DD4A6E961D71702AE45A72259DFA4E7BCE85EDB5EF67571673341E99A596177757A1AB71A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.......t..#0.zp0.zp0.zp$.~q'.zp$.yq%.zp$..q..zp..p2.zpD.{q2.zp9..p1.zp0.zp..zpj$.p..zp\..qc.zp\.~q?.zp\.yq:.zp9..p1.zp9..p5.zp9..p/.zp0.{pd.zp.yq1.zp.~q5.zp..q2.zp.zq1.zp.p1.zp0..p1.zp.xq1.zpRich0.zp................PE..d.....Mb.........." ......l...G.......I......................................`.......g....`..........................................%......L&..h........D.....\|......h#......hU......T.......................(.....8.............l.(............................text...h.T.......T................. ..`IPPCODE.......U.......T............. ..`.rdata..&l7...l..n7...l.............@..@.data...l....P...^...2..............@....pdata..\|..........................@..@IPPDATA.@............Z..............@..._RDATA...............D..............@..@.rsrc....D.......F...F..............@..@.reloc..hU.......V..................@..B................................

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Plugin.Delay.x64.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	15432048
Entropy (8bit):	6.749915850631642
Encrypted:	false
SSDEEP:	98304:PIUQfoRCdtD+BJTb0uVcN3I/b1e6aKq1EbK9h9AOQx+c6PRb4iIXmak0neBC/+:PIUQfsCDuVjK1E8AOQx+zRzG7n0CG
MD5:	F214BFC4DE3F35F13900A248517AC584
SHA1:	EBDE7A67009F093C7FCD194B1AD6385F9E5D000D
SHA-256:	0422246DBF527304D40CA3B20ED122675D881C2CEE7B61EE813456344B670D41
SHA-512:	021C8487DF254524EB67D6A3DDED61E2D2CE4D541E0979BB3BE1846DF1B0D0CC8A89EA3860BBB1A2D68F38D253D0140DEC71CD1BEDCACBCB85091C8C65D11CA6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.........%..K...K...K..uO...K..uH...K..uN...K..jO...K..jH...K.AL...K..f...K..uJ...K...K...K......K..jN...K.EjO...K..f...K..f...K...J...K.EjH...K.EjN...K.EjK...K.Ej....K......K.EjI...K.Rich..K.........PE..d...r.Mb.........." .....v....-.....x>....................................................`.................................................t...........p............V..p#.......:......T.......................(...`...8............................................text.............................. ..`IPPCODE.B......................... ..`.rdata....$.......$..z..............@..@.data.......0......................@....pdata........... ..................@..@IPPDATA.............................@..._RDATA..............................@..@.rsrc...p...........................@..@.reloc...:.......<..................@..B................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Runtime.x64.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	30561640
Entropy (8bit):	6.71405420781881
Encrypted:	false
SSDEEP:	196608:XfT7IUNQZJW3uQFuLCf5whVHjyHyRHC+o7dCZCMZLOQ/HWp3FqcakboRJQ0bdZQ:PIUNQXVHi7dCZmQkbo3QSZQ
MD5:	886991B060F4DA2E289283B70ECE9FD5
SHA1:	F620B75F454D6E3AFC12138C7777C9A76372E3F9
SHA-256:	F0C381E32022C697FEC7D4C1CAE704FD3B5A190AB80BB1F948B48A9125839F5D
SHA-512:	E57C9CCC65667D66DC4989E710B958B5D356C9699B552D6F321826F992A2382301FEACA4BF13617F2EE94D2BFADEC16AFAAD9A8B91A455EFEAEE48D2A7FF34E2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$........\|^...0...0...0..v4...0..v3...0..v5.i.0..}1...0.d\|4...0..v1...0..e....0..O....0...0.;.0.....f.0..r...0..i5...0..i4...0..i3...0..e....0..e....0...1...0..i3...0..i4...0..i5...0..i0...0..i...0.......0..i2...0.Rich..0.................PE..d...@.Mb.........." ........`N......N^...................................................`...........................................................$W...........2..h#..........H_..T....................a..(...._..8............................................text....-l.......l................. ..`.orpc...{....@l......2l............. ..`IPPCODE......Pl......6l............. ..`.rdata....<.......<................@..@.data...............................@....pdata..............................@..@IPPDATA.@............T..............@..._RDATA...............>..............@..@.rsrc...$W.......X...@..............@..@.reloc..........

C:\Program Files (x86)\SRTMiniServer\DLLs\Processing.NDI.Lib.x64.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	28050872
Entropy (8bit):	6.571132491531632
Encrypted:	false
SSDEEP:	196608:VV05Jd1XXjdhbHBayM5xXjdhbHBayBRMFOEQ1PviHdeLuDWfY45W:sXjzbhK5xXjzbhvU
MD5:	E918518C7AA284CE72081B91D3D28EAD
SHA1:	0CA1A634C28BF8A76D3043468B4A6755BC0CBD87
SHA-256:	3C79A9D6445CA1C4E78CD85F9852433967DD4A50C0CBEDC9D61E9C4B7707D8F7
SHA-512:	80C76F4467E59719C4615F84E64B0C4C4EE10F928F88EA817E0E888AFA0C0E37B38CC95ED131815684F011ED5F68B91A7CCEB11D9557A9A4455B47B6B530DE9B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$..........7.`.d.`.d.`.d...e.`.d...eU`.d...e.`.d...e.`.d...e.`.d...e.`.d...d.`.d.`.d.`.d:..e.`.d:..e.`.d...e.`.d...e.`.d.`.d.a.d:..e.`.d:..e.`.d:.,d.`.d.`Dd.`.d:..e.`.dRich.`.d........................PE..d...-..`.........." ...............................................................c....`.........................................@Y.......j..@....P..........`.......!...`...=...4..T....................6..(...05..8...........................................text...8......................... ..`.rdata............................@..@.data................r..............@....pdata..`...........................@..@_RDATA.......@......................@..@.rsrc........P......................@..@.reloc...=...`...>..................@..B........................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\avcodec-58.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	37810176
Entropy (8bit):	6.624908444345091
Encrypted:	false
SSDEEP:	393216:+8UUW+2sQTvMuyihJfeM5EZCSGgu28FJvVd:+T0QAuTh9TpSMVd
MD5:	8C7B2589A7950471627D305FBF6BB904
SHA1:	0A4C06288569D67C24D0A4F6C7E78B18821345F7
SHA-256:	C37C22EDF6B052AF2DF4C3FDDCC1711CEA5B1B1AF169BAA0F68F8002B10981AE
SHA-512:	C37AF05180B505E603D784418538DBAE956DA1139DB8FC5EC98BC519AF20AA276C97329F481AB3CC2B74365D632C3F40483592911ED58903BFF84AC2C5CFAB83
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...$.`....@..z..P.........................................U.......@...`... .......................................S.r.....S..E...PT.......3.4............`T..^............................/.(.....................S.`............................text...x^.......`..................`.``.data........p.......d..............@.`..rdata...ng......pg.................@..@.rodata.P....p3......b3.............@.`@.pdata..4.....3......v3.............@.0@.xdata..L....`8......B8.............@.0@.bss....py...@?.......................p..edata..r.....S.. ..."?.............@.0@.idata...E....S..F...B?.............@.0..CRT....`....0T.......?.............@.@..tls.........@T.......?.............@.@..rsrc........PT.......?.............@.0..reloc...^...`T..`....?.............@.0B........................................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\avdevice-58.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	1563136
Entropy (8bit):	6.546764304100476
Encrypted:	false
SSDEEP:	24576:XCW8kwUfdaXuEvHKq3a4lD97C+hpGE0ZG7LSRzXUUX5D7W1dZ0TZcIIIIIIR0zif:X/EUfdaDDK4Dt0ZG7LyvaiziTFprzKUL
MD5:	6C1BA27832508DECBCE2385EB61F21B9
SHA1:	60239C027E7D90FB82726ACADACF83F4FE0855AC
SHA-256:	6438F3745BD21391F449C4963B061D7670E1652CD3ADBE5CDFB03E9CC77F3AD9
SHA-512:	FD4B8D4C70105C60D9E81DC5B33EFBFBCB8806EFD4A731F37FAC14275BA48B8F5B91713BC3371870FB9AFB44DD1D81207059F7AE3EF5CA4C88CBFA3B9B46F021
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...$.........4..P...............................................)F....`... .................................................hF...`.......P..............p..L...............................(...................,................................text...............................`.P`.data....S.......T..................@.`..rdata.......`.......@..............@.`@.pdata......P.......,..............@.0@.xdata.............................@.0@.bss.....3............................`..edata...............n..............@.0@.idata..hF.......H...r..............@.0..CRT....X....@......................@.@..tls.........P......................@.@..rsrc........`......................@.0..reloc..L....p......................@.0B................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\avfilter-7.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	26075136
Entropy (8bit):	7.117761838151895
Encrypted:	false
SSDEEP:	393216:5jYnrgj087j3ZgmbbnyZTeAnIlLyZGP2TTgLf3cWeqeo8XpKw7F:5nImFDuT6Ly7Ts0WeDoqX
MD5:	F5695C8285347E896CCAC36BFD66793B
SHA1:	EE4221654AA916D85E5FDCFF39CC579E90BDD50C
SHA-256:	D5E38888A926612F8B823CCC37487F857E25F3277AE0C0CA139808A2C00358D6
SHA-512:	ED7D7E6298AC5EE7EBC24A930D5DDADFBFA6E2DBD083ABF118F7CB8E86B448E8E04366068C5BD3DB109240E4A6739F9FD8E48A7AC59A400C44198928F0CB6893
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...$..g.....p..P...............................................].....`... ..................................................L..............\|o.............................................(.................... ...............................text...h.g.......g.................`.P`.data...@.....g.......g.............@.`..rdata..@.....h.......h.............@.p@.pdata..\|o.......p.................@.0@.xdata... ...`..."...@..............@.0@.bss....Po............................`..edata...............b..............@.0@.idata...L.......N...l..............@.0..CRT....`....`......................@.@..tls.........p......................@.@..rsrc...............................@.0..reloc.............................@.0B................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\avformat-58.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	9625600
Entropy (8bit):	6.536815715028949
Encrypted:	false
SSDEEP:	98304:0oHCcTDFLkQ/zwJwguGruUWEOvQl+lf1thHajw2fBAUZLe0HZvdM:vkQq8UnO/fzh6jw2fVy0jM
MD5:	BAB673125DE323560526C0629AF9D3CA
SHA1:	046343408B463229CC2931A17AC1E46F887F4613
SHA-256:	03C663611FE009B2548A520B112C0F649EF59BE45DC704CE214BDDEEB0C02A76
SHA-512:	F02BE3E394E30ACFD9641174EF040485FF579219CF383F547B3340D59C85FC0BB5ADB4F2DACDE68564BF94DC948DD129BE43D973EA518BAA5258B7449CD83A53
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...$..b........P........................................@............`... ........................................t.......a...........P..................8............................r..(....................................................text.....b.......b.................`.p`.data.........b.......b.............@.`..rodata.......d.......d.............@.0..rdata...F&...e..H&...d.............@.p@.pdata.......P.......&..............@.0@.xdata..<....0......................@.@@.bss..................................`..edata..t..........................@.0@.idata...a......b.................@.0..CRT....`....`.......0..............@.@..tls.........p.......2..............@.@..rsrc................4..............@.0..reloc..8............8..............@.0B........................................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\avresample-4.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	162304
Entropy (8bit):	6.367140899669312
Encrypted:	false
SSDEEP:	3072:LWWdFs9tEh4Simwx8KEtXL5ZHM/yfXmU3f8zNlj+aC:RW8XxUzN7
MD5:	2DA4C98F205A9D30B14DA6F26A9662D3
SHA1:	C9DA0A1CE301C2426C35B82FD4CA059B3B3AFA29
SHA-256:	4D34663DF09787C88C195CE4B4B88D18F5B0343613A0371ACAEFF45485D2FB45
SHA-512:	E1D49213BB5BE2053C39773FB9A7FF2B608BC3A901D7D34E070B782C6B3E64CEB7A243D0D07ADCAE23FC9A468FF15D1A328590B4C22DDBAFE4FA360F373B20CC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...$.....v......P...............................................>.....`... ..............................................................p...............................................S..(.......................0............................text...............................`.P`.data........ ......................@.P..rdata..08...0...:..................@.`@.pdata.......p.......F..............@.0@.xdata..\|............R..............@.0@.bss.... .............................`..edata...............^..............@.0@.idata...............b..............@.0..CRT....X............n..............@.@..tls.................p..............@.@..rsrc................r..............@.0..reloc...............v..............@.0B................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\avutil-56.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	865792
Entropy (8bit):	6.437206029161204
Encrypted:	false
SSDEEP:	12288:5cv//cogmgsffFK5nlGnErj05Nb0aBtjOIi6SJQdVR6CCjOioYv:Xhns3fnbjrSKUCoBv
MD5:	D5F809ADAC5DA54AC1DD741923AF061E
SHA1:	194C826C945C43DA7E1DE5133D2A02FE1773D97F
SHA-256:	1CA7C910A85E7B7876021AF5D4BDBB664A23AE2526531AACC26A8588C2592741
SHA-512:	419C4AB61B55E696A5CA4091FC768459B215C9091DFD44DC1FF0D255259818F75755BED27C0A6C8B7C2A7241B2015499DC242D4815F4CB52D45CE3843CAE425E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...$.....2.... .P.....................................................`... .......................................-..?...0..D....p.......@..\L..............................................(....................6..P............................text...............................`.P`.data...............................@.`..rdata..P.... ......................@.`@.pdata..\L...@...N... ..............@.0@.xdata...S.......T...n..............@.0@.bss...... ...........................`..edata...?....-..@..................@.0@.idata..D....0......................@.0..CRT....`....P....... ..............@.@..tls.........`......."..............@.@..rsrc........p.......$..............@.0..reloc...............(..............@.0B................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\d3dcompiler_47.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	4173928
Entropy (8bit):	6.329085982329133
Encrypted:	false
SSDEEP:	49152:VBfmqCtLI4erBYysLjG/A8McPyCD6hw16JVTW7B3EgvVlQ3LAYmyNOvGJse+aWyu:BeZevVKACOvWYQk
MD5:	699ECC49CA12082DDBDA30669690EE35
SHA1:	8B3C633AEA3C4FCB2F2277B4C1F81B85E4219A96
SHA-256:	0BEA1620DD82F5E6BE1650FBE84CE819BA9F32F4148308CF1E68C4D825D74937
SHA-512:	DC18ADBB494771437BE9E1BC53E2AF3D34B74E36142D20ACEBE47B305373F9B5D9BA876E278FDC6D7A6E0DDD310C8A09A72AD399D3BFD4157DD85317E24F72F9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G..(.a.{.a.{.a.{..m{5a.{..l{.a.{.m{.a.{.o{.a.{.a.{.a.{.i{.a.{.l{.a.{.h{.a.{.q{.a.{.k{.a.{.n{.a.{Rich.a.{........................PE..d......R.........." ......;.........`.8......................................@@......^@...`...........................................;.u...P.>.d.....?.@.....=......t?.h<... ?..{..................................@a................>.P............................text.....;.......;................. ..`.data...h.....;.......;.............@....pdata........=......n<.............@..@.idata..@.....>......B>.............@..@.rsrc...@.....?......\>.............@..@.reloc....... ?......b>.............@..B........................................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\glew32.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	364032
Entropy (8bit):	6.221132321562538
Encrypted:	false
SSDEEP:	6144:7JNyWTWo1aETChCPR/KFOnAElG76SW0A1di/qt8oRFGNGHLcZ7jQlfaOjIdl56C:1N/S0aZCZRnr64nLCqIdl
MD5:	6FCB382735D0DBD68D14F818BF839430
SHA1:	F70250C3645F0812A78AD559628BCCEC3BBFB097
SHA-256:	E80DC7EBE2AA9D7CEC9466328F63AEF530CC754F1C9DFC714261C69F4228EA65
SHA-512:	872E64A8318882F5E244D0FE49EA10DB6238EE9B7FA13B8F5FED4849BF64A412C86633004926CDEF38B9C46E54470C99BB0D5B5EF3A6CA9318B2AAA7F36BFAB6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........u...u...u.......u....7..u....:..u...u...u.......u....2..u....3..u....4..u..Rich.u..........PE..d....=.Q.........." .....8...R.................b.............................0......E.....@.........................................0...........<........$................... ..`....................................................P...............................text...Z7.......8.................. ..`.rdata.......P.......<..............@..@.data...@k...`.......@..............@....pdata...............P..............@..@.rsrc....$.......$...d..............@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\ipp90legacy.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	21117952
Entropy (8bit):	6.630752349249341
Encrypted:	false
SSDEEP:	196608:hXcHynhiM9wgnC5uiKemfFikTKjLm4U9QMD:3fF3jq
MD5:	A83498A86D4FA96B63C9E2D7A8444875
SHA1:	7DF8468EEAC792E8C0BA841CF20EA3FFD7814C87
SHA-256:	283A1A059DB03CC56A9E19487E413F860562479C7CED59C4F1C7BF444F368C0D
SHA-512:	656F8372A05F32358FC18A1C25E84DC846FF8062E5065BB8230F36105A27B93F8C4FFB5DB7126A4536172E5DB980DC4F4E67BB29826DC278D2F98F3166702D57
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................................................7..F...................M.......Rich..........................PE..d...#A._.........." ......)..........t........................................B...........`...........................................9.\P...h9.(....@B......P;..............PB.dI....1.p.............................1...............)..............................text....".......$.................. ..`IPPCODE.}.)..@....)..(.............. ..`.rdata........).......).............@..@.data.........9......T9.............@....pdata.......P;.......;.............@..@IPPDATA......@@.......?.............@....rsrc........@B.......A.............@..@.reloc..dI...PB..J....A.............@..B................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\libmfxsw64.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	8195456
Entropy (8bit):	6.521072467591149
Encrypted:	false
SSDEEP:	49152:NhNf2ZY9P/GMZ0PlhnblEiGm5dUNP+aLsdZ+wn3jrQnz8PK4yVkFmOvMXbHPpQK5:Eu0Pl/5inst/Qph8HDUTRKPs
MD5:	BB358DE48A8F678628E708DCAF5900AF
SHA1:	A9560D22F4BDB488B98792280C07291AA657AA99
SHA-256:	D7F3CCBACBF9978A7A07BEBDD8B332B1D952753217761250337648BAB533461F
SHA-512:	D60D099575FA8AF6FE10BAEC56A3C6D9D62820E225DBE57DA880B3D77E0CB2789056599809D57BEC9BFFE3D6566A861E0D06EEE72616CFC94B805667E267359B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......~...:}..:}..:}..U...-}..U...)}..U....}..h...3}..h...O}..h....}..U...1}..:}...}..:}...}..`.\|..}..V...*\|..V...;}..V.N.;}..V...;}..Rich:}..........................PE..d...Z..\.........." ......j...........U.......................................}.......}...`A.........................................ex. ....nx.P.....}.......z......\|.......}..B..`.q.p....................q.(....q...............j. ............................text.....[.......[................. ..`IPPCODE..N....[..P....[............. ..`.rdata........j.......j.............@..@.data...4,....x..X...rx.............@....pdata.......z.......y.............@..@IPPDATA..N...@}..P...V\|.............@....rsrc.........}.......\|.............@..@.reloc...B....}..D....\|.............@..B................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\msvcp120.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	660128
Entropy (8bit):	6.339798513733826
Encrypted:	false
SSDEEP:	12288:N2fus43uu43Ry4GHlT4xH2K+M+/i+WSpY+7YOzCaK9A3gS2EKZm+GWodEEwnyh:muJzCaK9AB2EKZm+GWodEEwnyh
MD5:	46060C35F697281BC5E7337AEE3722B1
SHA1:	D0164C041707F297A73ABB9EA854111953E99CF1
SHA-256:	2ABF0AAB5A3C5AE9424B64E9D19D9D6D4AEBC67814D7E92E4927B9798FEF2848
SHA-512:	2CF2ED4D45C79A6E6CEBFA3D332710A97F5CF0251DC194EEC8C54EA0CB85762FD19822610021CCD6A6904E80AFAE1590A83AF1FA45152F28CA56D862A3473F0A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........;..h..h..h..[h..h..h..h..Mh..hIAWh..h..Oh..h..qh..h..ph..h..uh..h..Lh..h..Kh..h..Nh..hRich..h................PE..d.....OR.........." .....@...................................................`......a.....`.........................................pU.. ....2..<....@...........G.......>...P.......X..................................p............P...............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data........P...8...B..............@....pdata...G.......H...z..............@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\msvcr120.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	963232
Entropy (8bit):	6.634408584960502
Encrypted:	false
SSDEEP:	24576:FkZ+EUPoH5KTcAxt/qvRQdxQxO61kCS9mmWymzVPD:FkMAlM8ixQI5C6wl
MD5:	9C861C079DD81762B6C54E37597B7712
SHA1:	62CB65A1D79E2C5ADA0C7BFC04C18693567C90D0
SHA-256:	AD32240BB1DE55C3F5FCAC8789F583A17057F9D14914C538C2A7A5AD346B341C
SHA-512:	3AA770D6FBA8590FDCF5D263CB2B3D2FAE859E29D31AD482FBFBD700BCD602A013AC2568475999EF9FB06AE666D203D97F42181EC7344CBA023A8534FB13ACB7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Ck.."..".."..D...".."..-"...s..$ ...s.."...s.."...s.. "...s.."...s.."...s.."..Rich."..........................PE..d.....OR.........." .....h...:.......)..............................................].....`.................................................@...(............@...s...t...>......8...p................................2..p............................................text....g.......h.................. ..`.rdata...8.......:...l..............@..@.data...hu.......D..................@....pdata...s...@...t..................@..@.rsrc................^..............@..@.reloc..8............b..............@..B........................................................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\msvcrt.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	634880
Entropy (8bit):	6.529698884144268
Encrypted:	false
SSDEEP:	12288:QpC1XhsbQfIiZ3f5Lzf1wUEyUQAmVyK6EOaA0OONRQ:QpCZhsboIiZ3x/dcQAmVyK3OaA0O+Q
MD5:	C391FC68282A000CDF953F8B6B55D2EF
SHA1:	964EE2D28DC71210982F72E567DF89F9F527B67B
SHA-256:	1CB0DAB84545D9FDEA5A7865A1E7132CEAC91DECF8B100285B63098D7B09E584
SHA-512:	E324197FF69C92307F86A21B2DDAAE5F9AC699F3B234C09FA4DAFEE3757B0C716577DB1D62CA23180DC34D7899686D32C52C072A0D01B29DD91DD01744506CD2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\.H..............b.5.............d.......r......c.......u.......e.......`.....Rich....................PE..d...?..N.........." .........,...... .........ju.....................................p....@.............................................j..D................p..d\......................8............................................................................text............................... ..`.rdata..Lj.......l..................@..@.data....V.......N..................@....pdata..d\...p...^...H..............@..@.rsrc...............................@..@.reloc..............................@..B...N.......N.......N.......N.......N@......Na......N.......N.......N.......N.......N.......N.......N6......N_......N.......N.......N.......N.......N.......N.......N.......NA......Nc......N.......N.......N.......N............KERNELBASE.dll.ntdll.dll.API-MS-Win-Core

C:\Program Files (x86)\SRTMiniServer\DLLs\swresample-3.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	431616
Entropy (8bit):	6.532333052001319
Encrypted:	false
SSDEEP:	6144:+Q+zlpjRhJHZwGlUQ7BTTiT2HkPvdpDkaQFqAImlGMNYt:foldVUQ1TBqoFg
MD5:	69F145A1E74C423CBAED69F56500281A
SHA1:	CD53DE3A15395E313E422315A42C625637DAE7AB
SHA-256:	3B1A2D3D1945CA2F7E38A438A1BFE53331F16CEB69C47E6D25CCA3E0B829B684
SHA-512:	83F7E076D78862185BA8406ADA746134E8DD6661FCE8837C2E42193FCE8115934EE1D30EB8C08305BA90A128B31016BECEB07C53D8D6137EBF074B7155685EE3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...$.........R..P.....................................................`... ...................................... .......0.......`.......p..L............p..@............................P..(...................@2...............................text...............................`.P`.data...............................@.`..rdata..p...........................@.`@.pdata..L....p.......@..............@.0@.xdata... ......."...V..............@.0@.bss.....Q............................`..edata....... .......x..............@.0@.idata.......0.......\|..............@.0..CRT....X....@......................@.@..tls.........P......................@.@..rsrc........`......................@.0..reloc..@....p......................@.0B................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\DLLs\swscale-5.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	567808
Entropy (8bit):	6.545705144095029
Encrypted:	false
SSDEEP:	12288:QowUUPw+aMa9iuSqQ6ZmWkFOyJEMbYTB7c26/5pmpAvKF66vFtvjRp:QowUUPwPCpaMbYTi/5pmpAvKF66vFtvn
MD5:	EE25EBBCEC188C364199EA904A2D8F9E
SHA1:	30DDAAD06D7BC4FE8DE7C979EE02EF2E861FC538
SHA-256:	6C6BBA47053EF51A3F0098E1EA68AABCCED9D273EB01237C422ED33DB94F94ED
SHA-512:	CBDC3FCBE9B255BB1E8390B59B0FEC7F8DC8D850C4C03A6418FA26B2D5C4A62CBB413981BC28F7E68D23AEA1EF505086D315A0CB086C69F074257523D8B6B827
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...$............P...............................................\h....`... ......................................P.......`..0............P..<'..........................................@4..(....................a...............................text...............................`.P`.data...............................@.P..rdata...].......^..................@.`@.pdata..<'...P...(...4..............@.0@.xdata..H5.......6...\..............@.0@.bss....`.............................`..edata.......P......................@.0@.idata..0....`......................@.0..CRT....X....p......................@.@..tls................................@.@..rsrc...............................@.0..reloc..............................@.0B................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\Processing.NDI.Lib.x64.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	25331200
Entropy (8bit):	6.522878448729758
Encrypted:	false
SSDEEP:	196608:QbpEEXjdhbHBaypHXjdhbHBayBrXWfYZMf+WUplr7:QbpTXjzbhfHXjzbho+WUplr7
MD5:	E2C114FBBCED08E750D3FE37AB774DBB
SHA1:	63A637AFEC9CAD6F0A05C87F543FC5EDAF49CA00
SHA-256:	98EA2F732794FDA246580414CA728CE5CA76B415B7496E67A78E6DCC6764A517
SHA-512:	B356A7B881B70E679518550D7077D0A8353A539EEDB56BE7FE6ECBE2E382E85F16F920B4D95CA51744B840C07FAB75B86D0D9165E0E08E5D063078B04864D0B1
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nc_..1..1..1.Od2.;.1.Od4...1.....).1.xj2.#.1.xj4.R.1.xj5...1..k2.".1.Od5.6.1.Od0.1.1..0.>.1..k8...1..k1.+.1..k.+.1....+.1..k3.+.1.Rich.1.........PE..d.....9^.........." ......z..R.......1....................................................`.............................................p...@........ .......`..............0...b...x\|.p....................y\|.(....x\|.............. z..............................text.....z.......z................. ..`.rdata....... z.......z.............@..@.data....M.......z..................@....pdata......`.......h..............@..@.rsrc........ ......................@..@.reloc...b...0...d..."..............@..B........................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\Qt5Core.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6164600
Entropy (8bit):	6.646037490349141
Encrypted:	false
SSDEEP:	98304:zP/qGJuO1Ty/aNaJsv6tWKFdu9C5Fs74/Eorqf2X:zHqGIOBy/7Jsv6tWKFdu9C5O7orqf2X
MD5:	5FDF9EDCEDC637C005EFACC076F552BB
SHA1:	B92B5BACA9B82CF79087E07821D35410CE3F4E2C
SHA-256:	47888A0EF6EEFFDE2DB72E02B44F8BAF053B54F81271559ACF167E291CF7272F
SHA-512:	8012E42A4D4FE8022B67EE0F64FD66C00CEF771AFF6E18BEA962420B8E6A85E23132715E783A0F08C1C087EDEBCEEEFFA1BBE6B3AB8EC0F7DDFE4F23B832C7B5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............[...[...[..}[...[...Z...[8A)[...[...Z...[...Z...[...Z...[..Z...[..Z...[...[...[m..Z...[m..ZV..[m..Z...[m..[...[..y[...[m..Z...[Rich...[........PE..d......].........." .....r..../......j,.......................................^.......^...`...........................................R.....lkY.......^......0\.TC....].x.....^.."....K.T.....................K.(.....K..............................................text....p.......r.................. ..`.rdata..v.+.......+..v..............@..@.data.........Y......xY.............@....pdata..TC...0\..D....[.............@..@.rsrc.........^.......].............@..@.reloc..."....^..$....].............@..B........................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\Qt5Gui.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6509176
Entropy (8bit):	6.671682523497419
Encrypted:	false
SSDEEP:	49152:Mfav657bvN//cUWquB+ZiX+Ye+/Cp/Xai0VuWgxlS2bsBjopO+VB0GdXrAsxmLui:MCv69vs0hWgxs9f+aOuoX9s
MD5:	C35A8347CFFB2EE11FFD23644CBA4EAD
SHA1:	E66101A22731DDBBD76371617A0211AAE265AE6F
SHA-256:	9F9E22D4F731439FBF710CE34BA0607FB9E60AE0E5E78D50B3547D1F55F08C5C
SHA-512:	A6493896B31F40E29F626EADC3B698CCCFDF50F4E217CD73694A862576DB54C9A7A8727EB26E094ED76FE7FA358BF25D51C99253B7060425B52109C05523A208
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......T*.d.K.7.K.7.K.7.3n7.K.7..:7.K.7.).6.K.7.).6.K.7.).6.K.7.).6.K.7c).6.K.7.(.6.K.7.K.7.N.7.(.6.K.7.(.6HJ.7.(.6.K.7.(.7.K.7.Kj7.K.7.(.6.K.7Rich.K.7................PE..d...3..].........." ......9...).....\|.9.......................................d.......c...`..........................................'C.<....!\.@.....c......0`......<c.x.....c.,-....>.T.....................>.(.....>...............9../...........................text.....9.......9................. ..`.rdata..fN#...9..P#...9.............@..@.data........@]..X....].............@....pdata.......0`......._.............@..@.rsrc.........c.......c.............@..@.reloc..,-....c.......c.............@..B................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\Qt5Network.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1327224
Entropy (8bit):	6.389267625029064
Encrypted:	false
SSDEEP:	24576:RYQzjq3sIk5E5Q0K6DK+PHO9bfwYUYDE1rFd4v+wI2uoni+ro:fssxMQR45Pu9zwYUYDE1W+8uoDo
MD5:	1226D7DE44ECA9BB9509F0B478E99206
SHA1:	AA93D8C440D28A574E53FCFB2A353B0E403AFA70
SHA-256:	CFF0443C5E6D46417D567CF2C9950D4CFF333956E8662C05A9C0A1068CEFE88E
SHA-512:	48FFCA0F9BC67E05E61330E981D0CDD4A8A0B1986B8496DA5620A0916AB5EC462B29824142809805F51D1D21D73294F6B0E6DC28D9364CBEB1204F6AA8D59FF9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..[i...i...i...`...c......m......c......m......q......e......j...i...............h.....x.h...i...h......h...Richi...........................PE..d......].........." ................................................................%<....`..........................................}..._......,....`.......p.......*..x....p.......@..T...................8B..(...@A..................(............................text...c........................... ..`.rdata..L...........................@..@.data...............................@....pdata.......p.......&..............@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\Qt5Sql.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	211064
Entropy (8bit):	6.360045719512351
Encrypted:	false
SSDEEP:	3072:BsxtiiIDQwyVuHQ667btzp1i+k9h2w6rV27TNfk9g5NX6:WxJIDQfVuHQ6yH1p2nNc9x
MD5:	D990FBE61CFEBE5C59F84036F2701A16
SHA1:	39089FB83A9B11254BF773D59169FC955D5ED69A
SHA-256:	D8F36E59A9844BB1433C2F2698B3C36D779D8303A5EEC6B8C60E03270B970A30
SHA-512:	7B96A001A00F15FD86116A8839A085412689E845B6E2B64CD11CFDDDBD69DB638808C81EFD4FBBBDF25FCA508D9DADA19ADECCDA5976982339984F9013367FDB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........vH..%H..%H..%A.~%L..%...$J..%;..$J..%...$K..%...$[..%...$B..%...$K..%H..%d..%...$\..%...$I..%...%I..%H.z%I..%...$I..%RichH..%................PE..d......].........." .........L......0........................................p.......v....`..........................................L..Xm......x....P....... ..D(..."..x....`..$.......T...................X...(...`...................h............................text............................... ..`.rdata..x...........................@..@.data...(...........................@....pdata..D(... ...*..................@..@.rsrc........P......................@..@.reloc..$....`......................@..B................................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\Qt5Svg.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	338552
Entropy (8bit):	6.36144564466742
Encrypted:	false
SSDEEP:	6144:FWlnA5MUaGL6ZiziIzE4x8IrVJQ6+SMGou5BjvnMCH4i9iR/+O:FYA5UGYi/SJ
MD5:	C2296A44D727D11373A5C5CE28F40242
SHA1:	921859E2DD844EBA8E0E5997DF49C88F2CF5F656
SHA-256:	B7A538BE653930C8621606DF322F631DFF5B03EDD4BD86BC482626798F841368
SHA-512:	B1BD19296B33555716F1AC201343C3CB58743677083796E4E5E556DD9273394DFDC9D1F0082699CCBC4594C9235BAB887915D61BFF11312FEEC417B7C71CFCBE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............yf..yf..yf......yf...g..yf...g..yf...e..yf...c..yf...b..yf...g..yf..yg..zf...c..yf...f..yf......yf..y..yf...d..yf.Rich.yf.................PE..d......].........." .........,...............................................`......W4....`.........................................`...P....;.......@..........$3......x....P..H...p^..T...................._..(....^..................h............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..$3.......4..................@..@.rsrc........@......................@..@.reloc..H....P......................@..B................................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\Qt5Widgets.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5592184
Entropy (8bit):	6.599431210109492
Encrypted:	false
SSDEEP:	49152:70o5dKNqZ/8KIsJWxK8uHVS8slg1yK0AJGyYBoMhhboPorQKIM+xA6a0ARvYnBH9:9KNqZ9skdELUjY5CzxA6a0ARvYXeAus
MD5:	B74BCF525BE24543C0837A1F0E217296
SHA1:	EE4DD0463A37ADBDAEFF576C1FE973BA3701238F
SHA-256:	6FCC127954B95BB5D3B62E1A88094C3C4395E1585874025521CC7C4B05AABD7D
SHA-512:	2E6831709405190C7D499CDE925B2D0F0053CD05C48651BE785BC94F08A24FA4BE05250C30FB25421F6A5BDD8F7D65255024ECCC16699590183194218958B215
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Fd..'.}.'.}.'.}._.}.'.}:E.\|.'.}:E.\|.'.}:E.\|.'.}:E.\|.'.}.E.\|.'.}(D.\|.'.}.'.}.*.}(D.\|Z'.}(D.\|.'.}(D.}.'.}.'.}.'.}(D.\|.'.}Rich.'.}................PE..d.....].........." ......4... .....\|.4.......................................U......KV...`...........................................C.TQ....L.......U.......Q.(G...>U.x.....U.....`.?.T.....................?.(.....?...............4.Hh...........................text.....4.......4................. ..`.rdata........4.......4.............@..@.data...8.....N.......N.............@....pdata..(G....Q..H...bQ.............@..@.rsrc.........U.......T.............@..@.reloc........U.......T.............@..B................................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\SDIOutAddon.exe

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	238720
Entropy (8bit):	6.238682968518126
Encrypted:	false
SSDEEP:	6144:Ugoh+RnXEvtvUjJGUlxUpkESUzMTDatFc/fG/eTqj7MEA+6NCUvMFM6oycr5Ti:UJwRnXEVvUj1BPi
MD5:	344A5D90E9535EEF8E66D7E40FD948A4
SHA1:	AD430E95962C30B91A315D0F0089F0EC9BA2630F
SHA-256:	918CB3F5586DC5CBF871ADE33581F8DE389339AE0BDC119539595426260CE3A9
SHA-512:	074E50B9364569A41E87C79C1A31D03ECEE4905BC2AD2B8D15624B7808D51A110D8781A24BD8C390179279B09D1F3270F76CEBC226585A045D312B65255C96E4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........J.............x.............................................6.......6...............................4.......4.......Rich............PE..d....K.e..........".................4..........@....................................e.....`................................................. ...\|....................\|...(......\...Xq..T....................s..(....q..8............................................text............................... ..`.rdata...w.......x..................@..@.data...H....p.......R..............@....pdata...............`..............@..@.reloc..\............r..............@..B................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\SDIOutAddon.exe.manifest

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	30761
Entropy (8bit):	5.519495101310609
Encrypted:	false
SSDEEP:	384:OXgPzDHtlM8M2/MD3yXfTBEt87etgXaW8ssvE1cGB0kPE1jyydPTYH0cSaSuiHNC:ZtMr6yb/6pM1jyyxYJSuitC
MD5:	C4150E31D589604C6ABD0F1359637007
SHA1:	182380BA6AFD2D39FE4504BE4A1F7834820FD06B
SHA-256:	EC985BF8231448EB9272112BC25929A1C4A0E1041D6B6C200732F5F20E246FC5
SHA-512:	164C7A5BA53BB01DD2C8209D372C34B5A853B72E5D5B8952F3825EB4C8C3F24F0D16849C4DEDA81851846AEF35C9ECE3E4947F55AA1FCAA1ED1BD580C9AB254A
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">.. <file name="DLLs\Medialooks.Codecs.Core.x64.dll">.. <comClass clsid="{96EB1C14-4CC0-4830-9CC3-F064196B2626}" description="MFSplitter Class" threadingModel="free"/>.. <comClass clsid="{96EB1C64-4CC0-4830-9CC3-F064196B2626}" description="MFDecoder Class" threadingModel="free"/>.. <comClass clsid="{96EB1C74-4CC0-4830-9CC3-F064196B2626}" description="MFMuxer Class" threadingModel="free"/>.. <comClass clsid="{96EB1C94-4CC0-4830-9CC3-F064196B2626}" description="MFEncoder Class" threadingModel="free"/>.. </file>.. <file name="DLLs\Medialooks.Codecs.FFM.x64.dll">.. <comClass clsid="{9285699B-E779-4B2E-92CA-26DDEE01AA2A}" description="MFCaptionsDecoder Class" threadingModel="free"/>.. <comClass clsid="{96EB1F14-4CC0-4830-9CC3-F064196B2626}" description="MFSplitterFFM Class" threadin

C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1563264
Entropy (8bit):	6.63807388426676
Encrypted:	false
SSDEEP:	24576:wwWw5lSr8uDq3f5jiARRJuRAi8KDpEGUB1W3DQYISEaWOdWMQpfrk:q8Cq3Bi4ut+GGAQYISEaW/lpfQ
MD5:	D7C8D83952710C569E3671A42CF71773
SHA1:	877DAD6E03490D476B434F50C83FD2E88093CEA1
SHA-256:	5088E61172C185368EA2B62476968E82B37DA1C433DD899D66102C1EB0119BEC
SHA-512:	D564944B634B42ACB6386000888C63400EB2F088019D1F6B4EAC55619DCDC6AE07A65C35A4A74BF5C797AF1D384766FB65A5098415B0EEF4EE388936532C1965
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......XE...$...$...$...\U..$..NQ...$..NQ...$..NQ..=$..NQ...$...G...$...G...$..JQ...$..NL...$..z..=$..z...$..J...$...Q...$...[...$..z...$..GL...$...$..."...Q...$...Q..\|$...Q9..$...Q...$..Rich.$..........PE..d....L.e.........."......L..........,q.........@....................................K.....`.........................................................@..X\|..............(......d,...V..T....................X..(....V..8............`...5...........................text...3K.......L.................. ..`.rdata......`.......P..............@..@.data...p...........................@....pdata..............x..............@..@.rsrc...X\|...@...~..................@..@.reloc..d,..........................@..B........................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe.manifest

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	30761
Entropy (8bit):	5.519495101310609
Encrypted:	false
SSDEEP:	384:OXgPzDHtlM8M2/MD3yXfTBEt87etgXaW8ssvE1cGB0kPE1jyydPTYH0cSaSuiHNC:ZtMr6yb/6pM1jyyxYJSuitC
MD5:	C4150E31D589604C6ABD0F1359637007
SHA1:	182380BA6AFD2D39FE4504BE4A1F7834820FD06B
SHA-256:	EC985BF8231448EB9272112BC25929A1C4A0E1041D6B6C200732F5F20E246FC5
SHA-512:	164C7A5BA53BB01DD2C8209D372C34B5A853B72E5D5B8952F3825EB4C8C3F24F0D16849C4DEDA81851846AEF35C9ECE3E4947F55AA1FCAA1ED1BD580C9AB254A
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">.. <file name="DLLs\Medialooks.Codecs.Core.x64.dll">.. <comClass clsid="{96EB1C14-4CC0-4830-9CC3-F064196B2626}" description="MFSplitter Class" threadingModel="free"/>.. <comClass clsid="{96EB1C64-4CC0-4830-9CC3-F064196B2626}" description="MFDecoder Class" threadingModel="free"/>.. <comClass clsid="{96EB1C74-4CC0-4830-9CC3-F064196B2626}" description="MFMuxer Class" threadingModel="free"/>.. <comClass clsid="{96EB1C94-4CC0-4830-9CC3-F064196B2626}" description="MFEncoder Class" threadingModel="free"/>.. </file>.. <file name="DLLs\Medialooks.Codecs.FFM.x64.dll">.. <comClass clsid="{9285699B-E779-4B2E-92CA-26DDEE01AA2A}" description="MFCaptionsDecoder Class" threadingModel="free"/>.. <comClass clsid="{96EB1F14-4CC0-4830-9CC3-F064196B2626}" description="MFSplitterFFM Class" threadin

C:\Program Files (x86)\SRTMiniServer\START_NO_NDI.bat

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.6887218755408675
Encrypted:	false
SSDEEP:	3:kt3Z4A5Mn:YZ4uM
MD5:	A3EDDECE90C2CE1B8EAA969AEF405BB5
SHA1:	EB49A72231CE9A2FB54048D55CF8A0301936D133
SHA-256:	390A92CB8B5F9A9CCC718AAA9547A065167442CA0624A6348A24E8618586E194
SHA-512:	40DC8359A4C6EBF31876D46B1138C94AD6BE4281F52CC6D83FA50D2E66F238E599BCC744A94A9E0CF57FC933D990D49B3F57D02D559D5CC3D80CCED22BC6BF1C
Malicious:	false
Reputation:	low
Preview:	SRTMiniServer.exe no_ndi

C:\Program Files (x86)\SRTMiniServer\WEB\bootstrap.min.css

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	ASCII text, with very long lines (65319), with CRLF line terminators
Category:	dropped
Size (bytes):	155764
Entropy (8bit):	5.066642470765085
Encrypted:	false
SSDEEP:	1536:M/xImT+IcCQYYDnDEBi83NcuSEk/ekX/uKiq3SYiLENM6HN264:M/Riz7G3q3SYiLENM6HN264
MD5:	8FE70898895271DDC62823321011273A
SHA1:	60F0159744E3B554A45DA027F9E7FAA992AED71A
SHA-256:	AE576713BC196098F7438DEDE6FF1F835A23291C32B745AD7E6FB6DB809A719B
SHA-512:	A37D9F7728554BB6C241D68303E0F09BD427F061A681CF61BDDDF1DDA40A0C77C10E3E0BF8E58F1D31C1AF14DF7E5941C26EE53B065E35454EA8CDFFB47392EE
Malicious:	false
Reputation:	low
Preview:	/!.. Bootstrap v4.3.1 (https://getbootstrap.com/).. * Copyright 2011-2019 The Bootstrap Authors.. * Copyright 2011-2019 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. /:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace},::after,::before{box-si

C:\Program Files (x86)\SRTMiniServer\WEB\bootstrap.min.js

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	ASCII text, with very long lines (57791), with CRLF line terminators
Category:	dropped
Size (bytes):	58078
Entropy (8bit):	5.248934854412323
Encrypted:	false
SSDEEP:	768:BwYyDyKAmHVaS3m3Dqp0NwCkXDtdFDLmTV+miDNJcJiQMRqyPiYtB6UvcCg8YGxV:BwTKktDLmTF8yJL45XtHjoGL
MD5:	0A958254DB529F99F475080FE2A6DCDB
SHA1:	EEBC17246F2BEDA813DD3372593CC54A152F9CB4
SHA-256:	3BCD802E9F77849E7C1E93C87279FBBB04D45949D2BE79B03566CEACDE29B158
SHA-512:	327BF409CDD167171A300EF7F95FAC5CBC802320B2872EA845EC434FF7987A21CB0F0346A8EB3CB891447B98E2E622C3D721BC295BF4F26E763659DBB8A09940
Malicious:	false
Reputation:	low
Preview:	/!.. Bootstrap v4.3.1 (https://getbootstrap.com/).. * Copyright 2011-2019 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors).. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */..!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e((t=t\|\|self).bootstrap={},t.jQuery,t.Popper)}(this,function(t,g,u){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(o){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{},e=Object.keys(r);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(r).filter(function(t){return Object.getOwnPropertyDescr

C:\Program Files (x86)\SRTMiniServer\WEB\code.js

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	3275
Entropy (8bit):	5.282483775398536
Encrypted:	false
SSDEEP:	96:zSAnFMbVRitnciiIncQsg6skA3iVxBsXeGP4n+iKsDsC:zS+t0BtKIuAX
MD5:	548ED5E4985F579C56161224EF394CCB
SHA1:	76A9D74C1268EDBDE9F66A6232BE4612A5EF40D9
SHA-256:	DFCAEFD1E4D6D27B3D85322691C65BD20ECC2C3A508BFC768F4CC12E84FF26A8
SHA-512:	E552A16924C90063E3D66598F64EB4F9C359FF69B89F73030458DD547398B7A81DC60782DE76D47BF7A88C170C423F41E039F62E04EDE5559DEA59AC3BF9B79C
Malicious:	false
Reputation:	low
Preview:	var g_timer = undefined;....var g_client = new Vue({.. el: '#mainApp',.. data:{...secret_key: '',...items: [],...error: '',...last_line_modal_open: -1.. },.... methods:{...start: function(){... this.loadInfo();...},.....signURL: function(path){....... // for unsecure-way... if(!this.secret_key)....return path;..... // for true way... var ts = new Date().getTime(); ... var s = ts + ":" + this.secret_key;... var sign = md5(s);... // console.log(sign);... ... res = path + "?tick="+ ts + "&sign=" + sign;... // console.log(res);... return res;...},......loadInfo:function(){... this.error = '';... $.getJSON(this.signURL('/api/v1/read'), function(data){....this.items = data;....g_timer = setTimeout(this.loadInfo, 4000);... }.bind(this)).fail(....function(r){.... this.error = r.responseText\|\|'unknown error';}.bind(this));...},.....disconnect: function(linenum){... if(!confirm('Are you sure?'))....return;... ... var url = '/ap

C:\Program Files (x86)\SRTMiniServer\WEB\index.html

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	7156
Entropy (8bit):	5.14160857108203
Encrypted:	false
SSDEEP:	96:iBSPVPrgRfdfI+qyF15HesPNXwiEkTqBjJoW1DbkD1RjwKjH:gS9kpBb+HdAA9TQTT7
MD5:	135E5A1A4BFFBB887B33133E9287ED4B
SHA1:	E680A28E2C13892C3E7ED999668EEE641E295CB5
SHA-256:	F8E7BFFF55E3F716AE1D97D3D0EF5947C1B3BD7FB9227AA2C5C7C74049210EFE
SHA-512:	C6ADEA491B3406AB659B0E442DB9C38712904CAB1D1814D42A3A685013FF5B83221F723D8C9AC199B69F316544E5F80B12CF22E9D6DB8C79D3CC3808E029CA8F
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>..<html lang="en">....<head>.. <meta charset="utf-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1">.... <title>SRTMiniServer Remote Control</title>.. <script src="/jquery-3.4.1.min.js"></script>.. <script src="/bootstrap.min.js"></script>.... <link rel="stylesheet" href="/bootstrap.min.css">.... <script src="/md5.min.js"></script>...... <script src="/vue.min.js"></script>.. <style>.. div.state {.. width: 25px;.. height: 25px;.. float: right;.. }.... div.clsDISABLE {.. background: lightgray;.. }.... div.clsNOTACTIVE {.. background: lightgray;.. }.... div.clsWAIT {.. background: yellow;.. }.... div.clsCONNECTED {.. background: green;.. }.... #previewImg {.. display: none;.. width: 100%;.. height: 100%;.. margin: 20px;.. overflow: hidden;.. }.. </style>....</head>....<body>.. <div class="

C:\Program Files (x86)\SRTMiniServer\WEB\jquery-3.4.1.min.js

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	ASCII text, with very long lines (65450), with CRLF line terminators
Category:	dropped
Size (bytes):	88147
Entropy (8bit):	5.291368969514295
Encrypted:	false
SSDEEP:	1536:jTExXUZinxD7oPEZxkMV4SYKFMbRHZ6H5HOHCWrcElzuu7BRCKKBEqBsojZlOPmt:jgZm0H5HO5+gCKWZyPmHQ47GKR
MD5:	A6B6350EE94A3EA74595C065CBF58AF0
SHA1:	B15F7CFA79519756DFF1AD22553FD0ED09024343
SHA-256:	412B8FF9C5AB32B9019FCD84BCD4A54C0E265A14528474F4EE45B27A20ABEAEB
SHA-512:	F5A9C6AEE347C155E4DD796C51716B7447BC22AE44741FCEB6BCFEE02F955AD4063D38613F241108A3E1F3E1F540FCAED8D9848B9A0FB823C00955CF9A19EFAD
Malicious:	false
Reputation:	low
Preview:	/! jQuery v3.4.1 \| (c) JS Foundation and other contributors \| jquery.org/license /..!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],E=C.document,r=Object.getPrototypeOf,s=t.slice,g=t.concat,u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?n[o.call(e)]\|\|"object":typeof e}va

C:\Program Files (x86)\SRTMiniServer\WEB\md5.min.js

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	ASCII text, with very long lines (3730), with CRLF line terminators
Category:	dropped
Size (bytes):	3767
Entropy (8bit):	5.162847936696883
Encrypted:	false
SSDEEP:	96:zUTvi9tF3qfkOs+NQ/1Cqg41qNtP+qrmi3:o+9H31Os+NQ/sqgPjP7rmi3
MD5:	D42FF83C2D527CDAB773855CFE523561
SHA1:	C27927A82941BA972C140ABF26AD82E04C32D86A
SHA-256:	9265EA6EE06A36211EF80E33821B309020E5C40C972CF70A07F10577C0CCE549
SHA-512:	FA6AE19064268F7E3ADF24578142739E80BF09A2B23F039B1A3E9FA8AFF19D055AD2E3DB5C0758075C4B96D38337DE33E9A5CCD9D04DB3EFBF0CC6C9EEDA14C2
Malicious:	false
Reputation:	low
Preview:	!function(n){"use strict";function t(n,t){var r=(65535&n)+(65535&t);return(n>>16)+(t>>16)+(r>>16)<<16\|65535&r}function r(n,t){return n<<t\|n>>>32-t}function e(n,e,o,u,c,f){return t(r(t(t(e,n),t(u,f)),c),o)}function o(n,t,r,o,u,c,f){return e(t&r\|~t&o,n,t,u,c,f)}function u(n,t,r,o,u,c,f){return e(t&o\|r&~o,n,t,u,c,f)}function c(n,t,r,o,u,c,f){return e(t^r^o,n,t,u,c,f)}function f(n,t,r,o,u,c,f){return e(r^(t\|~o),n,t,u,c,f)}function i(n,r){n[r>>5]\|=128<<r%32,n[14+(r+64>>>9<<4)]=r;var e,i,a,d,h,l=1732584193,g=-271733879,v=-1732584194,m=271733878;for(e=0;e<n.length;e+=16)i=l,a=g,d=v,h=m,g=f(g=f(g=f(g=f(g=c(g=c(g=c(g=c(g=u(g=u(g=u(g=u(g=o(g=o(g=o(g=o(g,v=o(v,m=o(m,l=o(l,g,v,m,n[e],7,-680876936),g,v,n[e+1],12,-389564586),l,g,n[e+2],17,606105819),m,l,n[e+3],22,-1044525330),v=o(v,m=o(m,l=o(l,g,v,m,n[e+4],7,-176418897),g,v,n[e+5],12,1200080426),l,g,n[e+6],17,-1473231341),m,l,n[e+7],22,-45705983),v=o(v,m=o(m,l=o(l,g,v,m,n[e+8],7,1770035416),g,v,n[e+9],12,-1958414417),l,g,n[e+10],17,-42063),m,l,n[e+1

C:\Program Files (x86)\SRTMiniServer\WEB\vue.min.js

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	ASCII text, with very long lines (65445), with CRLF line terminators
Category:	dropped
Size (bytes):	86405
Entropy (8bit):	5.2345246771384755
Encrypted:	false
SSDEEP:	1536:YLZlSVs7FGil28bu82QAqKcxqUrY5yVqhAsryo:glMu2WpnKcxhYEVKAsWo
MD5:	3F96EEF2EA71F95E3EF47502FBACA5FF
SHA1:	7595DF905B7B1F59C0575EF9E622F8074F4F3960
SHA-256:	08598E8F5553EDCE0A9E698B040AECC4D22D9D824EF88458A01A11BDF92C7DAE
SHA-512:	9537CE90F01E4B1B2BE6CD33B77CAE86CBF5CC5173E9503406A1FBC5FC101BA8216CF03B91662DE77088722137582B6468089A5243EF07C3096E10555AAE7905
Malicious:	false
Reputation:	low
Preview:	/!.. Vue.js v2.5.8.. * (c) 2014-2017 Evan You.. * Released under the MIT License... */..!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):e.Vue=t()}(this,function(){"use strict";function e(e){return void 0===e\|\|null===e}function t(e){return void 0!==e&&null!==e}function n(e){return!0===e}function r(e){return!1===e}function i(e){return"string"==typeof e\|\|"number"==typeof e\|\|"boolean"==typeof e}function o(e){return null!==e&&"object"==typeof e}function a(e){return"[object Object]"===Si.call(e)}function s(e){return"[object RegExp]"===Si.call(e)}function c(e){var t=parseFloat(String(e));return t>=0&&Math.floor(t)===t&&isFinite(e)}function u(e){return null==e?"":"object"==typeof e?JSON.stringify(e,null,2):String(e)}function l(e){var t=parseFloat(e);return isNaN(t)?e:t}function f(e,t){for(var n=Object.create(null),r=e.split(","),i=0;i<r.length;i++)n[r[i]]=!0;return t?function(e){return n[e.toLowerCase()]}

C:\Program Files (x86)\SRTMiniServer\WinSparkle.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1854976
Entropy (8bit):	6.293225162957466
Encrypted:	false
SSDEEP:	49152:hkrhiW6awi1fLs8mNSB8m7MLVjTUhBFJi35ky:bWY6vx7BJi35k
MD5:	203518EF7EF3379BA08FA64484EBF8BE
SHA1:	4C145C2253759C0EC00EC988D44E742A052D4071
SHA-256:	62A8198984DFECB5E561931B19D4C9079CB9A042CD63D54E8930C2EA7ACE52EE
SHA-512:	D80F7DB9D395A13DE9C26BC40637E2022F874F7EE3C91229D84756D53007C358248C730A70E3410E48595B27F7F23C796D065E2F5184283BA3F958D62944F85C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......b.\W&.2.&.2.&.2.....4.2.......2.....:.2...1...2...7...2...6...2./.....2./...'.2./...1.2.&.3..2...;...2...2.'.2.....'.2.&...$.2...0.'.2.Rich&.2.........................PE..d......Y.........." .........H...............................................@............`......................................... .......$........0.. ....@..X...............<t......T...........................@................................................text... ........................... ..`.rdata...D.......F..................@..@.data....(..........................@....pdata..X....@.......v..............@..@.gfids..<.... .......L..............@..@.rsrc... ....0.......P..............@..@.reloc..<t.......v..................@..B................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\avcodec-58.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	16499712
Entropy (8bit):	6.094485096442523
Encrypted:	false
SSDEEP:	98304:oh9ScxYmjRIuSh7Hw88kgYAZ0QnLvYCP8lwuL21LP/xBC/b+yZ0pJM2fgyWQ3:oh9SjmdYh74hRvalwR//C/JkM2flWQ
MD5:	C51E95E9BBDBF9CA4DA138284C27D4D3
SHA1:	53C24A7B4FC43DE83FF6FC85012DF19D3C703C80
SHA-256:	1A554DC0931D17848E4AD520DD82DA4DC6B8F65E7A1F1C2F3ADEF6311AAF0F32
SHA-512:	F5A737B9C66681A6173FC987D74AA99812533F2E1A0D5C986D6E3D9DB26BDE99E7CD60A7570A3A8E379C30E6C0DCCEFFBCFC23552BC16D1E94FBF935F608A2C7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........r\|..r\|..r\|......r\|...y..r\|.>...r\|..,...r\|..,y..r\|..,x..r\|...x..r\|...}..r\|..,}..r\|..r}..s\|..r\|..r\|..,x.8q\|..,\|..r\|..,~..r\|.Rich.r\|.........................PE..d...m..a.........." .....(..........-B....................................... l...........`.........................................Pa...%...}i.x.............d..M............j.....ps..8............................s...............pi..............................text....'.......(.................. ..`.rdata...F<..@...H<..,..............@..@.data.....s..........t..............@....pdata.......d......z..............@..@.idata..`9...pi..:...8..............@..@.gfids........i......r..............@..@_RDATA..i.....i......v..............@..@.00cfg........j......B..............@..@.reloc...~....j......D..............@..B........................................................................................

C:\Program Files (x86)\SRTMiniServer\avcodec.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	16499712
Entropy (8bit):	6.094485096442523
Encrypted:	false
SSDEEP:	98304:oh9ScxYmjRIuSh7Hw88kgYAZ0QnLvYCP8lwuL21LP/xBC/b+yZ0pJM2fgyWQ3:oh9SjmdYh74hRvalwR//C/JkM2flWQ
MD5:	C51E95E9BBDBF9CA4DA138284C27D4D3
SHA1:	53C24A7B4FC43DE83FF6FC85012DF19D3C703C80
SHA-256:	1A554DC0931D17848E4AD520DD82DA4DC6B8F65E7A1F1C2F3ADEF6311AAF0F32
SHA-512:	F5A737B9C66681A6173FC987D74AA99812533F2E1A0D5C986D6E3D9DB26BDE99E7CD60A7570A3A8E379C30E6C0DCCEFFBCFC23552BC16D1E94FBF935F608A2C7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........r\|..r\|..r\|......r\|...y..r\|.>...r\|..,...r\|..,y..r\|..,x..r\|...x..r\|...}..r\|..,}..r\|..r}..s\|..r\|..r\|..,x.8q\|..,\|..r\|..,~..r\|.Rich.r\|.........................PE..d...m..a.........." .....(..........-B....................................... l...........`.........................................Pa...%...}i.x.............d..M............j.....ps..8............................s...............pi..............................text....'.......(.................. ..`.rdata...F<..@...H<..,..............@..@.data.....s..........t..............@....pdata.......d......z..............@..@.idata..`9...pi..:...8..............@..@.gfids........i......r..............@..@_RDATA..i.....i......v..............@..@.00cfg........j......B..............@..@.reloc...~....j......D..............@..B........................................................................................

C:\Program Files (x86)\SRTMiniServer\avcodec.lib

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	current ar archive
Category:	dropped
Size (bytes):	58100
Entropy (8bit):	5.008297750858528
Encrypted:	false
SSDEEP:	768:LdQerEFYpgBTWMhzrQgBfSdDw7zzpQrFpBNIKBzfNwjdeEYgDDnSvDG7V/S1KEWq:LMRQgBfSQEI6zfWnSfQle88D
MD5:	E46E362EFCCA763C15252C2509364ED0
SHA1:	A0826A17B1EC9F663A4200AF02D2FD308DD0D131
SHA-256:	95E4CEC9D247BAEEFBF7C095627680D671837F31611F09352D8360FD211C245F
SHA-512:	9C15AACD2B8C8B4AE8D8E77D4DEF31A36208D7732A63BB2FB305FE2B0C2FDAFA8884F35D785DC03B50D60FE24F4DD8EAC5327E9C8C0E5DC66EE192B1356487B7
Malicious:	false
Reputation:	low
Preview:	!<arch>./ 1627653229 0 14180 `.......oR..q...r...t"..t"..t...t...u...u...u...u...u...u...vv..vv..v...v...wZ..wZ..w...w...x2..x2..x...x...y...y...y...y...y...y...zd..zd..z...z...{H..{H..{...{...\|0..\|0..\|...\|...}...}...}...}...}...}...~j..~j..~...~....\...\...........X...X...........D...D...........8...8........... ... ...................~...~...........p...p...........d...d...........J...J...........:...:...................\|...\|...........h...h...........P...P...........:...:...................................`...`...........<...<...........4...4..........."..."...................................`...`...........<...<...................................n...n...........F...F...........<...<...........2...2...........$...$...................\|...\|...........^...^...........J...J...........<...<...................................................t...t...........f...f...........\...\...........<...<...................................j...j...........J...J....

C:\Program Files (x86)\SRTMiniServer\avdevice-58.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	766464
Entropy (8bit):	5.86155240126907
Encrypted:	false
SSDEEP:	6144:IVXvwliMJxngToONU3B9FcY0QpdHKnrDueT0fzh71FP/TCWCONzHOv8r4dgkEbw0:FiMJ9iU3BDrkneV3nFHOv8rKgkE8bh
MD5:	64B92D4AD54400169C266EAB0BB76E83
SHA1:	B42C63DBD817FAA437E735A94A3EC038378CFBA5
SHA-256:	BC3AEE9BC7EB1DA65F30E53E20CE912C9680E70D526B8318AD8ABD0BF4B97419
SHA-512:	8B1F22DBF4189DA73047225A8D83857681313C3C1755088223B665D997E3D9A9EAD3AE531AE741C1B109520FD2E56BC55DA509516B6435DAAAEB8EFD9949FA9D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... C.N..N..N...M..N...K.D.N.r:...N...M..N...K...N...J...N...J...N...O..N.F.O..N..O.3.N.F.J..N.F.N..N.F.L..N.Rich.N.........................PE..d......a.........." .................D.......................................0............`.............................................d....................P..D[..................0\..8...........................p\...............................................text.............................. ..`.rdata..t2.......4..................@..@.data....4..........................@....pdata...e...P...f..................@..@.idata..A-...........l..............@..@.gfids..............................@..@.00cfg..............................@..@.reloc..............................@..B........................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\avdevice.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	766464
Entropy (8bit):	5.86155240126907
Encrypted:	false
SSDEEP:	6144:IVXvwliMJxngToONU3B9FcY0QpdHKnrDueT0fzh71FP/TCWCONzHOv8r4dgkEbw0:FiMJ9iU3BDrkneV3nFHOv8rKgkE8bh
MD5:	64B92D4AD54400169C266EAB0BB76E83
SHA1:	B42C63DBD817FAA437E735A94A3EC038378CFBA5
SHA-256:	BC3AEE9BC7EB1DA65F30E53E20CE912C9680E70D526B8318AD8ABD0BF4B97419
SHA-512:	8B1F22DBF4189DA73047225A8D83857681313C3C1755088223B665D997E3D9A9EAD3AE531AE741C1B109520FD2E56BC55DA509516B6435DAAAEB8EFD9949FA9D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... C.N..N..N...M..N...K.D.N.r:...N...M..N...K...N...J...N...J...N...O..N.F.O..N..O.3.N.F.J..N.F.N..N.F.L..N.Rich.N.........................PE..d......a.........." .................D.......................................0............`.............................................d....................P..D[..................0\..8...........................p\...............................................text.............................. ..`.rdata..t2.......4..................@..@.data....4..........................@....pdata...e...P...f..................@..@.idata..A-...........l..............@..@.gfids..............................@..@.00cfg..............................@..@.reloc..............................@..B........................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\avdevice.lib

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	current ar archive
Category:	dropped
Size (bytes):	6336
Entropy (8bit):	4.97017567162833
Encrypted:	false
SSDEEP:	48:nbCUApZJXqiH4/dVk6s+bsHg/PeKKoyAOu2eeKxD3YFeKbx/7/AP56JkYZUFIacl:nbCUA1qbdVkqI5KcKxDvKb5zQMJbZCx6
MD5:	17C2C64C919188122ECD625E960E392D
SHA1:	7665D09B4FD4E998F8FE64E2BE540F4A7227AFC6
SHA-256:	A17E6E146C0D312E58350683A6274ED120F51D0C910C8C3F8E365E95104CE833
SHA-512:	259A6EDE6F7437A77B03BE760DFC5B81782F7D9E50E34359B88AFBB5F920EC3594E695048ACA3D51ED723ADCF5AE2382948E576F322169581005D142EBE2A934
Malicious:	false
Reputation:	low
Preview:	!<arch>./ 1627653301 0 1324 `....)...........V...........0...0...................................................................................\|...\|...........j...j...........\...\...........N...N__IMPORT_DESCRIPTOR_avdevice-58.__NULL_IMPORT_DESCRIPTOR..avdevice-58_NULL_THUNK_DATA.__imp_av_device_capabilities.av_device_capabilities.__imp_av_device_ffversion.av_device_ffversion.__imp_av_fopen_utf8.av_fopen_utf8.__imp_av_input_audio_device_next.av_input_audio_device_next.__imp_av_input_video_device_next.av_input_video_device_next.__imp_av_output_audio_device_next.av_output_audio_device_next.__imp_av_output_video_device_next.av_output_video_device_next.__imp_avdevice_app_to_dev_control_message.avdevice_app_to_dev_control_message.__imp_avdevice_capabilities_create.avdevice_capabilities_create.__imp_avdevice_capabilities_free.avdevice_capabilities_free.__imp_avdevice_configuration.avdevice_configuration.__imp_avdevice_dev_to_app_control_message.avdevi

C:\Program Files (x86)\SRTMiniServer\avfilter-7.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5238784
Entropy (8bit):	5.797359864609232
Encrypted:	false
SSDEEP:	49152:wPWV80ghqa3gC24Y2IAHk/c8hvlBgMtDNeav4NBNjh4jsjFmnWD7gIhaSu6aAP/S:wmRrP2gZDze3BTnI
MD5:	16349AD59F50BD87D680EC80B2F9A62D
SHA1:	C143C1F639A5F760020C910C8ECDC8F6792B387C
SHA-256:	4CC7D312149EE591FD2FA0A5B2BB6C6D9009BF96B26E4FDEB8BFB5719DC35DDF
SHA-512:	B75483218817D57C6DCC567B5A77AF9723DC53B5AF8011DBDEAC58A15A720D98917EFDA5BAD52BECCB7693621A6B619C6E5223C2F9C75B0CECD0D1A34C12AF6D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............h~.h~.h~...z..h~...}.h~...{..h~.....h~.6}.h~.6{.h~.6z.h~.'6..h~.h...i~.h~.h~.'6z..i~.'6~.h~.'6\|.h~.Rich.h~.................PE..d......a.........." ......9..<......aJ........................................P...........`.........................................0.K.......N...............L...............O.....p;G.8............................;G...............N..............................text.....9.......9................. ..`.rdata..7....09...... 9.............@..@.data....s...0K.......K.............@....pdata........L.......L.............@..@.idata...<....N..>..."N.............@..@.gfids........O......`N.............@..@_RDATA........O......dN.............@..@.00cfg........O.......O.............@..@.reloc........O...... O.............@..B........................................................................................................

C:\Program Files (x86)\SRTMiniServer\avfilter.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5238784
Entropy (8bit):	5.797359864609232
Encrypted:	false
SSDEEP:	49152:wPWV80ghqa3gC24Y2IAHk/c8hvlBgMtDNeav4NBNjh4jsjFmnWD7gIhaSu6aAP/S:wmRrP2gZDze3BTnI
MD5:	16349AD59F50BD87D680EC80B2F9A62D
SHA1:	C143C1F639A5F760020C910C8ECDC8F6792B387C
SHA-256:	4CC7D312149EE591FD2FA0A5B2BB6C6D9009BF96B26E4FDEB8BFB5719DC35DDF
SHA-512:	B75483218817D57C6DCC567B5A77AF9723DC53B5AF8011DBDEAC58A15A720D98917EFDA5BAD52BECCB7693621A6B619C6E5223C2F9C75B0CECD0D1A34C12AF6D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............h~.h~.h~...z..h~...}.h~...{..h~.....h~.6}.h~.6{.h~.6z.h~.'6..h~.h...i~.h~.h~.'6z..i~.'6~.h~.'6\|.h~.Rich.h~.................PE..d......a.........." ......9..<......aJ........................................P...........`.........................................0.K.......N...............L...............O.....p;G.8............................;G...............N..............................text.....9.......9................. ..`.rdata..7....09...... 9.............@..@.data....s...0K.......K.............@....pdata........L.......L.............@..@.idata...<....N..>..."N.............@..@.gfids........O......`N.............@..@_RDATA........O......dN.............@..@.00cfg........O.......O.............@..@.reloc........O...... O.............@..B........................................................................................................

C:\Program Files (x86)\SRTMiniServer\avfilter.lib

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	current ar archive
Category:	dropped
Size (bytes):	18062
Entropy (8bit):	4.9900150569814095
Encrypted:	false
SSDEEP:	192:ac0oTFT5V1nNRS2qTSJLoPn+G75uyXT1k+GUJhqpWKpP2KgO+Px+49:ac0oTF/RSf+Zya+ZePzUJD
MD5:	0BE24344F0B26B2D6E4993233ACD47BD
SHA1:	80BE3AC2AD082527BDA94DCD6F176259B50E20BC
SHA-256:	704081D214C16B0F3FD402C5A236B92E47CCFCE482C24351E1A5A5626B66326A
SHA-512:	8A17290FB019BB920D69584D49D44098EC77B45E81D08D77959CD9A036A11052315FF2A00D560C08E521C0C84AAC4B51D6E03CD85EAC956F4784D8B37AC6BE84
Malicious:	false
Reputation:	low
Preview:	!<arch>./ 1627653292 0 4288 `......."...$@..%z..&...&...'V..'V..'...'...(P..(P..(...(...)@..)@..)...)...:..:........+...+...+...+...,2..,2..,...,...-(..-(..-...-.................../.../.../~../~../.../...0l..0l..0...0...1n..1n..1...1...2b..2b..2...2...3H..3H..3...3...42..42..4...4...5...5...5...5...5...5...6p..6p..6...6...7b..7b..7...7...8R..8R..8...8...9@..9@..:..:..9...9...:...:...;...;...;...;...<...<...<...<...=...=...=\|..=\|..=...=...>d..>d..>...>...?J..?J..?...?...@..@..@...@...A...A...A...A...B...B...Bz..Bz..B...B...Cb..Cb..C...C...DP..DP..D...D...E8..E8..E...E...F...F.__IMPORT_DESCRIPTOR_avfilter-7.__NULL_IMPORT_DESCRIPTOR..avfilter-7_NULL_THUNK_DATA.__imp_av_abuffersink_params_alloc.av_abuffersink_params_alloc.__imp_av_buffersink_get_channel_layout.av_buffersink_get_channel_layout.__imp_av_buffersink_get_channels.av_buffersink_get_channels.__imp_av_buffersink_get_format.av_buffersink_get_format.__imp_av_buffersink_get_frame.av_buffe

C:\Program Files (x86)\SRTMiniServer\avformat-58.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3654144
Entropy (8bit):	5.812478515063854
Encrypted:	false
SSDEEP:	49152:JOitYRE+tgqVVdoi7KG/sM9GTjoFC6rkQZBoy2mIYcj13IZS7an0swH+:+E+tgqVUi7KG/sQGn6J2mHf
MD5:	FD344F58FABDB9F27DB2FD817CEB27A5
SHA1:	46C44FC2AB224795A16FC9A597A8542D226AEACB
SHA-256:	2D7EC29897CC15680C99FDDFA5EAA4818D88076B8C19ABE7427D55DFC3FD8EA5
SHA-512:	69F80B5E355F7223D43BB25A50627B9FD2FDAA4DC7BB6EB257F7383203BBE0F22E0A738F13771ABE8549CF0D1900F32E2AEDF935F99A683A94D7C8C6A37D641A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................FAU........................r.........?...r...?...r......r......Rich...................PE..d......a.........." .....`'.........}L.......................................08...........`.........................................pE3. ....C7.x............P5.X.............7..K..../.8...........................P./..............07..............................text....^'......`'................. ..`.rdata.......p'......d'.............@..@.data...Q....`3......T3.............@....pdata.......P5.......5.............@..@.idata...S...07..T....6.............@..@.gfids........7......F7.............@..@.00cfg........7......J7.............@..@.reloc...t....7..v...L7.............@..B................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\avformat.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3654144
Entropy (8bit):	5.812478515063854
Encrypted:	false
SSDEEP:	49152:JOitYRE+tgqVVdoi7KG/sM9GTjoFC6rkQZBoy2mIYcj13IZS7an0swH+:+E+tgqVUi7KG/sQGn6J2mHf
MD5:	FD344F58FABDB9F27DB2FD817CEB27A5
SHA1:	46C44FC2AB224795A16FC9A597A8542D226AEACB
SHA-256:	2D7EC29897CC15680C99FDDFA5EAA4818D88076B8C19ABE7427D55DFC3FD8EA5
SHA-512:	69F80B5E355F7223D43BB25A50627B9FD2FDAA4DC7BB6EB257F7383203BBE0F22E0A738F13771ABE8549CF0D1900F32E2AEDF935F99A683A94D7C8C6A37D641A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................FAU........................r.........?...r...?...r......r......Rich...................PE..d......a.........." .....`'.........}L.......................................08...........`.........................................pE3. ....C7.x............P5.X.............7..K..../.8...........................P./..............07..............................text....^'......`'................. ..`.rdata.......p'......d'.............@..@.data...Q....`3......T3.............@....pdata.......P5.......5.............@..@.idata...S...07..T....6.............@..@.gfids........7......F7.............@..@.00cfg........7......J7.............@..@.reloc...t....7..v...L7.............@..B................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\avformat.lib

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	current ar archive
Category:	dropped
Size (bytes):	41278
Entropy (8bit):	5.006751445989004
Encrypted:	false
SSDEEP:	768:0YK+VYrqBkf5uBIaYqkSPW8VrBlGMASKOsE8xYNrY7jt9:0YKhuBI+PWkuy8x/9
MD5:	2F99AEEC722798D348FC5FE33A902A8C
SHA1:	B11DB6D65C4AE194F634C9CB0C04913E75E0DF2C
SHA-256:	5AEF734CCDD507DDBE4A0B9A0C0F8E25EFFE2062BE14CF9679080B4433820010
SHA-512:	D116478619E91DB09B71C66DC44C9A3BA87C2437BB7B75772A33EBAD1C8D30B2EC1BA3A033457C20C17CC8D1C54FFF790BD1FD07A7A7F15D6654D1F4993907E7
Malicious:	false
Reputation:	low
Preview:	!<arch>./ 1627653258 0 9648 `....e..K...N$..O^..P...P...Q4..Q4..Q...Q...R"..R"..R...R...S...S...Sv..Sv..S...S...TZ..TZ..T...T...UB..UB..U...U...V4..V4..V...V...W&..W&..W...W...X...X...X...X...Y...Y...Y...Y...Z...Z...Z...Z...[...[...[z..[z..[...[...\r..\r..\...\...]n..]n..]...]...^j..^j..^...^..._j.._j.._..._...`V..`V..`...`...aN..aN..a...a...b<..b<..b...b...c"..c"..c...c...d...d...dv..dv..d...d...e`..e`..e...e...f@..f@..f...f...g6..g6..g...g...h(..h(..h...h...i...i...i...i...iz..iz..jZ..jZ..j...j...kH..kH..k...k...l6..l6..l...l...m..m..m...m...n...n...nt..nt..n...n...o^..o^..o...o...pF..pF..p...p...q,..q,..q...q...r ..r ..r...r...s...s...s...s...t...t...t...t...u...u...u...u...v...v...v\|..v\|..v...v...wf..wf..w...w...x\..x\..x...x...yR..yR..y...y...zD..zD..z...z...{..{..{...{...\|...\|...\|...\|...}...}...}...}...~...~...~z..~z..~...~....r...r...........\...\...........F...F...........<...<...........<...<...................................j...j....

C:\Program Files (x86)\SRTMiniServer\avutil-56.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1519104
Entropy (8bit):	5.915092115142045
Encrypted:	false
SSDEEP:	24576:lBZ6ZbAN9x7HblmLHEVgK8GeYmPBSGePW:lzqbA9x770LkWK8GoPBSG
MD5:	74F6769953D29A4E27CB20F56D138794
SHA1:	7C5C3E5A8BE913B9A6B31674FDDFBDFBE40A7F6D
SHA-256:	3A57E12FF2B3F2EC80EDD55BB356AB86221DEEEA7902DE892C329FAB789BD041
SHA-512:	329C1AFFB7228B534DDAC2DE97FBABCE8DBA9AF140397D6B9B0C2522787B68A664CA983EA0E8EF2ADD26695FD619268402F3B71200B4FE9DABA99652648720DC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Va..7.A.7.A.7.A.S.@.7.A.S.@.7.A.S.@.7.A;..A.7.A.i.@.7.A.i.@.7.A.i.@.7.A.S.@.7.A.7.A.7.A.7.A.7.A.i.@.7.A.i.@.7.A.i.@.7.ARich.7.A........................PE..d...^..a.........." .....~...R-......R....................................... ?...........`.........................................p...$M....>.P.............=...............>..... ...8...........................`.................>..............................text...M\|.......~.................. ..`.rdata...r.......t..................@..@.data...Y.'.........................@....pdata.......=.....................@..@.idata........>.....................@..@.gfids........>.....................@..@_RDATA........>.....................@..@.00cfg........>.....................@..@.reloc...<....>..>..................@..B................................................................................................

C:\Program Files (x86)\SRTMiniServer\avutil.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1519104
Entropy (8bit):	5.915092115142045
Encrypted:	false
SSDEEP:	24576:lBZ6ZbAN9x7HblmLHEVgK8GeYmPBSGePW:lzqbA9x770LkWK8GoPBSG
MD5:	74F6769953D29A4E27CB20F56D138794
SHA1:	7C5C3E5A8BE913B9A6B31674FDDFBDFBE40A7F6D
SHA-256:	3A57E12FF2B3F2EC80EDD55BB356AB86221DEEEA7902DE892C329FAB789BD041
SHA-512:	329C1AFFB7228B534DDAC2DE97FBABCE8DBA9AF140397D6B9B0C2522787B68A664CA983EA0E8EF2ADD26695FD619268402F3B71200B4FE9DABA99652648720DC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Va..7.A.7.A.7.A.S.@.7.A.S.@.7.A.S.@.7.A;..A.7.A.i.@.7.A.i.@.7.A.i.@.7.A.S.@.7.A.7.A.7.A.7.A.7.A.i.@.7.A.i.@.7.A.i.@.7.ARich.7.A........................PE..d...^..a.........." .....~...R-......R....................................... ?...........`.........................................p...$M....>.P.............=...............>..... ...8...........................`.................>..............................text...M\|.......~.................. ..`.rdata...r.......t..................@..@.data...Y.'.........................@....pdata.......=.....................@..@.idata........>.....................@..@.gfids........>.....................@..@_RDATA........>.....................@..@.00cfg........>.....................@..@.reloc...<....>..>..................@..B................................................................................................

C:\Program Files (x86)\SRTMiniServer\avutil.lib

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	current ar archive
Category:	dropped
Size (bytes):	122452
Entropy (8bit):	5.075210096218731
Encrypted:	false
SSDEEP:	3072:g4AgI+cRGmPzD7440fmSxPWajioXbTjr653Z:g4AvGmPzD74hmSx3jioX653Z
MD5:	A5BA76A581C351E3060E8412D27A0644
SHA1:	41629B3572F3D1D844E55A3E45B36EE6CBAD8A00
SHA-256:	114547F0052CDAC2D443EF83D1B6FBFD894057F525C1B515BCACF9332DEBB1FA
SHA-512:	5A292319683C472A91074B8F3D43CB3D2A59D9F56B7CB23D7B7A4498995131E15A9F5182D849D62B8D8EF82761D450A266004606E9725DAC770A9C556341540B
Malicious:	false
Reputation:	low
Preview:	!<arch>./ 1627653214 0 29172 `....Q...r..........:...:.................v...v...........R...R...............................\|...\|...........`...`...........F...F.........(...(.................t...t...........T...T...........8...8.................................v...v...........Z...Z...........<...<...................................j...j...........D...D...........0...0...................\|...\|...........b...b...........H...H...........$...$...................r...r...........\...\...........F...F...........<...<........... ... ...................x...x...........T...T.................................z...z...........X...X...........4...4...................................~...~...........b...b...........P...P...........:...:...........&...&...................v...v...........~...~...........Z...Z...........0...0...................h...h...........R...R.................................j...j...........B...B...................................j

C:\Program Files (x86)\SRTMiniServer\bearer\qgenericbearer.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	53368
Entropy (8bit):	5.970742008855059
Encrypted:	false
SSDEEP:	768:aYmAvGHIfpfsBYgfFOINotxX8hNKdxdpgqycW/Ru5wyB1m0Tx9fygp69XbVmzR:kHCUNOqoghNKdx/gqycW/EBd96gGXbQ1
MD5:	CC919B21CE13287DD11AFFFF24F6DB6D
SHA1:	D41F80E2C56A357EE8742C8FBDFD290407130E7E
SHA-256:	023B1A28897817FE9AECA65882997D3F72337BE6FBE3FD1FF4FBF264AE4C5F98
SHA-512:	C250A3296D4B742A8392D75430090D3ACA882561040A3BF67BD390F4D2C3CB2417E45A8B0BDBA13F7349A2F098DAD30AB53FF11DD34F4E4A6DE3D13A893DE4F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9..?}..l}..l}..lt..ly..l..m...l..m~..l..ml..l..mw..l..my..l..mx..l}..l..l..m{..l..m\|..l..{l\|..l..m\|..lRich}..l........................PE..d...9..].........." .....T...h......0X..............................................n.....`.............................................\|...............P.......P.......x.......p.......T.......................(... ................p...............................text....R.......T.................. ..`.rdata...F...p...H...X..............@..@.data...............................@....pdata..P...........................@..@.qtmetadj...........................@..P.rsrc...P...........................@..@.reloc..p...........................@..B........................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\crashrpt_lang.ini

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8214
Entropy (8bit):	3.46410018464503
Encrypted:	false
SSDEEP:	96:rsw6o2KPZEOTWSucfgjfJpkiZJpkiVxoVrOSBngI3NnS0FivuiLugXeTmZ4dIc8k:wlo2K/uKFVVgOgncoW
MD5:	771DA39B527E886A247A0C0A33FFB715
SHA1:	CB762ABE50294A08A7823C246E02CD9347555B49
SHA-256:	763F0FE5AF80055827FB2563AF696BD1452C39BE080720AB483D0CE6AC36EE92
SHA-512:	628382CF8A6035275B48D6FF3CF0DC17C2B61F65E4EF0F138990A09FD0CF09A4F821E2CB5780A3FDDB49A01E3F6AF1F379ED44BEF290D39B0D04D5E110B7D9A5
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.E.n.g.l.i.s.h.....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.E.r.r.o.r. .R.e.p.o.r.t.....H.e.a.d.e.r.T.e.x.t.=.%.s. .h.a.s. .s.t.o.p.p.e.d. .w.o.r.k.i.n.g.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.P.l.e.a.s.e. .s.e.n.d. .u.s. .t.h.i.s. .e.r.r.o.r. .r.e.p.o.r.t. .(.%.s.). .t.o. .h.e.l.p. .f.i.x. .t.h.e. .p.r.o.b.l.e.m. .a.n.d. .i.m.p.r.o.v.e. .t.h.i.s. .s.o.f.t.w.a.r.e.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.W.h.a.t. .d.o.e.s. .t.h.i.s. .r.e.p.o.r.t. .c.o.n.t.a.i.n.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.P.r.o.v.i.d.e. .a.d.d.i.t.i.o.n.a.l. .i.n.f.o. .a.b.o.u.t. .t.h.e. .p.r.o.b.l.e.m. .(.r.e.c.o.m.m.e.n.d.e.d.).......Y.o.u.r.E.m.a.i.l.=.Y.o.u.r. .E.-.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.D.e.s.c.r.i.b.e. .i.n. .a. .f.e.w. .w.o.r.d.s. .w.h.a.t. .y.o.u. .w.e.r.e. .d.o.i.n.g. .w.h.e.n. .t.h.e. .e.r.

C:\Program Files (x86)\SRTMiniServer\dbghelp.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1256080
Entropy (8bit):	6.309251228019489
Encrypted:	false
SSDEEP:	12288:6llxriy6xVDK69gTNYS0zmJGB6cHRecworIMHr5QpUPmhETVo2Qm9H3RgQHRhLrs:Ivi/DK69YNYSIWcHY9GZDJ3G6RhLzy3
MD5:	DEE832103585EE41BD7F1A905F0726F7
SHA1:	74D43E48CF87C48168A65159C308BB67CF691012
SHA-256:	3AB019BD41C6F30D4250F26B40E695021698D7909D538E2F9B8AEAB73BB7B8AA
SHA-512:	7F55444A953B95A179F0C80DDC102BF26ED2B1C60BF5BCE7BAFACAB20AB5DA3F0CE35B0AFB49888C12AFA89F9B14F469E9D23708DD96E1111BE654B6D967ECCB
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u.e.1...1...1...............0.......=...1...........6.......".......p.......0.......e....#u.........0.......0...Rich1...................PE..L......S...........!......................................................................@.........................p...s......P........................<..........`............................... ...@.......................@....................text............................... ..`.data............H..................@....idata..b...........................@..@.rsrc................&..............@..@.reloc..............0..............@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\iconengines\qsvgicon.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	41080
Entropy (8bit):	6.096989444680318
Encrypted:	false
SSDEEP:	768:XyK9XT0p6fg+mtWEFGjLpsSul7z3Z4UamzAU:XjF0pUgFtWEMjLps1l7z3Z4GEU
MD5:	372721E063CCC13AC8A273556933AC94
SHA1:	4C0F3231CF684F6569D2701CBDD38196701AF728
SHA-256:	218ED2C3C6A251983CDBD3D333982BFC48E601C5F6E43717C6AA92EB37FC48B4
SHA-512:	BF45A9D64518767B00966429911DF076D922A8C8D79278ED9976221A054A37A157AA5ED76018F64004D7EF1992155F0E03E9A318B2172C64C2858B4B7052A45F
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l\...2...2...2..u....2..o3...2..o3...2..o1...2..o7...2..o6...2..n3...2...3.U.2..n7...2..n2...2..n...2..n0...2.Rich..2.........................PE..d...%..].........." .....B...F......LH....................................................`.........................................pw..x....w..........H.......4.......x...........`h..T....................i..(....h...............`...............................text...9A.......B.................. ..`.rdata...3...`...4...F..............@..@.data................z..............@....pdata..4............\|..............@..@.qtmetadj...........................@..P.rsrc...H...........................@..@.reloc..............................@..B........................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\imageformats\qgif.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	37496
Entropy (8bit):	6.049886753919195
Encrypted:	false
SSDEEP:	384:3IqlSGr/3oMtlWYfyn4CL6VO41uv3JqlsRTVh9+pnHU+Z5Ol5fp/EhLKnfePPLTm:dfoM24E6J7suU+Lmf2h2mzXK
MD5:	F824AEB1027BD965ED3EF984BD4664FA
SHA1:	5B79D33F17365A97EFFA2647E8255097D1B353DD
SHA-256:	95D2C7EA857D9583E0E45EDE9C27EE2D8B2B9A8C7818A81BC5437AED3865AC73
SHA-512:	75C82151D2AC88A659BD9967DFD7898874D9325AA34D879C170A9FAEE3CA08AC9AB654903825B9FBC6B265C280EB11851781A034F542E99EAFFDF1D10514064B
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.l............................q...........................................m...................................Rich............PE..d......].........." .....>...B.......C....................................................`..........................................f..t....f..........@.......p....\|..x...........0W..T....................X..(....W...............P...............................text....=.......>.................. ..`.rdata...(...P...*...B..............@..@.data...X............l..............@....pdata..p............n..............@..@.qtmetads............t..............@..P.rsrc...@............v..............@..@.reloc...............z..............@..B........................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\imageformats\qicns.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	46712
Entropy (8bit):	6.0948625087007775
Encrypted:	false
SSDEEP:	768:hZYxOAlvD6THTF7lcmSXtH40ZLRDETh/o6OKFrJeFum0mz7:zhAxuTHZBg40zETh/aKFrJeFumVP
MD5:	BF3D5494A1E9AAB786DDD4164B7688A5
SHA1:	240D293978D988B45B7D096D08937A27BC833754
SHA-256:	E9A2D8530BB3CB93AAE1DEC31D1CE5B4388698D338B2E6EFC78E5A22AA32F1BC
SHA-512:	8A0AE5BF5AF06C43BCD77E7D8652753D651BF372742B87D2BEF2799386FEA1AA573B9630F8BD0C1A9C677793DC7A77A807E4EC1A1295B6633FEDA7E68BDD33D8
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........r=.Y.S.Y.S.Y.S.Pk.._.S..qR.[.S.*qR.[.S..qP.[.S..qV.K.S..qW.Q.S..pR.\.S.Y.R...S..pV.[.S..pS.X.S..p..X.S..pQ.X.S.RichY.S.........PE..d......].........." .....L...R.......R....................................................`.........................................@~..t....~..........@...............x............m..T...................Xn..(...`m...............`...............................text....K.......L.................. ..`.rdata..b7...`...8...P..............@..@.data...............................@....pdata..............................@..@.qtmetadx...........................@..P.rsrc...@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\imageformats\qico.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	38008
Entropy (8bit):	5.971768661665538
Encrypted:	false
SSDEEP:	384:DHzaGIzlL7z2xCCwEwi1qXutba0OcUdhr41M1K18nSqHwv4zPI4il9y+bsCnfePY:DTaBjWwyT8ZnSqQv+PI9y+bsCmzyn
MD5:	7B9897AD3B8FD4B0A30A63A5D9069133
SHA1:	18683135B910D29A70711E92EF95FE20D717DD19
SHA-256:	4CDB55A9B8EC00FB0EC01E4C11E7EDA9DCFCAF4CFCC491B4A902ACE09BEA8A9F
SHA-512:	0E0FDE18DE2E7688A6AC9DE99B31E044933E8D26968F678BBF2B8C18B81E3C4ACE8175476CFB7AB940FE05960E80916905AE036811C92768AA424F0EB64F5E24
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9".\}Cd.}Cd.}Cd.t;..yCd..!e..Cd..!e..Cd..!g.~Cd..!a.iCd..!`.wCd.. e.xCd.}Ce..Cd.. a.~Cd.. d.\|Cd.. ..\|Cd.. f.\|Cd.Rich}Cd.................PE..d......].........." .....8...H.......<..............................................,.....`..........................................g..t....h..........@............~..x........... X..T...................xY..(....X...............P..H............................text....6.......8.................. ..`.rdata..P/...P...0...<..............@..@.data................l..............@....pdata...............p..............@..@.qtmetad.............v..............@..P.rsrc...@............x..............@..@.reloc...............\|..............@..B................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\imageformats\qjpeg.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	403064
Entropy (8bit):	5.687936176386248
Encrypted:	false
SSDEEP:	6144:imsJ0PtIqeDh6jyQ4t2XieW2ZSCWbvzZXcTVbH5mJXPCV1je0TfZF:imt1fXj4lpCnDZF
MD5:	D7C537066C088459B29E1BD1BF4E9C89
SHA1:	5E6CC70FF1F8AC6245A96FB47B7F28EF12C956A2
SHA-256:	8C57EA7524A4788D5DEB5C3B9ECA9EB0E3DB0D7D3FA689A4A11ABF50271FA2CA
SHA-512:	26F72C81AEE129202991A96FDE4A57C09AC9E588A2E040E28DCBF3CD9821C948812800127BBE160952E55CA05A8FFC6D3BDF6DDA4F492708BCF98E764903695C
Malicious:	false
Reputation:	low
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......xU.<4..<4..<4..5L..64...V..>4..OV..>4..O.=4...V..?4...V..(4...V..64...W..94..<4..4...W...4...W..?4...W..=4...Ww.=4...W..=4..Rich<4..........................PE..d...Q..].........." .................%.......................................p.......N....`.........................................P...t............P..@.......T!......x....`.........T...................H...(...P................0...............................text...)........................... ..`.rdata.......0......."..............@..@.data...X...........................@....pdata..T!......."..................@..@.qtmetad.....@......................@..P.rsrc...@....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\imageformats\qsvg.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	31352
Entropy (8bit):	5.931721950860058
Encrypted:	false
SSDEEP:	384:SZw4dpXca9ilSrS9OmUj2NoLHP2JaXjCGI4bzFXgfrhuw72TN6nfePPLTTjczq:CRZO9N+QNsXjCIFwfcwKT0mz1
MD5:	3927023C462C2B7A0DEAE2795685FDCC
SHA1:	8138BF193CAF4D290DD49CC2D1A8A0B4ACCB4C1E
SHA-256:	D14841D9EC61F0D972A06EC5E71B80138205B2474AC03EC0918E15743454BF74
SHA-512:	64F281E5FAE5118655B4A3D0048EC2EEE15660A5BEBEABA38B7BA7865F17E566D013ECC5B39350906CB7803100345C249FA9FD0272C89FB4D3BE51C00F178817
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......tu..0.i.0.i.0.i.9l..4.i..vh.2.i.Cvh.2.i..vj.3.i..vl.".i..vm.:.i..wh.7.i.0.h..i..wl.2.i..wi.1.i..w..1.i..wk.1.i.Rich0.i.........................PE..d...#..].........." .....&...B......@...............................................;....`.........................................`T..t....T..........@............d..x............G..T....................I..(... H...............@.. ............................text....$.......&.................. ..`.rdata......@...,...*..............@..@.data...X....p.......V..............@....pdata...............X..............@..@.qtmetad.............\..............@..P.rsrc...@............^..............@..@.reloc...............b..............@..B........................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\imageformats\qtga.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	30840
Entropy (8bit):	5.823352142084011
Encrypted:	false
SSDEEP:	384:uZJkWvS28DC3K/SsvTlKFSJ87MEUwTilbFzxrP5nfePPLTTjqh:uoqMS4lPJAMEUwkF9rxmzOh
MD5:	7C3E347A3E8FC0B991B36A2B1CFBCF03
SHA1:	8F27CCE3FCC9F7E2D5BA4F36D6D164DCD954866E
SHA-256:	87279DC013BFACB085F311A1108E8A04B96B1E3D83D5C199098473453CE5273F
SHA-512:	4F3FA11221BFBA074A5230BFEBFA0C8189A2B337EE7162861DFD5C69AB18FC98962A321533EC5AD4C8B3302F18F18DD92F76CBE16C5C813B8F0E5DDFB972E113
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........b................8............8......8......8..........................................Rich...........................PE..d......].........." .....$...@......()...............................................#....`.........................................@W..t....W..........@............b..x............H..T...................(J..(...0I...............@..H............................text....#.......$.................. ..`.rdata..((...@......(..............@..@.data........p.......R..............@....pdata...............V..............@..@.qtmetadu............Z..............@..P.rsrc...@............\..............@..@.reloc...............`..............@..B........................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\imageformats\qtiff.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	385656
Entropy (8bit):	5.705852521717556
Encrypted:	false
SSDEEP:	6144:LeWiCkxDp7EEEEEEIanPIHSo7rNQOpPjd3MiMOPwMtY:6Wi1x3nAyoldFY
MD5:	2B4A9C304167635107DB24BDA6824DFA
SHA1:	C80D6FCA943B42660AEEC41FCBBD4F6CDD877CD3
SHA-256:	4F116CD865107B0605A9BB8193E9A24B8B5EC00E76AE959FFCB1E91D490D911D
SHA-512:	DF2115C3E5591DA1E9297FB4051F73788124863C855192C809F33FCE3181802EB1793F25556CC529561B9219B8EAC251AF321446A2468D4108556C4FD7213B24
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0.0.ti^.ti^.ti^.}..di^..._.vi^..._.vi^...].pi^...[.`i^...Z.~i^..._.qi^.ti_..i^...[.vi^...Z.Wi^...^.ui^.....ui^...\.ui^.Richti^.........................PE..d......].........." ................@........................................ ............`.........................................`...t..............@.......x'......x.......$...@T..T....................U..(....T...............0...............................text............................... ..`.rdata...w...0...x..................@..@.data...X...........................@....pdata..x'.......(..................@..@.qtmetad............................@..P.rsrc...@...........................@..@.reloc..$...........................@..B................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\imageformats\qwbmp.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	29304
Entropy (8bit):	5.963247593605271
Encrypted:	false
SSDEEP:	384:YNbvUPgr1FnxLMiECSFC8E2Dav9EuwO4/E9JHsnfePPLTTjZ:u1XMQoE2GvpwOAE9JMmzd
MD5:	432CAA14CE03C85F3E23CF4FD53A2221
SHA1:	9FCE139500EE4FAB629437E926639F7047A23098
SHA-256:	9C0BBEB17903374DC282FB65EB85EC42F522A7941E1B76BEACF7FB24F76F0718
SHA-512:	F860ADAEDB8704694BE05E38F3727888FB9C3F73F6DE8A05DF9F7D79891F48012783DC2A1F3C69F22167A048777C53ABA9BD438BACABAC6A26741C90D377A58C
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................i.....G...............G.......G.......G.......U...............U.......U.......U.......U.......Rich....................PE..d......].........." ....."...8.......)....................................................`..........................................T..t....T..........@............\..x............F..T...................(H..(...0G...............@..p............................text....!.......".................. ..`.rdata..R&...@...(...&..............@..@.data........p.......N..............@....pdata...............P..............@..@.qtmetad~............T..............@..P.rsrc...@............V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\imageformats\qwebp.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	497784
Entropy (8bit):	6.63454110478341
Encrypted:	false
SSDEEP:	12288:e5BavMOQwH9T9NRibx3hXMSJi9EAM7VEGN:e54lQwHF97iASJmiVEGN
MD5:	CB1394843BC3E40980309DFE51E32699
SHA1:	E9B255A701B5A85C32530734743EE2109E986415
SHA-256:	9D6AAC5B1978CEC9F88C67CC1013DF28A614E2A7DD954E7C1B9E89E7DAF72EF5
SHA-512:	7F192BF436E5D5C5371D66B256EBC641ECBDFAE1802ABFF5AD8CEE45562EB1BABD00AA1F40CE85FC6ED5911CA4EA7260610E7FECAB69E108001B3908DEAFDF6B
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................../..."............"......"...."....0..............0......0....0......0.C.....0......Rich....................PE..d......].........." .....................................................................`..........................................-..t...D...........@........F......x...........p...T......................(......................0............................text............................... ..`.rdata..~s.......t..................@..@.data...X(...P.......,..............@....pdata...F.......H...0..............@..@.qtmetadv............x..............@..P_RDATA.. ............z..............@..@.rsrc...@............\|..............@..@.reloc..............................@..B................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\libcrypto-1_1-x64.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3386880
Entropy (8bit):	6.106149657127588
Encrypted:	false
SSDEEP:	49152:RVwASOOrIU6imtGtlqE2qROh5PETRKAv0LOB8p2AVU+DjM+SGDu23QvyPLtU8TsK:YE+hBc2AL3QvgtU8I1CPwDv3uFZj
MD5:	AD4B3F36B744D0A207AA7D085B43DC73
SHA1:	AB6AF88B8B05F3BB06DB37C30D6883C4BE6A6176
SHA-256:	F7A5F80B147505DB82C1334DC9C7ADF2C3D01871C8761EC194CE66058C394021
SHA-512:	706351749E2AFAC99B42C5254D23386D454FAC02D22AAAC14828509F2DED48CE966DBE19777F6572C87546205494E73E6AA4F5AEA4B065BA659356486566D7C7
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\|.......................................................0.........9......9......9......9......Rich....................PE..d.....x].........." .....H$.........\|p.......................................P4...........`.........................................0....f....3.,.....3.\|.....1...............3..O...V,.8............................W,...............3..............................text....G$......H$................. ..`.rdata.......`$......L$.............@..@.data...!x...@1....."1.............@....pdata.......1......L1.............@..@.idata..t"....3..$....3.............@..@.00cfg........3......3.............@..@.rsrc...\|.....3......,3.............@..@.reloc..:x....3..z...43.............@..B........................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\libcrypto-3-x64.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6082048
Entropy (8bit):	6.074931160218059
Encrypted:	false
SSDEEP:	98304:FS3+51x/3rGbVsk9NJUIyAaPGT1CPwDvt3uF+DCv:WaP/3rGbqk9NJNyAauT1CPwDvt3uF+DC
MD5:	186DE3986331CB46A04DBF1792DC0D56
SHA1:	9D3D140C0B135A55D55F508987D93EB3EEE877DB
SHA-256:	CF989E237037B224B7CCB74E1692AA09C5B14933D6E8EB2B83282E847FC0FE8B
SHA-512:	2827F3AF041EC06B2285DE4E73107FAADB365E044D4EB3EA367029A28BB99830721A55CB3023FD3DF3E0E95B88568D60137C0B7FC2CE9DDF4835B64D1817F05D
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............cD..cD..cD...D..cD..bE..cD..fE..cD..gE..cD..`E..cD..bE..cD..bD..cD..cD..cDe.gE.cDe.cE..cDe.D..cDe.aE..cDRich..cD................PE..d...yl.d.........." ......D..L......X........................................`]...........`...........................................U.....P;\.,....p\.s....PY...............\.....<.Q.8.............................Q.8............0\.P............................text.....D.......D................. ..`.rdata........D.......D.............@..@.data........X..V....X.............@....pdata..D....PY.......X.............@..@.idata...$...0\..&....[.............@..@.00cfg..Q....`\.......[.............@..@.rsrc...s....p\.......[.............@..@.reloc........\.......[.............@..B........................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\libssl-1_1-x64.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	679424
Entropy (8bit):	5.494341821507123
Encrypted:	false
SSDEEP:	12288:nLCEaLwMwJdNim7tMcDmyUsF7Drpxkn8h4OnzQ4dwhv9W0RCYAuU2lvz:Klbm7tMD0Ik4c+n0luU2lvz
MD5:	3BA81469C395C1646E5B0A0B2B8F8DFF
SHA1:	A9361C1C9E0D8442875A47A82E56F7C73E84F80A
SHA-256:	F50F7D8F2308EB8BE4B40126631E8724AECAD7540A968D8C6131BB32363A0A2F
SHA-512:	52578EE87C653DFD819020514BDA08CB45332C7B675100DDBAD4765FD5E02FA5F433757F931EB8D7A7FAA64F978B28919C379B2449DE9B7410FFE74FF76B0EEE
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8<..YRT.YRT.YRT.!.T.YRT.1SU.YRT.?SU.YRT.1WU.YRT.1VU.YRT.1QU.YRTf0SU.YRT.YST.XRTf0VU.YRTf0RU.YRTf0.T.YRTf0PU.YRTRich.YRT................PE..d.....x].........." ..... ...D.......$....................................................`.........................................P....N...%..........s........K..............D... ...8...........................`................................................text...7........ .................. ..`.rdata..^#...0...$...$..............@..@.data...1M...`...D...H..............@....pdata...S.......T..................@..@.idata..wV.......X..................@..@.00cfg.......p.......8..............@..@.rsrc...s............:..............@..@.reloc..!............B..............@..B........................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\msvcp120.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	660128
Entropy (8bit):	6.339798513733826
Encrypted:	false
SSDEEP:	12288:N2fus43uu43Ry4GHlT4xH2K+M+/i+WSpY+7YOzCaK9A3gS2EKZm+GWodEEwnyh:muJzCaK9AB2EKZm+GWodEEwnyh
MD5:	46060C35F697281BC5E7337AEE3722B1
SHA1:	D0164C041707F297A73ABB9EA854111953E99CF1
SHA-256:	2ABF0AAB5A3C5AE9424B64E9D19D9D6D4AEBC67814D7E92E4927B9798FEF2848
SHA-512:	2CF2ED4D45C79A6E6CEBFA3D332710A97F5CF0251DC194EEC8C54EA0CB85762FD19822610021CCD6A6904E80AFAE1590A83AF1FA45152F28CA56D862A3473F0A
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........;..h..h..h..[h..h..h..h..Mh..hIAWh..h..Oh..h..qh..h..ph..h..uh..h..Lh..h..Kh..h..Nh..hRich..h................PE..d.....OR.........." .....@...................................................`......a.....`.........................................pU.. ....2..<....@...........G.......>...P.......X..................................p............P...............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data........P...8...B..............@....pdata...G.......H...z..............@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	641696
Entropy (8bit):	6.344280759303537
Encrypted:	false
SSDEEP:	12288:+/AqzeYd5jcj712LobwFYz0U3lVQEKZm+jWodEEVncj:8x4rYYzr3jQEKZm+jWodEEVu
MD5:	D396985225D85CAA7D743D67C7DA6316
SHA1:	915D5829ED02171684C2A9E8B3B57F7A35BC1E2C
SHA-256:	BE2EF4F6D540D0AC5FDDD556DCB6BFAF6CB6288679E4D64882D625FF35F173AA
SHA-512:	D7B0DF2865BF491C9CAF34CBABEFB7B7F04B35B85276A59FEF0499D02B09651D8F6D0DB9E87DF4A9A1417F07784A8E5625E9805BC434B87D64E442AB98E24075
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,<.h]..h]..h]....D.j]..a%8.p]...?..k]..h]...]...?..l]...?..c]...?..~]...?...]...?..i]...?T.i]...?..i]..Richh]..........PE..d....8'Y.........." ......................................................................`A.........................................;..h.......,............p..`B.......>..............8...........................P@............... .......7..@....................text............................... ..`.rdata....... ......................@..@.data...T9...0......................@....pdata..`B...p...D...6..............@..@.didat..h............z..............@....rsrc................\|..............@..@.reloc..............................@..B................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\msvcr120.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	963232
Entropy (8bit):	6.634408584960502
Encrypted:	false
SSDEEP:	24576:FkZ+EUPoH5KTcAxt/qvRQdxQxO61kCS9mmWymzVPD:FkMAlM8ixQI5C6wl
MD5:	9C861C079DD81762B6C54E37597B7712
SHA1:	62CB65A1D79E2C5ADA0C7BFC04C18693567C90D0
SHA-256:	AD32240BB1DE55C3F5FCAC8789F583A17057F9D14914C538C2A7A5AD346B341C
SHA-512:	3AA770D6FBA8590FDCF5D263CB2B3D2FAE859E29D31AD482FBFBD700BCD602A013AC2568475999EF9FB06AE666D203D97F42181EC7344CBA023A8534FB13ACB7
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Ck.."..".."..D...".."..-"...s..$ ...s.."...s.."...s.. "...s.."...s.."...s.."..Rich."..........................PE..d.....OR.........." .....h...:.......)..............................................].....`.................................................@...(............@...s...t...>......8...p................................2..p............................................text....g.......h.................. ..`.rdata...8.......:...l..............@..@.data...hu.......D..................@....pdata...s...@...t..................@..@.rsrc................^..............@..@.reloc..8............b..............@..B........................................................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\msvcrt.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	634880
Entropy (8bit):	6.529698884144268
Encrypted:	false
SSDEEP:	12288:QpC1XhsbQfIiZ3f5Lzf1wUEyUQAmVyK6EOaA0OONRQ:QpCZhsboIiZ3x/dcQAmVyK3OaA0O+Q
MD5:	C391FC68282A000CDF953F8B6B55D2EF
SHA1:	964EE2D28DC71210982F72E567DF89F9F527B67B
SHA-256:	1CB0DAB84545D9FDEA5A7865A1E7132CEAC91DECF8B100285B63098D7B09E584
SHA-512:	E324197FF69C92307F86A21B2DDAAE5F9AC699F3B234C09FA4DAFEE3757B0C716577DB1D62CA23180DC34D7899686D32C52C072A0D01B29DD91DD01744506CD2
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\.H..............b.5.............d.......r......c.......u.......e.......`.....Rich....................PE..d...?..N.........." .........,...... .........ju.....................................p....@.............................................j..D................p..d\......................8............................................................................text............................... ..`.rdata..Lj.......l..................@..@.data....V.......N..................@....pdata..d\...p...^...H..............@..@.rsrc...............................@..@.reloc..............................@..B...N.......N.......N.......N.......N@......Na......N.......N.......N.......N.......N.......N.......N6......N_......N.......N.......N.......N.......N.......N.......N.......NA......Nc......N.......N.......N.......N............KERNELBASE.dll.ntdll.dll.API-MS-Win-Core

C:\Program Files (x86)\SRTMiniServer\platforms\qwindows.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1472632
Entropy (8bit):	6.5842021372576465
Encrypted:	false
SSDEEP:	24576:66YD7Po3twR8Git2eZalxSsF1fAPLuEZLBwZC:lYPPo3CRotmlxSsQPLutC
MD5:	3A34B0C4DD44D136ABB060349B13C7E2
SHA1:	E50F9B33FF3D53D2CECD973D578EAEB66AAD51C1
SHA-256:	2D30922B432D1678F3B9D9D0551DB09C72F572B113B3254D590745FCE4A33B81
SHA-512:	B4C9AE73194C2F8A1CC49DAB9CDEFB8D289D3A871333914EF4D8156FC08ADF6DFA02E12A191C8284A5517AA769D63D7D347C71AEC61B632C7EB0DC9FCEC18F4D
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v..s%..s%..s%...%..s%.F.%..s%D.p$..s%D.v$..s%D.w$..s%D.r$..s%V.r$..s%V.w$..s%.u$..s%.r$..s%..r%;.s%V.v$..s%V.s$..s%V..%..s%V.q$..s%Rich..s%........PE..d...w..].........." .................................................................z....`.............................................@...............H.......P....b..x...........0X..T....................Y..(....X...............0...4...........................text............................... ..`.rdata..F....0......."..............@..@.data....z...@...0...&..............@....pdata..P............V..............@..@.qtmetad.............@..............@..P.rsrc...H............B..............@..@.reloc...............F..............@..B................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\post_install.cmd

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	145
Entropy (8bit):	4.631720174113214
Encrypted:	false
SSDEEP:	3:6xQkcFAJxYA3X6XdFJLLJNYHAGBhoM7Z4AawuxAWFoDMOu7vn:6IsxYYX6NzLYHMmZ43LxAWFTOu7v
MD5:	E8294E3F4DE0A4CA79232E22F7AC19EF
SHA1:	5F10D1A2B92E1294D6108BBD702E105931E69553
SHA-256:	EA21F57E28ABBD9046A0EF5481ED077032695ECA7988D860A75A308EA1B39F34
SHA-512:	22107C2AF1D06C549D0AD2A50B612C1F86AAEF5AA8C33EEEACAD9FD0D8FEC74CE7FD15A46EC7E129A1698D13570B3A3B68D0872C9E63274AFDF32DA99CBB0494
Malicious:	false
Reputation:	low
Preview:	netsh advfirewall firewall add rule name=SRTMiniServer dir=in action=allow program="%cd%\SRTMiniServer.exe" enable=yes profile=public,private....

C:\Program Files (x86)\SRTMiniServer\preview.exe

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	77952
Entropy (8bit):	6.024118423938727
Encrypted:	false
SSDEEP:	1536:K1pprYlIrgQElEBkaTlHgIBdq1A63fQa67ukWdLnSbdR4iDGz:ODYl8gQQEBka9JBIh3fQa67ukWdLnCda
MD5:	52B9DA6126C1F2BACEF41F0DEBAFFF1F
SHA1:	C2A6C383B226F423D1E3A6FD8B151785F989CEB0
SHA-256:	9EF3047FD2C6D265796826BDC9F2F12634BB2FF771637DB9BA90B05AD39B5543
SHA-512:	746457CFA9538D5CEF368CB62D331150AFEFEAC47527AFBFB6E667C41A399678E0CA808A239348C986851B7FFB7F07AA5720615378A0428DF9B20E2A71E1001C
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Ou............lW....Ya.....Ya.....Ya....Ya....P\|.....w......w.......Y..Y\|......a......a....Rich...................PE..d.....\|e.........."......R...........O.........@.............................P............`.................................................0...@............0...........(...@..@.......................................8............p...............................text...\|P.......R.................. ..`.rdata.......p.......V..............@..@.data...p.... ......................@....pdata.......0......................@..@.reloc..@....@......................@..B................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\preview.exe.manifest

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	30761
Entropy (8bit):	5.519495101310609
Encrypted:	false
SSDEEP:	384:OXgPzDHtlM8M2/MD3yXfTBEt87etgXaW8ssvE1cGB0kPE1jyydPTYH0cSaSuiHNC:ZtMr6yb/6pM1jyyxYJSuitC
MD5:	C4150E31D589604C6ABD0F1359637007
SHA1:	182380BA6AFD2D39FE4504BE4A1F7834820FD06B
SHA-256:	EC985BF8231448EB9272112BC25929A1C4A0E1041D6B6C200732F5F20E246FC5
SHA-512:	164C7A5BA53BB01DD2C8209D372C34B5A853B72E5D5B8952F3825EB4C8C3F24F0D16849C4DEDA81851846AEF35C9ECE3E4947F55AA1FCAA1ED1BD580C9AB254A
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">.. <file name="DLLs\Medialooks.Codecs.Core.x64.dll">.. <comClass clsid="{96EB1C14-4CC0-4830-9CC3-F064196B2626}" description="MFSplitter Class" threadingModel="free"/>.. <comClass clsid="{96EB1C64-4CC0-4830-9CC3-F064196B2626}" description="MFDecoder Class" threadingModel="free"/>.. <comClass clsid="{96EB1C74-4CC0-4830-9CC3-F064196B2626}" description="MFMuxer Class" threadingModel="free"/>.. <comClass clsid="{96EB1C94-4CC0-4830-9CC3-F064196B2626}" description="MFEncoder Class" threadingModel="free"/>.. </file>.. <file name="DLLs\Medialooks.Codecs.FFM.x64.dll">.. <comClass clsid="{9285699B-E779-4B2E-92CA-26DDEE01AA2A}" description="MFCaptionsDecoder Class" threadingModel="free"/>.. <comClass clsid="{96EB1F14-4CC0-4830-9CC3-F064196B2626}" description="MFSplitterFFM Class" threadin

C:\Program Files (x86)\SRTMiniServer\sqldrivers\qsqlite.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1170552
Entropy (8bit):	6.5303767382369635
Encrypted:	false
SSDEEP:	24576:K9woPtryUrkN4MX2QG5Vlu2AaHraZOCU4TQJvVV71WERqlHD:K9lPVyUrk+bVl18UvVV7MHlHD
MD5:	D0601C559C2907E0F39E64FD7DA2B7D6
SHA1:	8355271577375E626C46352D7057383FF6319432
SHA-256:	6F3C1C04A184E4DCC11CA0F33D866DCF4DC7E1F841D9D70F7D0D71DDB5F8775F
SHA-512:	B712A1B107661C2F05B257DCB54CD18E3E10D0F342E21EEE07355336859C6C5350F237D959DE9660E9FFEED818EAF37E54400FC7C4710E478B77D330511E3DFC
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D..S%e.S%e.S%e.Z].._%e..Gd.Q%e. Gd.Q%e..Gf.W%e..G`.A%e..Ga.Y%e..Fd.V%e.S%d.e$e..Fa.R%e..F`.P%e..Fe.R%e..F..R%e..Fg.R%e.RichS%e.........................PE..d...(..].........." .....r...\......\x....................................... ............`............................................t...D...........@....0..`.......x..............T...................H...(...P................................................text....p.......r.................. ..`.rdata...>.......@...v..............@..@.data....T.......J..................@....pdata..`....0......................@..@.qtmetadf...........................@..P.rsrc...@...........................@..@.reloc..............................@..B................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\srt.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2505216
Entropy (8bit):	6.777833045665491
Encrypted:	false
SSDEEP:	49152:XGtlqwMVwASOYQIU6iOIbnYMDwHF7U3X/jtrTq1QLxNVKOh5Pnny884EdPuufe/A:4v+rdKCPoUufz
MD5:	8E00F3E787B9648DB916EE1822FAFA25
SHA1:	F7063E71FBA0B3CFE8A2D57788F067EDAEC594CD
SHA-256:	FC89A61CA82D40F1DE1C016BA3E2B1E7872D1C1030B08DF85A371E537035F620
SHA-512:	2DEF7EA1BECFBC67B15EAC6B1E37EE790647A56DC7F711E0988388181FCC649EEDAD32B67B12E95A7DE22D65F6AF887CCD8129B3C594D83C82C24315ADC39B8E
Malicious:	false
Reputation:	low
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........r+3..E`..E`..E`.k.`..E`.fDa..E`.f@a..E`.fAa..E`.fFa..E`.uCa..E`.uDa..E`..D`..E`..E`..E`1zAai.E`[fAa..E`[f@a..E`[fEa..E`[f.`..E`...`..E`[fGa..E`Rich..E`........PE..d...&..b.........." ................Tb........................................&...........`..........................................v$.X...H.$.\|....`&......`%..............p&..N....".......................".(... .".8...............`............................text............................... ..`.rdata..............................@..@.data........$..H....$.............@....pdata.......`%.......$.............@..@.rsrc........`&.......%.............@..@.reloc...N...p&..P....%.............@..B................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\ssleay32.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	383488
Entropy (8bit):	6.067024105059228
Encrypted:	false
SSDEEP:	6144:7wpXWDYvMBucXhBOQuBWy3w/OFT+evUuPt3bEUibPL2KJlR0PM6IDiZVhr4LNCcF:7wUYvWucXhBOQuBWy3w/OFT+evUAt3bY
MD5:	930F15BA7DE47211E0DB9AC67BA9A891
SHA1:	25EA6471744B359AF6D7CCDEE0EB538D5D497F6B
SHA-256:	77C14F38D7F25040699225C7C3CFFEC989EFED3873AE19213AFAD66540598AA2
SHA-512:	CE4B802427AAA71A2B2807698CC77BFD0817337DA719A10193AD56A25545409DC1253FBE1C8191772CB67CC5EFDEE040F521647E546F5C999658D83B21E59546
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v...2...2...2...DP..0...DP..5...2.......DP......DP..3...DP..3...DP..3...Rich2...................PE..d......W.........." ......................................................... ...........................................................)......P.......0...........................................................................................................text...>........................... ..`.rdata..`...........................@..@.data...............................@....pdata..........,..................@..@.rsrc...0...........................@..@.reloc..H...........................@..B................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\swresample-3.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	678912
Entropy (8bit):	5.840415831050741
Encrypted:	false
SSDEEP:	6144:4YrgRBfMcUj9jPHEf9LxczmwXvbVMvCNUYDFnQKB4pVftuTk:4YcUhPkpx0XivCSYDFnbBTk
MD5:	4B00E085605BD8443729FD4FAD623263
SHA1:	2C58CD1C5C8E013EE24088A278E691B0019E2628
SHA-256:	783FDF348E2EDB2CB45B6AE2E1195A2194EFF8673B5B5A8733F7A5BC72D1D73A
SHA-512:	F8F7D31FAC9FC3C85EAB17696C2C8727ADE90D4D89867E35E0DD174FB61B1EABBB82539C1ACFD7A6165E588AC1B19EF9E9A17083B17A330A3EAF0FD4A54A0933
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X.:.9.i.9.i.9.i.].h.9.i.].h.9.i.].h#9.i.].h.9.i.g.h.9.i.g.h.9.i.g.h.9.i.g.h.9.i.9.i.9.i.9.i.9.i.g.h.9.i.g.h.9.i.g.h.9.iRich.9.i........................PE..d...c..a.........." .........p......%;....................................................`.........................................0........t..<...............@S...................>..8............................?...............p...............................text............................... ..`.rdata..H.... ......................@..@.data..../..........................@....pdata...\.......^..................@..@.idata..@....p.......0..............@..@.gfids...............D..............@..@.00cfg...............H..............@..@.reloc...............J..............@..B........................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\swresample.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	678912
Entropy (8bit):	5.840415831050741
Encrypted:	false
SSDEEP:	6144:4YrgRBfMcUj9jPHEf9LxczmwXvbVMvCNUYDFnQKB4pVftuTk:4YcUhPkpx0XivCSYDFnbBTk
MD5:	4B00E085605BD8443729FD4FAD623263
SHA1:	2C58CD1C5C8E013EE24088A278E691B0019E2628
SHA-256:	783FDF348E2EDB2CB45B6AE2E1195A2194EFF8673B5B5A8733F7A5BC72D1D73A
SHA-512:	F8F7D31FAC9FC3C85EAB17696C2C8727ADE90D4D89867E35E0DD174FB61B1EABBB82539C1ACFD7A6165E588AC1B19EF9E9A17083B17A330A3EAF0FD4A54A0933
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X.:.9.i.9.i.9.i.].h.9.i.].h.9.i.].h#9.i.].h.9.i.g.h.9.i.g.h.9.i.g.h.9.i.g.h.9.i.9.i.9.i.9.i.9.i.g.h.9.i.g.h.9.i.g.h.9.iRich.9.i........................PE..d...c..a.........." .........p......%;....................................................`.........................................0........t..<...............@S...................>..8............................?...............p...............................text............................... ..`.rdata..H.... ......................@..@.data..../..........................@....pdata...\.......^..................@..@.idata..@....p.......0..............@..@.gfids...............D..............@..@.00cfg...............H..............@..@.reloc...............J..............@..B........................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\swresample.lib

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	current ar archive
Category:	dropped
Size (bytes):	6420
Entropy (8bit):	4.856719364831041
Encrypted:	false
SSDEEP:	48:sUfaZgrxDmKGtGrZZXC6xoPWv29KCAyAO3bo9KKj99KnKg7KW6H:s5gMRKs7P39KCk9Kk9KncWE
MD5:	38EC9F4CD9C139B248631CCE6BD129A5
SHA1:	DB855B072DCA8FD559C991856CD70E05C5D2F2D4
SHA-256:	E434FF6B2165C20E96AF9FF48C005A64A7876F0262E31922F00E90A47EF4C21C
SHA-512:	002EF644315DC2D3DD93A65181F55681F2C60359FBB3748366176020B9E93C98EC30397B3D10071429083AF343F5CAE6205A1C844A1B7D2AE6A752864F90488D
Malicious:	false
Reputation:	low
Preview:	!<arch>./ 1627653219 0 1172 `....1.......>...z...........J...J...........0...0...................\|...\|...........b...b...........<...<...................................p...p...........R...R...........B...B...........,...,........__IMPORT_DESCRIPTOR_swresample-3.__NULL_IMPORT_DESCRIPTOR..swresample-3_NULL_THUNK_DATA.__imp_swr_alloc.swr_alloc.__imp_swr_alloc_set_opts.swr_alloc_set_opts.__imp_swr_build_matrix.swr_build_matrix.__imp_swr_close.swr_close.__imp_swr_config_frame.swr_config_frame.__imp_swr_convert.swr_convert.__imp_swr_convert_frame.swr_convert_frame.__imp_swr_drop_output.swr_drop_output.__imp_swr_ffversion.swr_ffversion.__imp_swr_free.swr_free.__imp_swr_get_class.swr_get_class.__imp_swr_get_delay.swr_get_delay.__imp_swr_get_out_samples.swr_get_out_samples.__imp_swr_init.swr_init.__imp_swr_inject_silence.swr_inject_silence.__imp_swr_is_initialized.swr_is_initialized.__imp_swr_next_pts.swr_next_pts.__imp_swr_set_channel_mapping.swr_set_chan

C:\Program Files (x86)\SRTMiniServer\swscale-5.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1322496
Entropy (8bit):	5.944151826657313
Encrypted:	false
SSDEEP:	24576:a1VTEJxcePMM0NelNZzllVx03lWQYx3Va79ieissiZ4jZOiJRE:anTEJxcePoNkZ03lWQYx3Va79tissiZr
MD5:	4F49E0A496E591094EC7E0C4743EAA04
SHA1:	5FC8E5518FED2B1BD6B076E4D64BE802A66B1F07
SHA-256:	D9370235447080D644F2555990B4DB7F827B2C188C3FAC1F087CD0766143864F
SHA-512:	06F2AE605119EA9B23EC631855133125B9A91679C2CC0E3907043546569A7241E9F3B7572E8F121937D72FE0FE337722BB4D8F99644A221E7B0FCCFB02706FF4
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........F.............................-..........................................................................Rich............................PE..d...e..a.........." ................=<.......................................@............`..........................................H......X...<............ ............... .......(..8............................(..................X............................text............................... ..`.rdata..g^.......`..................@..@.data........P.......8..............@....pdata..L.... .......H..............@..@.idata..............................@..@.gfids..............................@..@_RDATA..............................@..@.00cfg..............................@..@.reloc....... ......................@..B................................................................................................

C:\Program Files (x86)\SRTMiniServer\swscale.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1322496
Entropy (8bit):	5.944151826657313
Encrypted:	false
SSDEEP:	24576:a1VTEJxcePMM0NelNZzllVx03lWQYx3Va79ieissiZ4jZOiJRE:anTEJxcePoNkZ03lWQYx3Va79tissiZr
MD5:	4F49E0A496E591094EC7E0C4743EAA04
SHA1:	5FC8E5518FED2B1BD6B076E4D64BE802A66B1F07
SHA-256:	D9370235447080D644F2555990B4DB7F827B2C188C3FAC1F087CD0766143864F
SHA-512:	06F2AE605119EA9B23EC631855133125B9A91679C2CC0E3907043546569A7241E9F3B7572E8F121937D72FE0FE337722BB4D8F99644A221E7B0FCCFB02706FF4
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........F.............................-..........................................................................Rich............................PE..d...e..a.........." ................=<.......................................@............`..........................................H......X...<............ ............... .......(..8............................(..................X............................text............................... ..`.rdata..g^.......`..................@..@.data........P.......8..............@....pdata..L.... .......H..............@..@.idata..............................@..@.gfids..............................@..@_RDATA..............................@..@.00cfg..............................@..@.reloc....... ......................@..B................................................................................................

C:\Program Files (x86)\SRTMiniServer\swscale.lib

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	current ar archive
Category:	dropped
Size (bytes):	8784
Entropy (8bit):	5.034000671077319
Encrypted:	false
SSDEEP:	96:GxpqQabZNAsI1bob1EYpfeqN5Eq6bMY9BmAqZbOZaK78K2KdP+A5jBJXV1bWgXkz:I7ajIRs1EaeAnuM4WFOXHNfJXVRWg9CB
MD5:	2F03A939A4D6785F074E4C10FC59FEA4
SHA1:	10BE021074AD2189510B65DF8918086E55A5FA44
SHA-256:	B9EB7B8A147684D407E3A164C049773C0FB553D69A87FFABFCCF79ABA0D71A50
SHA-512:	18F1B66DC69E1A6BBDB7E0F08D7490D4B1F5B8B209632461789A227AA90482E7F03ECD68DEDBCDCD34E9FB9203B3F4F72855BF461098BD2F7073C816B09BB0C2
Malicious:	false
Reputation:	low
Preview:	!<arch>./ 1627653221 0 1798 `....G...............^...^...4...4...................................h...h...................R...R.........................................................d...d...........J...J...(...(...................................r...r...........F...F.......... .. .. ... ...!...!...!t..!t..!...!.__IMPORT_DESCRIPTOR_swscale-5.__NULL_IMPORT_DESCRIPTOR..swscale-5_NULL_THUNK_DATA.__imp_sws_addVec.sws_addVec.__imp_sws_alloc_context.sws_alloc_context.__imp_sws_alloc_set_opts.sws_alloc_set_opts.__imp_sws_allocVec.sws_allocVec.__imp_sws_cloneVec.sws_cloneVec.__imp_sws_convertPalette8ToPacked24.sws_convertPalette8ToPacked24.__imp_sws_convertPalette8ToPacked32.sws_convertPalette8ToPacked32.__imp_sws_convVec.sws_convVec.__imp_sws_freeContext.sws_freeContext.__imp_sws_freeFilter.sws_freeFilter.__imp_sws_freeVec.sws_freeVec.__imp_sws_get_class.sws_get_class.__imp_sws_getCachedContext.sws_getCachedContext.__imp_sws_getCoefficients.sws_getCoe

C:\Program Files (x86)\SRTMiniServer\template.html

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (3399), with CRLF line terminators
Category:	dropped
Size (bytes):	30287
Entropy (8bit):	5.010977169462368
Encrypted:	false
SSDEEP:	384:QN6tCKCkrJNWpS1KH1uPCU5/JU24nojFJLx5jtb/J8VcgFlxm8ON/dqq+e:QN6d3WpScVuPCUvJLhKGgFlxm8ON/dN
MD5:	C3CAE12068E77B265B33EA411A8DF4E0
SHA1:	EBBD42B58817168BA2BD149B8997B28F8B9E2605
SHA-256:	C8F1D75F89EF370137319909A5BE317E23E174F2A8349196A77E8B964A4FB448
SHA-512:	35DE069A526B51B041AE003B37D663E1D2B69ECDFDB3D5CAE9C7F186CD4F5A02C0598AD3B296CFBFC42A046238E0943F1169C1F442A38C955A710BA95EBB3A0A
Malicious:	false
Reputation:	low
Preview:	<script type="text/javascript" src="https://www.gstatic.com/charts/loader.js"></script>....<script type="text/javascript">.. google.charts.load('current', {.. packages: ['corechart', 'line', 'annotationchart'].. });.... //...... ... .. ............ ...... ...... .... null.. function getRowDataOrNull(arr, index){.. let data = arr[index];.. if (data === undefined).. return null;.. return data;//dont use \|\| bc then 0 same set null (dont view).. }.. .. /*function delAdditionalLinesFromLegend(elementId_chart, indexes_len){.. //console.log(document.querySelectorAll('#fps_chart svg')[0].querySelectorAll('g')[1].querySelectorAll('g'));//.. console.log('delAdditionalLinesFromLegend', indexes_len);.. let legend_option = document.querySelector(`#${elementId_chart} svg g:nth-child(4)`).. for (let i = 0; i < legend_option.length; i+=2){.. if (indexes_len-- > 0){/

C:\Program Files (x86)\SRTMiniServer\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	87728
Entropy (8bit):	6.525099099914053
Encrypted:	false
SSDEEP:	1536:RQXcZzgSnGJZkN3in6yF+i4p7m1rJOTnsupxiyKLV/QecbOqleHHz1v9b3nneA:RQsrSnb+p+OTsupxwV/QecbOqAHHZv9p
MD5:	9A53905892D9C9F3BF9D295C8B32E446
SHA1:	2C5C56FF86FB1E827B2E0D479C529BAEA13EB561
SHA-256:	D58E3FF10FD96A22A8E6D2FD76146A282CC45CCFAF2301257E76E7C2771CBD41
SHA-512:	2DDE975E15F95AA9310820CAE009F2B04E26B7BAFEBB42D5822E3917017E4A37E17B0A71825F8F79F075ABC1507D7D4D9202550FDD7A53AB54AC0FDE4349FE2F
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'m..c.hDc.hDc.hD..Da.hDjt.Dh.hDc.iDO.hD.nmE`.hD.nlEi.hD.nkEn.hD.n`E\|.hD.nhEb.hD.n.Db.hD.njEb.hDRichc.hD........................PE..d....8'Y.........." .........T...............................................`............`A............................................4...4........@.......0..X........>...P..l.......8............................................................................text...D........................... ..`.rdata..H6.......8..................@..@.data...x.... ......................@....pdata..X....0......................@..@.rsrc........@......................@..@.reloc..l....P......................@..B................................................................................................................................................................................................................................................

C:\Program Files (x86)\SRTMiniServer\vcruntime140_1.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	44312
Entropy (8bit):	6.623047237297825
Encrypted:	false
SSDEEP:	768:vG3xRsJTKdiibUoT2zvivbXXyJWqWZ8DZX:vG7DyM22DiJMCtX
MD5:	9040ED0FDF4CE7558CBFFB73D4C17761
SHA1:	669C8380959984CC62B05535C18836F815308362
SHA-256:	6CC4315DACEB0522816C60678344466CB452426267F70C7FAAE925361674E774
SHA-512:	303143006C781260540E9D0D3739ACC33F2D54F884358C7485599DD22B87CCE9B81F68D6AD80F0F5BB1798CE54A79677152C1D3600E443E192AECD442EA0A2E4
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j&=..Hn..Hn..Hn@..n..Hn!fIo..Hn.s.n..Hn..In..Hn!fKo..Hn!fLo..Hn!fMo..Hn!fHo..Hn!f.n..Hn!fJo..HnRich..Hn........PE..d....h.].........." .....:...4.......A..............................................?.....`A.........................................j......<k..x....................l...A......(....a..8...........................0b...............P..X............................text...t9.......:.................. ..`.rdata..P ...P..."...>..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..(............j..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsoF5ED.tmp\StartMenu.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7680
Entropy (8bit):	4.619286357808789
Encrypted:	false
SSDEEP:	96:8giqVPb3X8K8Kdr3gEq6nNdMk6Qiw290+q6LDtJ1ts3hhEl7y:8giqVPgK8K9eIdE9B/t0hg7
MD5:	E439EA88B4453578ADCFE9026CD287FD
SHA1:	414CE13B7D4F2B1C4D51A71A037EC2822FA63E61
SHA-256:	27FB85EEDE9B98F4FB6CD9BD22F1F268E13D3BB365A4BB8DA744090D032C76E4
SHA-512:	F8D1023EB3C665ECD10805BB95E1B29491B3653BD7178BDD39DAFFAF83564626E8679864056333EBFBF631F414195771DE7824E669A07BACB0A04EEE8D74B062
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........I...(...(...(...(...(..<'...(.......(..8....(.......(..Rich.(..........................PE..L......]...........!........."............... ...............................p............@..........................$..e.... ..x....P..(....................`..t.................................................... ...............................text............................... ..`.rdata..U.... ......................@..@.data........0......................@....rsrc...(....P......................@..@.reloc..8....`......................@..B................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsoF5ED.tmp\System.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	11776
Entropy (8bit):	5.854901984552606
Encrypted:	false
SSDEEP:	192:qPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4U:F7VpNo8gmOyRsVc4
MD5:	0063D48AFE5A0CDC02833145667B6641
SHA1:	E7EB614805D183ECB1127C62DECB1A6BE1B4F7A8
SHA-256:	AC9DFE3B35EA4B8932536ED7406C29A432976B685CC5322F94EF93DF920FEDE7
SHA-512:	71CBBCAEB345E09306E368717EA0503FE8DF485BE2E95200FEBC61BCD8BA74FB4211CD263C232F148C0123F6C6F2E3FD4EA20BDECC4070F5208C35C6920240F0
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir.-.D.-.D.-.D...J..D.-.E.>.D......D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L......]...........!..... ..........!).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..\|....P.....................@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsoF5ED.tmp\modern-wizard.bmp

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
Category:	dropped
Size (bytes):	26494
Entropy (8bit):	1.9568109962493656
Encrypted:	false
SSDEEP:	24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
MD5:	CBE40FD2B1EC96DAEDC65DA172D90022
SHA1:	366C216220AA4329DFF6C485FD0E9B0F4F0A7944
SHA-256:	3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
SHA-512:	62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
Malicious:	false
Reputation:	low
Preview:	BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

C:\Users\user\AppData\Local\Temp\nsoF5ED.tmp\nsDialogs.dll

Download File

Process:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	9728
Entropy (8bit):	5.127431636878203
Encrypted:	false
SSDEEP:	96:oWW4JlD3c151V1gQoE8cxM2DjDf3GEst+Nt+jvcx4P8qndYv0PLE:oWp3ggQF8REskpx8dO0PLE
MD5:	6E64E5D5F9498058A300B26B8741D9D5
SHA1:	837CE28E5E02788DA63A7F1D8F20207D2B0BF523
SHA-256:	8D4B1C275FD1CD0782A265080B56D1AEC8D1C93EDCA5EF3B050D1D20D7B61F33
SHA-512:	F53514D36021D79F85DF2494D403F03589B3AD848889B9224F962CC932EF740F127131A914C7171AD8136CA1EF631285EA1C80576DB18CCF8EA56940EB00EA1E
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L......]...........!......... ......Y........0............................................@..........................6..k....0.......`.......................p.......................................................0...............................text............................... ..`.rdata..{....0......................@..@.data........@......................@....rsrc........`....... ..............@..@.reloc..t....p......."..............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\cmdline.out

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	182267
Entropy (8bit):	2.1594895647294634
Encrypted:	false
SSDEEP:	768:0uH8M7Gq+J+Qza4SL6lelDQkhrv8lKUZ2zZYc9wjHRSyjGpvMNh/+eWfzwWcN4a:0q8M7GqvQaEOvtSjxapUzXWIj
MD5:	E400FA8F633DA2331E70B93F0D765770
SHA1:	0F88B375D0E525935ACAB4FB3FEBA6FDDD47C9E2
SHA-256:	C153914627FE60A04CE799A0B263E074D939FFDA39460D3C3F6A5B362FE43C14
SHA-512:	4697166E11966E27BB782F0D7A9C3142519A393C71DC08A2DED20E04428E6C6447B63DCB584BF6B14E4C8274DB87673D1F1A4D2C29C8A530F2A75BD272E50EB0
Malicious:	false
Reputation:	low
Preview:	--2024-04-04 17:25:50-- https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe..Resolving downloadsnew.garaninapps.com (downloadsnew.garaninapps.com)... 209.50.49.25..Connecting to downloadsnew.garaninapps.com (downloadsnew.garaninapps.com)\|209.50.49.25\|:443... connected...HTTP request sent, awaiting response... 200 OK..Length: 120048384 (114M) [application/octet-stream]..Saving to: 'C:/Users/user/Desktop/download/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe'.... 0K .......... .......... .......... .......... .......... 0% 320K 6m6s.. 50K .......... .......... .......... .......... .......... 0% 323K 6m4s.. 100K .......... .......... .......... .......... .......... 0% 2.81M 4m16s.. 150K .......... .......... .......... .......... .......... 0% 381K 4m29s.. 200K .......... .......... .......... .......... .......... 0% 4.33M 3m40s.. 250K .......... .......... .......... .......... .......... 0% 5.08M 3m7s.. 300K .......... .......... .

C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe

Download File

Process:	C:\Windows\SysWOW64\wget.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	120048384
Entropy (8bit):	7.999995895707177
Encrypted:	true
SSDEEP:	1572864:ZQ2Wgxg+Ra0EVkrVBv/LVXj9ff9tyfs4G3CWyc7vugmdaZCqN55NqVbPqr2/A8YN:ZQ2nFXP/t9f8Gya7vrJg6rNijACiXpq0
MD5:	E1C148070E7E9856B50B4AB3AA6C096B
SHA1:	A9A2EC7C975B572AC9CB80B000AE3907D643CDD5
SHA-256:	599398B4D8F16B49A177B4B033F247D0E498FC57D41AAA86D43D6CAD85E506FB
SHA-512:	635CFBCD17A5F1AD2B7BC4804910E8D3E2578CB058EABAD713B95B8A572952DBE2FF5345BF7E3AC7A7AA83F2A2529A717E6FD5A0259E1DABF15E8F1FA97805AB
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..F..F..F.....F..G.w.F.....F..v..F...@..F.Rich.F.........PE..L......].................`..........52.......p....@.................................^.'...@.................................0t..........0C............'..(...........................................................p...............................text...}_.......`.................. ..`.rdata..>....p.......d..............@..@.data................x..............@....ndata...P...@...........................rsrc...0C.......D...\|..............@..@................................................................................................................................................................................................................................................................................................................................................................

Target ID:	0
Start time:	17:25:50
Start date:	04/04/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe" > cmdline.out 2>&1
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	17:25:50
Start date:	04/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	17:25:50
Start date:	04/04/2024
Path:	C:\Windows\SysWOW64\wget.exe
Wow64 process (32bit):	true
Commandline:	wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe"
Imagebase:	0x400000
File size:	3'895'184 bytes
MD5 hash:	3DADB6E2ECE9C4B3E1E322E617658B60
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	17:26:12
Start date:	04/04/2024
Path:	C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\download\SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe"
Imagebase:	0x400000
File size:	120'048'384 bytes
MD5 hash:	E1C148070E7E9856B50B4AB3AA6C096B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	17:26:13
Start date:	04/04/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /im SRTMiniServer.exe
Imagebase:	0x760000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	17:26:13
Start date:	04/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	17:27:04
Start date:	04/04/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\SRTMiniServer\post_install.cmd""
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	17:27:04
Start date:	04/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	17:27:04
Start date:	04/04/2024
Path:	C:\Windows\SysWOW64\netsh.exe
Wow64 process (32bit):	true
Commandline:	netsh advfirewall firewall add rule name=SRTMiniServer dir=in action=allow program="C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe" enable=yes profile=public,private
Imagebase:	0x1560000
File size:	82'432 bytes
MD5 hash:	4E89A1A088BE715D6C946E55AB07C7DF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	17:27:11
Start date:	04/04/2024
Path:	C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\SRTMiniServer\SRTMiniServer.exe"
Imagebase:	0x7ff60cfc0000
File size:	1'563'264 bytes
MD5 hash:	D7C8D83952710C569E3671A42CF71773
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	5.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	43.7%
Total number of Nodes:	1734
Total number of Limit Nodes:	139

Executed Functions

Function 00007FF60CFE3110 Relevance: 1286.1, APIs: 635, Strings: 98, Instructions: 3332
windowtimenetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

??0QMainWindow@@QEAA@PEAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60CFE314C
??0QByteArray@@QEAA@XZ.QT5CORE ref: 00007FF60CFE317E

Part of subcall function 00007FF60D00D780: ??0QThread@@QEAA@PEAVQObject@@@Z.QT5CORE(?,?,00000000,00007FF60CFE3198), ref: 00007FF60D00D798
Part of subcall function 00007FF60D00D780: ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,00000000,00007FF60CFE3198), ref: 00007FF60D00D7AD
Part of subcall function 00007FF60D00D780: ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,00000000,00007FF60CFE3198), ref: 00007FF60D00D7B8

Part of subcall function 00007FF60D076824: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF60D07683E

??0QTimer@@QEAA@PEAVQObject@@@Z.QT5CORE ref: 00007FF60CFE31D8
??0QByteArray@@QEAA@XZ.QT5CORE ref: 00007FF60CFE31E6
??0QByteArray@@QEAA@XZ.QT5CORE ref: 00007FF60CFE31F4
??0QHostAddress@@QEAA@XZ.QT5NETWORK ref: 00007FF60CFE3202
??0QTranslator@@QEAA@PEAVQObject@@@Z.QT5CORE ref: 00007FF60CFE3227

Part of subcall function 00007FF60D009990: ??0QObject@@QEAA@PEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,00000000,?,?,00007FF60CFE323C), ref: 00007FF60D0099A4
Part of subcall function 00007FF60D009990: ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,?,?,00007FF60CFE323C), ref: 00007FF60D0099B9
Part of subcall function 00007FF60D009990: ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,?,?,00007FF60CFE323C), ref: 00007FF60D0099C4
Part of subcall function 00007FF60D009990: ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,?,?,00007FF60CFE323C), ref: 00007FF60D0099CF
Part of subcall function 00007FF60D009990: ??0QTcpSocket@@QEAA@PEAVQObject@@@Z.QT5NETWORK(?,?,?,?,?,?,?,?,00000000,?,?,00007FF60CFE323C), ref: 00007FF60D0099DC
Part of subcall function 00007FF60D009990: ??0QTimer@@QEAA@PEAVQObject@@@Z.QT5CORE(?,?,?,?,?,?,?,?,00000000,?,?,00007FF60CFE323C), ref: 00007FF60D0099F4
Part of subcall function 00007FF60D009990: ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE(?,?,?,?,?,?,?,?,00000000,?,?,00007FF60CFE323C), ref: 00007FF60D009A82
Part of subcall function 00007FF60D009990: ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,?,?,00007FF60CFE323C), ref: 00007FF60D009A8D
Part of subcall function 00007FF60D009990: ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FF60D009AFF
Part of subcall function 00007FF60D009990: ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60D009B0D

?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE3255
??0QSharedMemory@@QEAA@AEBVQString@@PEAVQObject@@@Z.QT5CORE ref: 00007FF60CFE326D
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3278

Part of subcall function 00007FF60CFD0840: ??0QObject@@QEAA@PEAV0@@Z.QT5CORE(?,?,00000000,?,?,00007FF60CFE328C), ref: 00007FF60CFD085C
Part of subcall function 00007FF60CFD0840: ??0QMutex@@QEAA@W4RecursionMode@0@@Z.QT5CORE(?,?,00007FF60CFE328C), ref: 00007FF60CFD0874
Part of subcall function 00007FF60CFD0840: _Mtx_init_in_situ.MSVCP140(?,?,00007FF60CFE328C), ref: 00007FF60CFD0905
Part of subcall function 00007FF60CFD0840: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00007FF60CFE328C), ref: 00007FF60CFD091C
Part of subcall function 00007FF60CFD0840: memset.VCRUNTIME140(?,?,00007FF60CFE328C), ref: 00007FF60CFD092F

Part of subcall function 00007FF60CFCCB90: ??0QObject@@QEAA@PEAV0@@Z.QT5CORE(?,?,00000000,00007FF60CFE32A3), ref: 00007FF60CFCCBA3

Part of subcall function 00007FF60D00AFA0: ??0QObject@@QEAA@PEAV0@@Z.QT5CORE(?,?,00000000,00007FF60CFE32B9), ref: 00007FF60D00AFA9
Part of subcall function 00007FF60D00AFA0: ??0QByteArray@@QEAA@XZ.QT5CORE ref: 00007FF60D00AFC4

??0QTimer@@QEAA@PEAVQObject@@@Z.QT5CORE ref: 00007FF60CFE32D1
??0QObject@@QEAA@PEAV0@@Z.QT5CORE ref: 00007FF60CFE32EB
??0QSqlDatabase@@QEAA@XZ.QT5SQL ref: 00007FF60CFE3300
??0QTimer@@QEAA@PEAVQObject@@@Z.QT5CORE ref: 00007FF60CFE3312

Part of subcall function 00007FF60D004110: ?objectName@QObject@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FF60D00413A
Part of subcall function 00007FF60D004110: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D00414C
Part of subcall function 00007FF60D004110: ?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D004166
Part of subcall function 00007FF60D004110: ?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D004173
Part of subcall function 00007FF60D004110: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D00417F
Part of subcall function 00007FF60D004110: ?resize@QWidget@@QEAAXHH@Z.QT5WIDGETS ref: 00007FF60D004191
Part of subcall function 00007FF60D004110: ?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D0041A9
Part of subcall function 00007FF60D004110: ?setWindowTitle@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60D0041B6
Part of subcall function 00007FF60D004110: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0041C2
Part of subcall function 00007FF60D004110: ??0QWidget@@QEAA@PEAV0@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D0041E3
Part of subcall function 00007FF60D004110: ?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D004213
Part of subcall function 00007FF60D004110: ?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D004220
Part of subcall function 00007FF60D004110: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D00422C
Part of subcall function 00007FF60D004110: ??0QVBoxLayout@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D00424A
Part of subcall function 00007FF60D004110: ?setSpacing@QBoxLayout@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D004271
Part of subcall function 00007FF60D004110: ?setContentsMargins@QLayout@@QEAAXHHHH@Z.QT5WIDGETS ref: 00007FF60D00428E
Part of subcall function 00007FF60D004110: ?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D0042A6
Part of subcall function 00007FF60D004110: ?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D0042B4

Part of subcall function 00007FF60D076824: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF60D076854
Part of subcall function 00007FF60D076824: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF60D07685A

?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FF60CFE33D7
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE33E4
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FF60CFE3486
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3493
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FF60CFE3535
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3542

Part of subcall function 00007FF60D039B70: ??0QObject@@QEAA@PEAV0@@Z.QT5CORE(?,?,00000001,00007FF60CFE356F), ref: 00007FF60D039B79
Part of subcall function 00007FF60D039B70: ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,00000001,00007FF60CFE356F), ref: 00007FF60D039B8D
Part of subcall function 00007FF60D039B70: ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,00000001,00007FF60CFE356F), ref: 00007FF60D039B97
Part of subcall function 00007FF60D039B70: ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,00000001,00007FF60CFE356F), ref: 00007FF60D039BA1
Part of subcall function 00007FF60D039B70: ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,00000001,00007FF60CFE356F), ref: 00007FF60D039BAB

??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FF60CFE3586
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FF60CFE3596
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60CFE35A7
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60CFE35B7
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60CFE35C7
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60CFE35D7
??6QDebug@@QEAAAEAV0@H@Z.QT5CORE ref: 00007FF60CFE35E3
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FF60CFE35F1
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE361F
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE3633
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE3647
?number@QString@@SA?AV1@HH@Z.QT5CORE ref: 00007FF60CFE3661
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE3674
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60CFE3686
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60CFE36A6
?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FF60CFE36B4
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE36C2

Part of subcall function 00007FF60CFE8EF0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60CFE8F0D
Part of subcall function 00007FF60CFE8EF0: ?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FF60CFE8F21

Part of subcall function 00007FF60D03A310: ??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FF60D03A338
Part of subcall function 00007FF60D03A310: ??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FF60D03A34A
Part of subcall function 00007FF60D03A310: ??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FF60D03A35C
Part of subcall function 00007FF60D03A310: ??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FF60D03A36E
Part of subcall function 00007FF60D03A310: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60D03A394
Part of subcall function 00007FF60D03A310: ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE(?,?,?,?,?,?,?,00000000,00000001,00007FF60CFE370F), ref: 00007FF60D03A430
Part of subcall function 00007FF60D03A310: ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00000000,00000001,00007FF60CFE370F), ref: 00007FF60D03A43E
Part of subcall function 00007FF60D03A310: ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE(?,?,?,?,?,?,?,00000000,00000001,00007FF60CFE370F), ref: 00007FF60D03A4A8
Part of subcall function 00007FF60D03A310: ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00000000,00000001,00007FF60CFE370F), ref: 00007FF60D03A4B6

??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3714
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE371F
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE372D
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FF60CFE3797
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE37A4
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FF60CFE3816
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3823
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FF60CFE3891
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE389E
?setDefaultFormat@QSettings@@SAXW4Format@1@@Z.QT5CORE ref: 00007FF60CFE38A6

Part of subcall function 00007FF60CFF27B0: ??0QFileInfo@@QEAA@XZ.QT5CORE ref: 00007FF60CFF27D3
Part of subcall function 00007FF60CFF27B0: ?instance@QCoreApplication@@SAPEAV1@XZ.QT5CORE ref: 00007FF60CFF27DA
Part of subcall function 00007FF60CFF27B0: ?arguments@QCoreApplication@@SA?AVQStringList@@XZ.QT5CORE ref: 00007FF60CFF27E4
Part of subcall function 00007FF60CFF27B0: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFF2847
Part of subcall function 00007FF60CFF27B0: ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FF60CFF2855
Part of subcall function 00007FF60CFF27B0: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FF60CFF287B
Part of subcall function 00007FF60CFF27B0: ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FF60CFF28A3
Part of subcall function 00007FF60CFF27B0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60CFF28C7
Part of subcall function 00007FF60CFF27B0: ?setFile@QFileInfo@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60CFF28D6
Part of subcall function 00007FF60CFF27B0: ?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFF28E8
Part of subcall function 00007FF60CFF27B0: ?completeSuffix@QFileInfo@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FF60CFF2900

?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE38DD
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE38FC
??0QSettings@@QEAA@AEBVQString@@0PEAVQObject@@@Z.QT5CORE ref: 00007FF60CFE3925
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3940
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE394E

Part of subcall function 00007FF60D039F60: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60D039F74

?fileName@QSettings@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FF60CFE395F
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FF60CFE3977
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FF60CFE3987
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60CFE3998
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FF60CFE39A4
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FF60CFE39B2
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE39C0
??0QVariant@@QEAA@H@Z.QT5CORE ref: 00007FF60CFE39D4
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE39E5
?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z.QT5CORE ref: 00007FF60CFE3A0B
?toInt@QVariant@@QEBAHPEA_N@Z.QT5CORE ref: 00007FF60CFE3A17
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3A2B
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3A39
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3A47
??0QDate@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3A58
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE3ACF
?startsWith@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FF60CFE3AEA
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3AFA
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE3B22
?startsWith@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FF60CFE3B3D
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3B4D
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FF60CFE3BD3
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FF60CFE3BE3
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60CFE3BF4
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FF60CFE3C00
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3C0E
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3C1C
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3C27
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE3CDC
??0QChar@@QEAA@UQLatin1Char@@@Z.QT5CORE ref: 00007FF60CFE3CFA
?arg@QString@@QEBA?AV1@AEBV1@HVQChar@@@Z.QT5CORE ref: 00007FF60CFE3D1C
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3D3F
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FF60CFE3DAA
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3DC3
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE3DD3
??0QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3DE4
?count@QComboBox@@QEBAHXZ.QT5WIDGETS ref: 00007FF60CFE3DFE
??0QIcon@@QEAA@XZ.QT5GUI ref: 00007FF60CFE3E0D
?insertItem@QComboBox@@QEAAXHAEBVQIcon@@AEBVQString@@AEBVQVariant@@@Z.QT5WIDGETS ref: 00007FF60CFE3E25
??1QIcon@@QEAA@XZ.QT5GUI ref: 00007FF60CFE3E33
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3E41
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3E4C
??0QVariant@@QEAA@_N@Z.QT5CORE ref: 00007FF60CFE3E5B
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE3E6E
?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z.QT5CORE ref: 00007FF60CFE3E8E
?toBool@QVariant@@QEBA_NXZ.QT5CORE ref: 00007FF60CFE3E98
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3EAB
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3EB6
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3EC4
?addWidget@QGridLayout@@QEAAXPEAVQWidget@@HHV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS(?), ref: 00007FF60CFE3F44
??0QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE3F61

Part of subcall function 00007FF60D017B40: ?text@QLineEdit@@QEBA?AVQString@@XZ.QT5WIDGETS ref: 00007FF60D017B5A
Part of subcall function 00007FF60D017B40: ?trimmed@QString@@QEHAA?AV1@XZ.QT5CORE ref: 00007FF60D017B67
Part of subcall function 00007FF60D017B40: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D017B73

?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE3F88
??0QChar@@QEAA@UQLatin1Char@@@Z.QT5CORE ref: 00007FF60CFE3F98
?arg@QString@@QEBA?AV1@HHHVQChar@@@Z.QT5CORE ref: 00007FF60CFE3FBF
??0QChar@@QEAA@UQLatin1Char@@@Z.QT5CORE ref: 00007FF60CFE3FCE
?arg@QString@@QEBA?AV1@AEBV1@HVQChar@@@Z.QT5CORE ref: 00007FF60CFE3FEC
?count@QComboBox@@QEBAHXZ.QT5WIDGETS ref: 00007FF60CFE400D
??0QIcon@@QEAA@XZ.QT5GUI ref: 00007FF60CFE401C
?insertItem@QComboBox@@QEAAXHAEBVQIcon@@AEBVQString@@AEBVQVariant@@@Z.QT5WIDGETS ref: 00007FF60CFE4033
??1QIcon@@QEAA@XZ.QT5GUI ref: 00007FF60CFE4041
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE404F
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE405D
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4068
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4076
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4084
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FF60CFE40B7
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE40C4
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FF60CFE40EE
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE40FB
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FF60CFE416E
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4184
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FF60CFE4217
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4228
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FF60CFE429A
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE42B4
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FF60CFE4351
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE435E
?singleShot@QTimer@@SAXHPEBVQObject@@PEBD@Z.QT5CORE ref: 00007FF60CFE4373
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FF60CFE43A1
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE43AE
??0QVariant@@QEAA@PEBD@Z.QT5CORE ref: 00007FF60CFE43D8
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE43E9
?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z.QT5CORE ref: 00007FF60CFE4409
?toString@QVariant@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FF60CFE441A
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4433
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE443E
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE444C
??0QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE445B
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE446C
??0QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE447D
?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z.QT5CORE ref: 00007FF60CFE4495
??4QVariant@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FF60CFE44A3
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE44B0
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE44BE
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE44C9

Part of subcall function 00007FF60D017170: ??0QWidget@@QEAA@PEAV0@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D0171A1
Part of subcall function 00007FF60D017170: ??0QByteArray@@QEAA@XZ.QT5CORE ref: 00007FF60D0171D3
Part of subcall function 00007FF60D017170: ??0QByteArray@@QEAA@XZ.QT5CORE ref: 00007FF60D0171DE
Part of subcall function 00007FF60D017170: ??0QTimer@@QEAA@PEAVQObject@@@Z.QT5CORE ref: 00007FF60D0171EB
Part of subcall function 00007FF60D017170: memset.VCRUNTIME140 ref: 00007FF60D01720A
Part of subcall function 00007FF60D017170: ??0QTimer@@QEAA@PEAVQObject@@@Z.QT5CORE ref: 00007FF60D01728A
Part of subcall function 00007FF60D017170: ?setAttribute@QWidget@@QEAAXW4WidgetAttribute@Qt@@_N@Z.QT5WIDGETS ref: 00007FF60D0172C5

?toInt@QVariant@@QEBAHPEA_N@Z.QT5CORE ref: 00007FF60CFE44E0
?setCurrentIndex@QComboBox@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60CFE44F6
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE4508
??0QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4519
?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z.QT5CORE ref: 00007FF60CFE4531
??4QVariant@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FF60CFE453F
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE454C
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE455A
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4565
?toBool@QVariant@@QEBA_NXZ.QT5CORE ref: 00007FF60CFE457A
?click@QAbstractButton@@QEAAXXZ.QT5WIDGETS ref: 00007FF60CFE459B
?at@QListData@@QEBAPEAPEAXH@Z.QT5CORE ref: 00007FF60CFE45CF
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4607
??0QVariant@@QEAA@PEBD@Z.QT5CORE ref: 00007FF60CFE461B
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE4630
?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z.QT5CORE ref: 00007FF60CFE4656
?toString@QVariant@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FF60CFE4667
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4675
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4683
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4691
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60CFE46A5

Part of subcall function 00007FF60CFF8B50: ?toLower@QString@@QEGBA?AV1@XZ.QT5CORE ref: 00007FF60CFF8B72
Part of subcall function 00007FF60CFF8B50: ?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60CFF8B8D
Part of subcall function 00007FF60CFF8B50: ?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FF60CFF8BA3
Part of subcall function 00007FF60CFF8B50: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFF8BAF
Part of subcall function 00007FF60CFF8B50: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60CFF8BBF
Part of subcall function 00007FF60CFF8B50: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFF8BDD
Part of subcall function 00007FF60CFF8B50: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFF8BE7

?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE46BF
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE46D6
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60CFE46EE
?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FF60CFE4707
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60CFE4716
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60CFE4736
?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FF60CFE4744
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4752
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60CFE4761
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60CFE4781
?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FF60CFE478F
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE479D
??0QVariant@@QEAA@AEBVQString@@@Z.QT5CORE ref: 00007FF60CFE47AE
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE47BF
?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z.QT5CORE ref: 00007FF60CFE47E5
?toString@QVariant@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FF60CFE47F6
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4804
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4812
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4820
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE482B
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4836
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4841
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE484F
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE485D
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE486C
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE4883
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60CFE489B
?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FF60CFE48B4
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60CFE48C6
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60CFE48E6
?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FF60CFE48F7
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4905
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60CFE491A
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60CFE493A
?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FF60CFE494B
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4959
??0QVariant@@QEAA@AEBVQString@@@Z.QT5CORE ref: 00007FF60CFE496D
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE497E
?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z.QT5CORE ref: 00007FF60CFE49A4
?toString@QVariant@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FF60CFE49B5
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE49C3
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE49D1
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE49DF
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE49ED
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE49FB
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4A06
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4A14
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4A22
??0QVariant@@QEAA@PEBD@Z.QT5CORE ref: 00007FF60CFE4A36
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE4A47
?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z.QT5CORE ref: 00007FF60CFE4A6D
?toString@QVariant@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FF60CFE4A7C
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4A8A
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4A98
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4AA6
??0QVariant@@QEAA@PEBD@Z.QT5CORE ref: 00007FF60CFE4ABA
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE4ACB
?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z.QT5CORE ref: 00007FF60CFE4AF1
?toString@QVariant@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FF60CFE4AFF
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4B0D
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4B1B
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4B29
??9QString@@QEBA_NPEBD@Z.QT5CORE ref: 00007FF60CFE4B3B
?exists@QFile@@SA_NAEBVQString@@@Z.QT5CORE ref: 00007FF60CFE4B58
?exists@QFile@@SA_NAEBVQString@@@Z.QT5CORE ref: 00007FF60CFE4B6A
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FF60CFE4B7D
??4QString@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60CFE4B8F
??0QVariant@@QEAA@PEBD@Z.QT5CORE ref: 00007FF60CFE4BA3
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE4BB6
?setValue@QSettings@@QEAAXAEBVQString@@AEBVQVariant@@@Z.QT5CORE ref: 00007FF60CFE4BD5
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4BE3
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4BF1
??0QVariant@@QEAA@PEBD@Z.QT5CORE ref: 00007FF60CFE4C05
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE4C18
?setValue@QSettings@@QEAAXAEBVQString@@AEBVQVariant@@@Z.QT5CORE ref: 00007FF60CFE4C37
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4C45
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4C53
?sync@QSettings@@QEAAXXZ.QT5CORE ref: 00007FF60CFE4C5D
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE4DAB
?instance@QCoreApplication@@SAPEAV1@XZ.QT5CORE ref: 00007FF60CFE4DB8
?arguments@QCoreApplication@@SA?AVQStringList@@XZ.QT5CORE ref: 00007FF60CFE4DC5
?QStringList_contains@QtPrivate@@YA_NPEBVQStringList@@AEBVQString@@W4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FF60CFE4DD9
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4E37
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FF60CFE4E45
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4E53
??0QVariant@@QEAA@_N@Z.QT5CORE ref: 00007FF60CFE4E70
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE4E83
?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z.QT5CORE ref: 00007FF60CFE4EA9
?toBool@QVariant@@QEBA_NXZ.QT5CORE ref: 00007FF60CFE4EB3
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4EC3
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4ED1
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4EDF
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FF60CFE4FB3
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE4FC0
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE4FD2
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE5003
?menuBar@QMainWindow@@QEBAPEAVQMenuBar@@XZ.QT5WIDGETS ref: 00007FF60CFE5013
?setStyleSheet@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE5023
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE5031
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE5043
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFE5081
??0QMenu@@QEAA@AEBVQString@@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60CFE50A0
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE50CB
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFE50F1
?addAction@QMenu@@QEAAPEAVQAction@@AEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE5102
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE5112
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FF60CFE5140
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE514D
?menuBar@QMainWindow@@QEBAPEAVQMenuBar@@XZ.QT5WIDGETS ref: 00007FF60CFE5156
?addMenu@QMenuBar@@QEAAPEAVQAction@@PEAVQMenu@@@Z.QT5WIDGETS ref: 00007FF60CFE5162
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFE5188
?addAction@QMenu@@QEAAPEAVQAction@@AEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE5199
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE51A9
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FF60CFE51D7
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE51E4
?menuBar@QMainWindow@@QEBAPEAVQMenuBar@@XZ.QT5WIDGETS ref: 00007FF60CFE51ED
?addMenu@QMenuBar@@QEAAPEAVQAction@@PEAVQMenu@@@Z.QT5WIDGETS ref: 00007FF60CFE51F9
?setStyleSheet@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE5206
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFE5240
??0QMenu@@QEAA@AEBVQString@@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60CFE525B
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE5286
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFE52AC
?addAction@QMenu@@QEAAPEAVQAction@@AEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE52BD
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE52CD
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FF60CFE52FB
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE5308
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFE532E
?addAction@QMenu@@QEAAPEAVQAction@@AEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE533F
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE534F
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FF60CFE537D
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE538A
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFE53B0
?addAction@QMenu@@QEAAPEAVQAction@@AEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE53C1
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE53D1
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FF60CFE53FF
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE540C
?menuBar@QMainWindow@@QEBAPEAVQMenuBar@@XZ.QT5WIDGETS ref: 00007FF60CFE5415
?addMenu@QMenuBar@@QEAAPEAVQAction@@PEAVQMenu@@@Z.QT5WIDGETS ref: 00007FF60CFE5421
?setStyleSheet@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE542E
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFE5468
??0QMenu@@QEAA@AEBVQString@@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60CFE5484
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE54AF
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFE54D5
?addAction@QMenu@@QEAAPEAVQAction@@AEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE54E6
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE54F6
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FF60CFE5524
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE5531
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFE5557
?addAction@QMenu@@QEAAPEAVQAction@@AEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE5568
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE5578
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FF60CFE55A6
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE55B3
?menuBar@QMainWindow@@QEBAPEAVQMenuBar@@XZ.QT5WIDGETS ref: 00007FF60CFE55BC
?addMenu@QMenuBar@@QEAAPEAVQAction@@PEAVQMenu@@@Z.QT5WIDGETS ref: 00007FF60CFE55C8
?setStyleSheet@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE55D5
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFE560F
??0QMenu@@QEAA@AEBVQString@@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60CFE562B
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE5657
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFE567D
?addAction@QMenu@@QEAAPEAVQAction@@AEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE568E
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE569E
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FF60CFE5705
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE5712
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFE5738
?addAction@QMenu@@QEAAPEAVQAction@@AEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE5749
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE5759
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FF60CFE57C4
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE57D1
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFE57F7
?addAction@QMenu@@QEAAPEAVQAction@@AEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE5808
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE5818
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FF60CFE587F
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE588C
?menuBar@QMainWindow@@QEBAPEAVQMenuBar@@XZ.QT5WIDGETS ref: 00007FF60CFE5895
?addMenu@QMenuBar@@QEAAPEAVQAction@@PEAVQMenu@@@Z.QT5WIDGETS ref: 00007FF60CFE58A1
?setStyleSheet@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE58AE
?setTextInteractionFlags@QLabel@@QEAAXV?$QFlags@W4TextInteractionFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60CFE58C4
?setOpenExternalLinks@QLabel@@QEAAX_N@Z.QT5WIDGETS ref: 00007FF60CFE58D7
??0QCursor@@QEAA@W4CursorShape@Qt@@@Z.QT5GUI ref: 00007FF60CFE58E9
?setCursor@QWidget@@QEAAXAEBVQCursor@@@Z.QT5WIDGETS ref: 00007FF60CFE5902
??1QCursor@@QEAA@XZ.QT5GUI ref: 00007FF60CFE5910
?setTextInteractionFlags@QLabel@@QEAAXV?$QFlags@W4TextInteractionFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60CFE5929
?setOpenExternalLinks@QLabel@@QEAAX_N@Z.QT5WIDGETS ref: 00007FF60CFE593F
??0QCursor@@QEAA@W4CursorShape@Qt@@@Z.QT5GUI ref: 00007FF60CFE5951
?setCursor@QWidget@@QEAAXAEBVQCursor@@@Z.QT5WIDGETS ref: 00007FF60CFE596D
??1QCursor@@QEAA@XZ.QT5GUI ref: 00007FF60CFE597B
?setTextInteractionFlags@QLabel@@QEAAXV?$QFlags@W4TextInteractionFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60CFE5994
?setOpenExternalLinks@QLabel@@QEAAX_N@Z.QT5WIDGETS ref: 00007FF60CFE59AA
??0QCursor@@QEAA@W4CursorShape@Qt@@@Z.QT5GUI ref: 00007FF60CFE59BC
?setCursor@QWidget@@QEAAXAEBVQCursor@@@Z.QT5WIDGETS ref: 00007FF60CFE59D8
??1QCursor@@QEAA@XZ.QT5GUI ref: 00007FF60CFE59E6
??0QSize@@QEAA@HH@Z.QT5CORE ref: 00007FF60CFE59F8
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE5A0A
?setStyleSheet@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE5A29
?setIconSize@QAbstractButton@@QEAAXAEBVQSize@@@Z.QT5WIDGETS ref: 00007FF60CFE5A36
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE5A48
??0QIcon@@QEAA@AEBVQString@@@Z.QT5GUI ref: 00007FF60CFE5A63
?setIcon@QAbstractButton@@QEAAXAEBVQIcon@@@Z.QT5WIDGETS ref: 00007FF60CFE5A70
??1QIcon@@QEAA@XZ.QT5GUI ref: 00007FF60CFE5A7E
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE5A8C
??0QCursor@@QEAA@W4CursorShape@Qt@@@Z.QT5GUI ref: 00007FF60CFE5A9E
?setCursor@QWidget@@QEAAXAEBVQCursor@@@Z.QT5WIDGETS ref: 00007FF60CFE5AAF
??1QCursor@@QEAA@XZ.QT5GUI ref: 00007FF60CFE5ABD
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFE5AE3
?setToolTip@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE5AF4
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE5B02
?setStyleSheet@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE5B1A
?setIconSize@QAbstractButton@@QEAAXAEBVQSize@@@Z.QT5WIDGETS ref: 00007FF60CFE5B27
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE5B39
??0QIcon@@QEAA@AEBVQString@@@Z.QT5GUI ref: 00007FF60CFE5B54
?setIcon@QAbstractButton@@QEAAXAEBVQIcon@@@Z.QT5WIDGETS ref: 00007FF60CFE5B61
??1QIcon@@QEAA@XZ.QT5GUI ref: 00007FF60CFE5B6F
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE5B7D
??0QCursor@@QEAA@W4CursorShape@Qt@@@Z.QT5GUI ref: 00007FF60CFE5B8F
?setCursor@QWidget@@QEAAXAEBVQCursor@@@Z.QT5WIDGETS ref: 00007FF60CFE5BA0
??1QCursor@@QEAA@XZ.QT5GUI ref: 00007FF60CFE5BAE
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFE5BD4
?setToolTip@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE5BE5
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE5BF3
?setStyleSheet@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE5C0E
?setIconSize@QAbstractButton@@QEAAXAEBVQSize@@@Z.QT5WIDGETS ref: 00007FF60CFE5C1B
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE5C2D
??0QIcon@@QEAA@AEBVQString@@@Z.QT5GUI ref: 00007FF60CFE5C48
?setIcon@QAbstractButton@@QEAAXAEBVQIcon@@@Z.QT5WIDGETS ref: 00007FF60CFE5C55
??1QIcon@@QEAA@XZ.QT5GUI ref: 00007FF60CFE5C63
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE5C71
??0QCursor@@QEAA@W4CursorShape@Qt@@@Z.QT5GUI ref: 00007FF60CFE5C83
?setCursor@QWidget@@QEAAXAEBVQCursor@@@Z.QT5WIDGETS ref: 00007FF60CFE5C94
??1QCursor@@QEAA@XZ.QT5GUI ref: 00007FF60CFE5CA2
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFE5CC8
?setToolTip@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE5CD9
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE5CE7
?setStyleSheet@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE5D02
?setIconSize@QAbstractButton@@QEAAXAEBVQSize@@@Z.QT5WIDGETS ref: 00007FF60CFE5D0F
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE5D21
??0QIcon@@QEAA@AEBVQString@@@Z.QT5GUI ref: 00007FF60CFE5D3C
?setIcon@QAbstractButton@@QEAAXAEBVQIcon@@@Z.QT5WIDGETS ref: 00007FF60CFE5D49
??1QIcon@@QEAA@XZ.QT5GUI ref: 00007FF60CFE5D57
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE5D65
??0QCursor@@QEAA@W4CursorShape@Qt@@@Z.QT5GUI ref: 00007FF60CFE5D77
?setCursor@QWidget@@QEAAXAEBVQCursor@@@Z.QT5WIDGETS ref: 00007FF60CFE5D88
??1QCursor@@QEAA@XZ.QT5GUI ref: 00007FF60CFE5D96
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFE5DBC
?setToolTip@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE5DCD
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE5DDB

Part of subcall function 00007FF60CFF1B80: ?setContextMenuPolicy@QWidget@@QEAAXW4ContextMenuPolicy@Qt@@@Z.QT5WIDGETS ref: 00007FF60CFF1B9E
Part of subcall function 00007FF60CFF1B80: ??0QSize@@QEAA@HH@Z.QT5CORE ref: 00007FF60CFF1BBE
Part of subcall function 00007FF60CFF1B80: ?setIconSize@QToolBar@@QEAAXAEBVQSize@@@Z.QT5WIDGETS ref: 00007FF60CFF1BCA
Part of subcall function 00007FF60CFF1B80: ??0QToolButton@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60CFF1BE7
Part of subcall function 00007FF60CFF1B80: ?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFF1C15
Part of subcall function 00007FF60CFF1B80: ??0QIcon@@QEAA@AEBVQString@@@Z.QT5GUI ref: 00007FF60CFF1C27
Part of subcall function 00007FF60CFF1B80: ?setIcon@QAbstractButton@@QEAAXAEBVQIcon@@@Z.QT5WIDGETS ref: 00007FF60CFF1C34
Part of subcall function 00007FF60CFF1B80: ??1QIcon@@QEAA@XZ.QT5GUI ref: 00007FF60CFF1C3F
Part of subcall function 00007FF60CFF1B80: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFF1C4A
Part of subcall function 00007FF60CFF1B80: ?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFF1C6D
Part of subcall function 00007FF60CFF1B80: ?setToolTip@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFF1C7B
Part of subcall function 00007FF60CFF1B80: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFF1C86
Part of subcall function 00007FF60CFF1B80: ?addWidget@QToolBar@@QEAAPEAVQAction@@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60CFF1C92
Part of subcall function 00007FF60CFF1B80: ??0QCursor@@QEAA@W4CursorShape@Qt@@@Z.QT5GUI ref: 00007FF60CFF1CA1
Part of subcall function 00007FF60CFF1B80: ?setCursor@QWidget@@QEAAXAEBVQCursor@@@Z.QT5WIDGETS ref: 00007FF60CFF1CAF
Part of subcall function 00007FF60CFF1B80: ??1QCursor@@QEAA@XZ.QT5GUI ref: 00007FF60CFF1CBA
Part of subcall function 00007FF60CFF1B80: ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FF60CFF1CE5
Part of subcall function 00007FF60CFF1B80: ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFF1CEF
Part of subcall function 00007FF60CFF1B80: ??0QToolButton@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60CFF1D0B
Part of subcall function 00007FF60CFF1B80: ?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFF1D23

?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE5DF5
?setTextInteractionFlags@QLabel@@QEAAXV?$QFlags@W4TextInteractionFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60CFE5E12
?setOpenExternalLinks@QLabel@@QEAAX_N@Z.QT5WIDGETS ref: 00007FF60CFE5E28
??0QCursor@@QEAA@W4CursorShape@Qt@@@Z.QT5GUI ref: 00007FF60CFE5E3A
?setCursor@QWidget@@QEAAXAEBVQCursor@@@Z.QT5WIDGETS ref: 00007FF60CFE5E56
??1QCursor@@QEAA@XZ.QT5GUI ref: 00007FF60CFE5E64
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE5E76
??0QChar@@QEAA@UQLatin1Char@@@Z.QT5CORE ref: 00007FF60CFE5E89
?arg@QString@@QEBA?AV1@AEBV1@HVQChar@@@Z.QT5CORE ref: 00007FF60CFE5EAC
?setText@QLabel@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE5EC4
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE5ED2
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE5EE0
?setToolTip@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE5EF8
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE5F0A
??0QIcon@@QEAA@AEBVQString@@@Z.QT5GUI ref: 00007FF60CFE5F25
?setIcon@QAbstractButton@@QEAAXAEBVQIcon@@@Z.QT5WIDGETS ref: 00007FF60CFE5F3D
??1QIcon@@QEAA@XZ.QT5GUI ref: 00007FF60CFE5F4B
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE5F59
??0QSize@@QEAA@HH@Z.QT5CORE ref: 00007FF60CFE5F6E
?setIconSize@QAbstractButton@@QEAAXAEBVQSize@@@Z.QT5WIDGETS ref: 00007FF60CFE5F85
??4QString@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60CFE5F96
?setTextInteractionFlags@QLabel@@QEAAXV?$QFlags@W4TextInteractionFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60CFE5FAF
?setOpenExternalLinks@QLabel@@QEAAX_N@Z.QT5WIDGETS ref: 00007FF60CFE5FC5
??0QCursor@@QEAA@W4CursorShape@Qt@@@Z.QT5GUI ref: 00007FF60CFE5FD7
?setCursor@QWidget@@QEAAXAEBVQCursor@@@Z.QT5WIDGETS ref: 00007FF60CFE5FF3
??1QCursor@@QEAA@XZ.QT5GUI ref: 00007FF60CFE6001
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE6013
??0QChar@@QEAA@UQLatin1Char@@@Z.QT5CORE ref: 00007FF60CFE6026
?arg@QString@@QEBA?AV1@AEBV1@HVQChar@@@Z.QT5CORE ref: 00007FF60CFE6049
?setText@QLabel@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE6061
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE606F
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE607D
?setToolTip@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE6095
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FF60CFE6135
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6142

Part of subcall function 00007FF60CFF5430: ?currentText@QComboBox@@QEBA?AVQString@@XZ.QT5WIDGETS ref: 00007FF60CFF5455
Part of subcall function 00007FF60CFF5430: ?clear@QComboBox@@QEAAXXZ.QT5WIDGETS ref: 00007FF60CFF546A
Part of subcall function 00007FF60CFF5430: ??0QVariant@@QEAA@PEBD@Z.QT5CORE ref: 00007FF60CFF547E
Part of subcall function 00007FF60CFF5430: ?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFF5491
Part of subcall function 00007FF60CFF5430: ??0QChar@@QEAA@UQLatin1Char@@@Z.QT5CORE ref: 00007FF60CFF54A1
Part of subcall function 00007FF60CFF5430: ?arg@QString@@QEBA?AV1@HHHVQChar@@@Z.QT5CORE ref: 00007FF60CFF54C8
Part of subcall function 00007FF60CFF5430: ?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z.QT5CORE ref: 00007FF60CFF54DE
Part of subcall function 00007FF60CFF5430: ?toString@QVariant@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FF60CFF54EC
Part of subcall function 00007FF60CFF5430: ??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFF54F7
Part of subcall function 00007FF60CFF5430: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFF5502
Part of subcall function 00007FF60CFF5430: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFF550D
Part of subcall function 00007FF60CFF5430: ??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFF5518
Part of subcall function 00007FF60CFF5430: ??0QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFF552C
Part of subcall function 00007FF60CFF5430: ?count@QComboBox@@QEBAHXZ.QT5WIDGETS ref: 00007FF60CFF5546
Part of subcall function 00007FF60CFF5430: ??0QIcon@@QEAA@XZ.QT5GUI ref: 00007FF60CFF5552
Part of subcall function 00007FF60CFF5430: ?insertItem@QComboBox@@QEAAXHAEBVQIcon@@AEBVQString@@AEBVQVariant@@@Z.QT5WIDGETS ref: 00007FF60CFF556A
Part of subcall function 00007FF60CFF5430: ??1QIcon@@QEAA@XZ.QT5GUI ref: 00007FF60CFF5575
Part of subcall function 00007FF60CFF5430: ??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFF5580
Part of subcall function 00007FF60CFF5430: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFF558B
Part of subcall function 00007FF60CFF5430: ?count@QComboBox@@QEBAHXZ.QT5WIDGETS ref: 00007FF60CFF55AC
Part of subcall function 00007FF60CFF5430: ?insertItems@QComboBox@@QEAAXHAEBVQStringList@@@Z.QT5WIDGETS ref: 00007FF60CFF55BE

??0QVariant@@QEAA@PEBD@Z.QT5CORE ref: 00007FF60CFE615E
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE6170
?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z.QT5CORE ref: 00007FF60CFE6196
?toString@QVariant@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FF60CFE61A7
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE61B5
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE61C3
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE61D1
??0QVariant@@QEAA@AEBVQString@@@Z.QT5CORE ref: 00007FF60CFE61F3
?findData@QComboBox@@QEBAHAEBVQVariant@@HV?$QFlags@W4MatchFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60CFE620B
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE621E
??0QVariant@@QEAA@_N@Z.QT5CORE ref: 00007FF60CFE623B
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE6255
?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z.QT5CORE ref: 00007FF60CFE6283
?toBool@QVariant@@QEBA_NXZ.QT5CORE ref: 00007FF60CFE6295
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE62C1
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE62DD
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE62F9
??0QVariant@@QEAA@H@Z.QT5CORE ref: 00007FF60CFE6308
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE631B
?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z.QT5CORE ref: 00007FF60CFE6341
?toInt@QVariant@@QEBAHPEA_N@Z.QT5CORE ref: 00007FF60CFE634D
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE635C
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE636A
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6378
?setChecked@QAbstractButton@@QEAAX_N@Z.QT5WIDGETS ref: 00007FF60CFE6397
?setCurrentIndex@QTabWidget@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60CFE63AD
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE63CC
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE63E8
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE63FC
??0QNetworkAccessManager@@QEAA@PEAVQObject@@@Z.QT5NETWORK ref: 00007FF60CFE6426
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60CFE6458
??0QString@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FF60CFE6492
??0QString@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FF60CFE64EE
??0QString@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FF60CFE6524
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE653C
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FF60CFE6577
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6585
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6593
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE65A0
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE65B2
??0QUrl@@QEAA@AEBVQString@@W4ParsingMode@0@@Z.QT5CORE ref: 00007FF60CFE65D0
??0QNetworkRequest@@QEAA@AEBVQUrl@@@Z.QT5NETWORK ref: 00007FF60CFE65E1
??1QUrl@@QEAA@XZ.QT5CORE ref: 00007FF60CFE65EF
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE65FD
?get@QNetworkAccessManager@@QEAAPEAVQNetworkReply@@AEBVQNetworkRequest@@@Z.QT5NETWORK ref: 00007FF60CFE6611
?setCurrentIndex@QComboBox@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60CFE6662
?defaultTypeFor@QTimer@@CA?AW4TimerType@Qt@@H@Z.QT5CORE ref: 00007FF60CFE6676
?singleShotImpl@QTimer@@CAXHW4TimerType@Qt@@PEBVQObject@@PEAVQSlotObjectBase@QtPrivate@@@Z.QT5CORE ref: 00007FF60CFE66AD
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FF60CFE67C3
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60CFE67D5
??0QVariant@@QEAA@H@Z.QT5CORE ref: 00007FF60CFE67E4
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE67F5
?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z.QT5CORE ref: 00007FF60CFE681B
?toInt@QVariant@@QEBAHPEA_N@Z.QT5CORE ref: 00007FF60CFE6827
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE683B
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6849
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6857
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE6867
?instance@QCoreApplication@@SAPEAV1@XZ.QT5CORE ref: 00007FF60CFE6874
?arguments@QCoreApplication@@SA?AVQStringList@@XZ.QT5CORE ref: 00007FF60CFE687E
?QStringList_contains@QtPrivate@@YA_NPEBVQStringList@@AEBVQString@@W4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FF60CFE6892
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE68E7
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FF60CFE68F5
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6904
??0QByteArray@@QEAA@XZ.QT5CORE ref: 00007FF60CFE691B
??4QString@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60CFE692D
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FF60CFE6942
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FF60CFE6952
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60CFE6963
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FF60CFE6970
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FF60CFE697E
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE699B
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE69B7
?startDetached@QProcess@@SA_NAEBVQString@@AEBVQStringList@@@Z.QT5CORE ref: 00007FF60CFE69C5
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE69DA
??0QChar@@QEAA@H@Z.QT5CORE ref: 00007FF60CFE6A16
??4QString@@QEAAAEAV0@VQChar@@@Z.QT5CORE ref: 00007FF60CFE6A22
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE6A34
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6A56
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FF60CFE6A6B
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FF60CFE6A7B
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60CFE6A8C
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FF60CFE6A9C
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6AAA
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE6ABC
??0QChar@@QEAA@UQLatin1Char@@@Z.QT5CORE ref: 00007FF60CFE6ACC
?arg@QString@@QEBA?AV1@AEBV1@HVQChar@@@Z.QT5CORE ref: 00007FF60CFE6AEB
?setWindowTitle@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE6AF8
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6B06
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6B11
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60CFE6B39
?statusBar@QMainWindow@@QEBAPEAVQStatusBar@@XZ.QT5WIDGETS ref: 00007FF60CFE6B60
?addPermanentWidget@QStatusBar@@QEAAXPEAVQWidget@@H@Z.QT5WIDGETS ref: 00007FF60CFE6B6F
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFE6BAE
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFE6BD2
?warning@QMessageBox@@SA?AW4StandardButton@1@PEAVQWidget@@AEBVQString@@1V?$QFlags@W4StandardButton@QMessageBox@@@@W421@@Z.QT5WIDGETS ref: 00007FF60CFE6BEE
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6BF9
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6C04
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFE6C16
??0QChar@@QEAA@UQLatin1Char@@@Z.QT5CORE ref: 00007FF60CFE6C26
?arg@QString@@QEBA?AV1@AEBV1@HVQChar@@@Z.QT5CORE ref: 00007FF60CFE6C45
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60CFE6C53
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60CFE6C75
?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FF60CFE6C83
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6C91
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6C9F
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6CAA
?setWindowTitle@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFE6CB7
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6CCA
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FF60CFE6CE5
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FF60CFE6CF5
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60CFE6D06
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6D14
?size@QListData@@QEBAHXZ.QT5CORE ref: 00007FF60CFE6D1D
??0QByteArray@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6D6C
??0QByteArray@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6D79
??0QByteArray@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6D86
??0QByteArray@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6D93
?number@QString@@SA?AV1@HH@Z.QT5CORE ref: 00007FF60CFE6DB0
??0QVariant@@QEAA@_N@Z.QT5CORE ref: 00007FF60CFE6DC0
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60CFE6DD8
?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FF60CFE6DEE
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60CFE6DFD
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60CFE6E1F
?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FF60CFE6E2D
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6E3B
?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z.QT5CORE ref: 00007FF60CFE6E57
?toBool@QVariant@@QEBA_NXZ.QT5CORE ref: 00007FF60CFE6E61
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6E71
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6E7F
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6E91
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6E9F
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FF60CFE6EBD
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FF60CFE6ECD
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60CFE6EDE
??6QDebug@@QEAAAEAV0@H@Z.QT5CORE ref: 00007FF60CFE6EE9
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60CFE6EF9
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6F07

Part of subcall function 00007FF60D014750: ?number@QString@@SA?AV1@HH@Z.QT5CORE ref: 00007FF60D014777
Part of subcall function 00007FF60D014750: ?at@QListData@@QEBAPEAPEAXH@Z.QT5CORE ref: 00007FF60D014785
Part of subcall function 00007FF60D014750: ??4QByteArray@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FF60D01479E
Part of subcall function 00007FF60D014750: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0147A8
Part of subcall function 00007FF60D014750: ??0QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60D0147B2
Part of subcall function 00007FF60D014750: ?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D0147CA
Part of subcall function 00007FF60D014750: ?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FF60D0147DF
Part of subcall function 00007FF60D014750: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60D0147EE
Part of subcall function 00007FF60D014750: ?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D01480A
Part of subcall function 00007FF60D014750: ?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FF60D014818
Part of subcall function 00007FF60D014750: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D014823
Part of subcall function 00007FF60D014750: ?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z.QT5CORE ref: 00007FF60D014838
Part of subcall function 00007FF60D014750: ?toString@QVariant@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FF60D014846
Part of subcall function 00007FF60D014750: ??4QByteArray@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FF60D014853
Part of subcall function 00007FF60D014750: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D01485D
Part of subcall function 00007FF60D014750: ??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60D014868
Part of subcall function 00007FF60D014750: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D014873
Part of subcall function 00007FF60D014750: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D014881
Part of subcall function 00007FF60D014750: ??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60D01488C
Part of subcall function 00007FF60D014750: ??0QVariant@@QEAA@H@Z.QT5CORE ref: 00007FF60D01489B
Part of subcall function 00007FF60D014750: ?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D0148B1
Part of subcall function 00007FF60D014750: ?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FF60D0148C6
Part of subcall function 00007FF60D014750: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60D0148D5

??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FF60CFE6F70
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FF60CFE6F80
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60CFE6F91
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FF60CFE6F9E
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6FAC
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6FB7

Part of subcall function 00007FF60CFFC3B0: ?isChecked@QAbstractButton@@QEBA_NXZ.QT5WIDGETS ref: 00007FF60CFFC3E3
Part of subcall function 00007FF60CFFC3B0: ?stop@QTimer@@QEAAXXZ.QT5CORE ref: 00007FF60CFFC3FE
Part of subcall function 00007FF60CFFC3B0: ?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFFC432
Part of subcall function 00007FF60CFFC3B0: ??0QIcon@@QEAA@AEBVQString@@@Z.QT5GUI ref: 00007FF60CFFC447
Part of subcall function 00007FF60CFFC3B0: ?setIcon@QAbstractButton@@QEAAXAEBVQIcon@@@Z.QT5WIDGETS ref: 00007FF60CFFC458
Part of subcall function 00007FF60CFFC3B0: ??1QIcon@@QEAA@XZ.QT5GUI ref: 00007FF60CFFC464
Part of subcall function 00007FF60CFFC3B0: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFFC4B7
Part of subcall function 00007FF60CFFC3B0: ??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FF60CFFC4CA
Part of subcall function 00007FF60CFFC3B0: ?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FF60CFFC4D8
Part of subcall function 00007FF60CFFC3B0: ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60CFFC4E9
Part of subcall function 00007FF60CFFC3B0: ??6QDebug@@QEAAAEAV0@_N@Z.QT5CORE ref: 00007FF60CFFC4F9
Part of subcall function 00007FF60CFFC3B0: ??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FF60CFFC505

??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE6FC2
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FF60CFE6FE2
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FF60CFE6FF2
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60CFE7003
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FF60CFE7011
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE701F
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE702C
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE7039
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE7046
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE7054
??1QNetworkRequest@@QEAA@XZ.QT5NETWORK ref: 00007FF60CFE7062
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE7070
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE707B
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE7086
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE7091
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE709C
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE70A8
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE70B6
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE70C4
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFE70D2

Strings

$LINE , xrefs: 00007FF60CFE4728, 00007FF60CFE48D8
SRTMiniServer (%1), xrefs: 00007FF60CFE3CD5, 00007FF60CFE6AB5, 00007FF60CFE6C0F
http://downloads.garaninapps.com/srtminiserver_win.json, xrefs: 00007FF60CFE4FCB
https://srtminiserver.com/store.html, xrefs: 00007FF60CFE362C
P8*, xrefs: 00007FF60CFE3B1B
COLORBAR_ON_DISCONNECT, xrefs: 00007FF60CFE4E7C
Remote Control, xrefs: 00007FF60CFE5319
QPushButton {border:none;padding:0;margin:0;}, xrefs: 00007FF60CFE5A03
START_LISTEN_RUN, xrefs: 00007FF60CFE66E1
http://keys3.garaninapps.com, xrefs: 00007FF60CFE35B0, 00007FF60CFE366D
QMenuBar {background-color: #222633;color: rgb(255,255,255);}QMenuBar::item {color: rgb(255,255,255);}QMenuBar::item::selected {background-color: rgb(49,49,49);}, xrefs: 00007FF60CFE4FFC
SrtCall/, xrefs: 00007FF60CFE6DCD
1onResetStreamIDS(), xrefs: 00007FF60CFE5504
Tools, xrefs: 00007FF60CFE522B
Reset Stream IDs, xrefs: 00007FF60CFE54C0
1onTestNDITriggered(), xrefs: 00007FF60CFE52DB
Test NDI Generator, xrefs: 00007FF60CFE5297
no_ndi, xrefs: 00007FF60CFE4DA4
LANG, xrefs: 00007FF60CFE4629
sdiout_auto, xrefs: 00007FF60CFE6860
2needOpenRecFolder(int), xrefs: 00007FF60CFE40A6
1onIgnoreStreamIDS(), xrefs: 00007FF60CFE5586
SDIOutAddon.exe, xrefs: 00007FF60CFE6922
..\srtminiserver\mainwindow.cpp, xrefs: 00007FF60CFE35D0
GaraninApps, xrefs: 00007FF60CFE38F5
DISPLAYED_COLORBAR_IMAGE, xrefs: 00007FF60CFE4A40, 00007FF60CFE4BAF
1onConferenceTriggered(), xrefs: 00007FF60CFE53DF
Load lines config, xrefs: 00007FF60CFE5173
:COPY, xrefs: 00007FF60CFE5A41, 00007FF60CFE5B32, 00007FF60CFE5C26
LAST_TEMP_COLORBAR_IMAGE, xrefs: 00007FF60CFE4AC4, 00007FF60CFE4C11
COLORBAR_TEXT, xrefs: 00007FF60CFE4977
Quick Actions, xrefs: 00007FF60CFE5453
Ignore Stream IDs, xrefs: 00007FF60CFE5542
1onLicPeriodCheck(), xrefs: 00007FF60CFE4364
selectedProxyServer, xrefs: 00007FF60CFE6169
NETWORK_IFACE, xrefs: 00007FF60CFE43E2
QMenu {background-color: #222633;color: rgb(255,255,255);}QMenu::item::selected {background-color: rgb(49,49,49);}, xrefs: 00007FF60CFE503C
P16*, xrefs: 00007FF60CFE3B66
1onStatTimer(), xrefs: 00007FF60CFE437D
2needSetRecFolder(int), xrefs: 00007FF60CFE40DD
Instance , xrefs: 00007FF60CFE6A2D
https://srtminiserver.com/trial-info/, xrefs: 00007FF60CFE3618
decoder, xrefs: 00007FF60CFE4465
<a style='color:white;text-decoration:none;' href='%1'><img src=:/QUESTION /></a>, xrefs: 00007FF60CFE5E6F, 00007FF60CFE600C
UDP_MULTICAST_ENABLE, xrefs: 00007FF60CFE3E67
SRTMiniServer $INSTANCE-, xrefs: 00007FF60CFE46CF, 00007FF60CFE487C
q, xrefs: 00007FF60CFE4920
timecode_maxdelay, xrefs: 00007FF60CFE67EE
(*** TRIAL ***), xrefs: 00007FF60CFE6C67
NDI_NAME_TEXT, xrefs: 00007FF60CFE47B8
1on_SetLineRecFolder(int), xrefs: 00007FF60CFE40CE
2triggered(), xrefs: 00007FF60CFE512F, 00007FF60CFE51C6, 00007FF60CFE52EA, 00007FF60CFE536C, 00007FF60CFE53EE, 00007FF60CFE5513, 00007FF60CFE5595
Save lines config, xrefs: 00007FF60CFE50DC
MAX_LINES, xrefs: 00007FF60CFE39DE
use all, xrefs: 00007FF60CFE43CA
KEYSERVER_URL: , xrefs: 00007FF60CFE359D
Copy, xrefs: 00007FF60CFE5ACE, 00007FF60CFE5BBF, 00007FF60CFE5CB3
--slide listing--, xrefs: 00007FF60CFE3DCC
line, xrefs: 00007FF60CFE6EF2
$NAME, xrefs: 00007FF60CFE4773, 00007FF60CFE492C
INSTANCE NAME:, xrefs: 00007FF60CFE6A82
tab_index, xrefs: 00007FF60CFE6314
1onRemoteControlTriggered(), xrefs: 00007FF60CFE535D
Line, xrefs: 00007FF60CFE46B8, 00007FF60CFE4865
autoconnect_proxy, xrefs: 00007FF60CFE624E
2timeout(), xrefs: 00007FF60CFE438C
cert:, xrefs: 00007FF60CFE3BEA
Conference Addon (DEPRECATED), xrefs: 00007FF60CFE539B
===try srt call start, xrefs: 00007FF60CFE6ED4
P4*, xrefs: 00007FF60CFE3AC8
Warning, xrefs: 00007FF60CFE6BC0
1onLoadConfigTriggered(), xrefs: 00007FF60CFE51B7
Config, xrefs: 00007FF60CFE506C
SRTMiniServer, xrefs: 00007FF60CFE3640, 00007FF60CFE38D6
http://core1.garaninapps.com/api/srtproxy/list, xrefs: 00007FF60CFE65AB
===SRT call autostart end, xrefs: 00007FF60CFE6FF9
ARROW_LRMODE, xrefs: 00007FF60CFE4501
===SRT call autostart, xrefs: 00007FF60CFE6CFC
:SETTINGS, xrefs: 00007FF60CFE5D1A
https://srtminiserver.com/remoteslides/, xrefs: 00007FF60CFE5DEE
6e5d8293-04a2-4b2c-a9d1-56e7f58713FF, xrefs: 00007FF60CFE324E
auto, xrefs: 00007FF60CFE6994
:/REFRESH, xrefs: 00007FF60CFE5F03
1on_OpenLineRecFolder(int), xrefs: 00007FF60CFE4090
start SDIOutAddon Addon, xrefs: 00007FF60CFE6959
Show report, xrefs: 00007FF60CFE5723
1onSaveConfigTriggered(), xrefs: 00007FF60CFE5120
https://srtminiserver.com/help/dynamic_dns.html, xrefs: 00007FF60CFE5F8B
Open logs folder, xrefs: 00007FF60CFE5668
FAIL srt call autostart err:, xrefs: 00007FF60CFE6F87
Crash reports, xrefs: 00007FF60CFE57E2
%1: %2, xrefs: 00007FF60CFE3F81
:COLOR_BAR, xrefs: 00007FF60CFE4A28, 00007FF60CFE4B2F, 00007FF60CFE4B88, 00007FF60CFE4B95
/autostart, xrefs: 00007FF60CFE6E11
Your license is not applied for this version.TRIAL mode activated., xrefs: 00007FF60CFE6B9C
Logs, xrefs: 00007FF60CFE55FA
SETTINGS:, xrefs: 00007FF60CFE398E
Change custom proxy, xrefs: 00007FF60CFE5DA7

Memory Dump Source

Source File: 0000000F.00000002.3088052427.00007FF60CFC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF60CFC0000, based on PE: true

Associated: 0000000F.00000002.3088035517.00007FF60CFC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088110305.00007FF60D086000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088157309.00007FF60D101000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088175807.00007FF60D104000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088193777.00007FF60D108000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088211068.00007FF60D10B000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff60cfc0000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Object@@$Variant@@$Meta$?from$?set$Connection@$Data@$ArrayAscii_helper@Typed$String@@@$Debug@@$Array@@Byte$Widget@@$Type@$V0@@$Connection$ObjectQt@@@$Private@@Qt@@Settings@@$Base@Icon@@Impl@Slot$?connectMessageU3@@$?tr@$Cursor@@Logger@@$?add?value@V2@@$Button@@Char@@@$Action@@Flags@Utf8@$?append@AbstractBar@@V1@@$Box@@Menu@@$ComboMenu$Label@@Object@@@$?connect@Tool$?debug@Action@CursorCursor@Cursor@@@InteractionQt@@@@@Shape@TextTimer@@$Char@@Sheet@StringString@Style$?arg@Data@@Latin1ListMainWidget@@@Window@@$Bar@Flag@Icon@Icon@@@Tip@$?menuApplication@@CoreIconNetworkSize@Size@@@Window$Bool@ExternalLinks@List@@Menu@Menu@@@Name@OpenVariant@@@$?count@?insertCaseInt@Layout@@Sensitivity@V0@$$$?arguments@?dispose@?instance@?number@A@$$CurrentData@1@@FileIndex@Info@@Item@Size@@Text@Title@Widget@$?at@?exists@?single?startsAccessAttribute@Checked@Concurrency::cancel_current_taskContextFile@@List@@@List_contains@Manager@@Mode@0@@Policy@Request@@StandardStatusTimerUrl@@Value@With@mallocmemset$?begin@?clear@?click@?complete?current?default?end@?file?find?get@?object?resize@?size@?start?status?stop@?sync@?text@?trimmed@?warning@Address@@AlignmentBox@@@@Button@Button@1@ContentsDatabase@@Date@@DefaultDetached@Edit@@File@For@Format@Format@1@@GridHostItems@LineLower@Margins@MatchMemory@@Mtx_init_in_situMutex@@ParsingPermanentPrivate@@@Process@@Qt@@_RecursionReply@@Request@@@SharedShotShot@Socket@@Spacing@String@@0String@@1Suffix@Thread@@Translator@@TypeUrl@@@V0@_W421@@Widget
String ID: $LINE $ (*** TRIAL ***)$$NAME$%1: %2$--slide listing--$..\srtminiserver\mainwindow.cpp$/autostart$1onConferenceTriggered()$1onIgnoreStreamIDS()$1onLicPeriodCheck()$1onLoadConfigTriggered()$1onRemoteControlTriggered()$1onResetStreamIDS()$1onSaveConfigTriggered()$1onStatTimer()$1onTestNDITriggered()$1on_OpenLineRecFolder(int)$1on_SetLineRecFolder(int)$2needOpenRecFolder(int)$2needSetRecFolder(int)$2timeout()$2triggered()$6e5d8293-04a2-4b2c-a9d1-56e7f58713FF$:/REFRESH$:COLOR_BAR$:COPY$:SETTINGS$<a style='color:white;text-decoration:none;' href='%1'><img src=:/QUESTION /></a>$===SRT call autostart$===SRT call autostart end$===try srt call start$ARROW_LRMODE$COLORBAR_ON_DISCONNECT$COLORBAR_TEXT$Change custom proxy$Conference Addon (DEPRECATED)$Config$Copy$Crash reports$DISPLAYED_COLORBAR_IMAGE$FAIL srt call autostart err:$GaraninApps$INSTANCE NAME:$Ignore Stream IDs$Instance $KEYSERVER_URL: $LANG$LAST_TEMP_COLORBAR_IMAGE$Line$Load lines config$Logs$MAX_LINES$NDI_NAME_TEXT$NETWORK_IFACE$Open logs folder$P16*$P4*$P8*$QMenu {background-color: #222633;color: rgb(255,255,255);}QMenu::item::selected {background-color: rgb(49,49,49);}$QMenuBar {background-color: #222633;color: rgb(255,255,255);}QMenuBar::item {color: rgb(255,255,255);}QMenuBar::item::selected {background-color: rgb(49,49,49);}$QPushButton {border:none;padding:0;margin:0;}$Quick Actions$Remote Control$Reset Stream IDs$SDIOutAddon.exe$SETTINGS:$SRTMiniServer$SRTMiniServer $INSTANCE-$SRTMiniServer (%1)$START_LISTEN_RUN$Save lines config$Show report$SrtCall/$Test NDI Generator$Tools$UDP_MULTICAST_ENABLE$Warning$Your license is not applied for this version.TRIAL mode activated.$auto$autoconnect_proxy$cert:$decoder$http://core1.garaninapps.com/api/srtproxy/list$http://downloads.garaninapps.com/srtminiserver_win.json$http://keys3.garaninapps.com$https://srtminiserver.com/help/dynamic_dns.html$https://srtminiserver.com/remoteslides/$https://srtminiserver.com/store.html$https://srtminiserver.com/trial-info/$line$no_ndi$q$sdiout_auto$selectedProxyServer$start SDIOutAddon Addon$tab_index$timecode_maxdelay$use all
API String ID: 552701702-3172525486
Opcode ID: 04ce73a3a9553217067a4bb4fc63d951873e417e81099f7da245ddf6189cd592
Instruction ID: 56600de6eaea4e1db26c4447332d0701f90b9697c8e89c531fc2071faac54840
Opcode Fuzzy Hash: 04ce73a3a9553217067a4bb4fc63d951873e417e81099f7da245ddf6189cd592
Instruction Fuzzy Hash: 9F832D32A05B82DAEB20DF20E8542ED3361FB85749FA15231D68F87668EF7CD649C744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF60D004110 Relevance: 808.8, APIs: 411, Strings: 50, Instructions: 2059
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

?objectName@QObject@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FF60D00413A
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D00414C
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D004166
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D004173
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D00417F
?resize@QWidget@@QEAAXHH@Z.QT5WIDGETS ref: 00007FF60D004191
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D0041A9
?setWindowTitle@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60D0041B6
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0041C2
??0QWidget@@QEAA@PEAV0@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D0041E3
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D004213
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D004220
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D00422C
??0QVBoxLayout@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D00424A
?setSpacing@QBoxLayout@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D004271
?setContentsMargins@QLayout@@QEAAXHHHH@Z.QT5WIDGETS ref: 00007FF60D00428E
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D0042A6
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D0042B4
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0042C0
?setContentsMargins@QLayout@@QEAAXHHHH@Z.QT5WIDGETS ref: 00007FF60D0042DE
??0QTabWidget@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D0042FC
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D00432D
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D00433B
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D004347
??0QSize@@QEAA@HH@Z.QT5CORE ref: 00007FF60D00435D
?setMaximumSize@QWidget@@QEAAXAEBVQSize@@@Z.QT5WIDGETS ref: 00007FF60D00436A
?setTabShape@QTabWidget@@QEAAXW4TabShape@1@@Z.QT5WIDGETS ref: 00007FF60D004376

Part of subcall function 00007FF60D076824: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF60D07683E

??0QWidget@@QEAA@PEAV0@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D004396
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D0043B9
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D0043C7
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0043D3
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D0043EB
?setAccessibleName@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60D0043F9
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D004405
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D00441D
?setStyleSheet@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60D00442B
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D004437

Part of subcall function 00007FF60D076824: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF60D076854
Part of subcall function 00007FF60D076824: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF60D07685A

??0QVBoxLayout@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D004456
?setSpacing@QBoxLayout@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D00446F
?setContentsMargins@QLayout@@QEAAXHHHH@Z.QT5WIDGETS ref: 00007FF60D00448C
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D0044A4
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D0044B2
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0044BE
??0QLabel@@QEAA@PEAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D0044E0
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D004511
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D00451F
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D00452B
?setAlignment@QLabel@@QEAAXV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D00453A
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D00454E
??0QHBoxLayout@@QEAA@XZ.QT5WIDGETS ref: 00007FF60D004569
?setSpacing@QBoxLayout@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D004590
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D0045A8
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D0045B6
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0045C2
??0QLineEdit@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D0045E1
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D004612
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D004620
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D00462C
??0QSize@@QEAA@HH@Z.QT5CORE ref: 00007FF60D00463F
?setMinimumSize@QWidget@@QEAAXAEBVQSize@@@Z.QT5WIDGETS ref: 00007FF60D00464C
?setReadOnly@QLineEdit@@QEAAX_N@Z.QT5WIDGETS ref: 00007FF60D004658
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D00466C
??0QPushButton@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D00468B
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D0046BC
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D0046CA
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0046D6
??0QSize@@QEAA@HH@Z.QT5CORE ref: 00007FF60D0046EA
?setMaximumSize@QWidget@@QEAAXAEBVQSize@@@Z.QT5WIDGETS ref: 00007FF60D0046F7
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D00470B
?addLayout@QBoxLayout@@QEAAXPEAVQLayout@@H@Z.QT5WIDGETS ref: 00007FF60D00471C
??0QSpacerItem@@QEAA@HHW4Policy@QSizePolicy@@0@Z.QT5WIDGETS ref: 00007FF60D00474C
??0QByteArray@@QEAA@XZ.QT5CORE ref: 00007FF60D004772
?addTab@QTabWidget@@QEAAHPEAVQWidget@@AEBVQString@@@Z.QT5WIDGETS ref: 00007FF60D004784
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D004790
??0QWidget@@QEAA@PEAV0@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D0047B0
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D0047E1
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D0047EF
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0047FB
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D004813
?setAccessibleName@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60D004821
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D00482D
??0QVBoxLayout@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D00484C
?setSpacing@QBoxLayout@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D004865
?setContentsMargins@QLayout@@QEAAXHHHH@Z.QT5WIDGETS ref: 00007FF60D004882
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D00489A
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D0048A8
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0048B4
??0QHBoxLayout@@QEAA@XZ.QT5WIDGETS ref: 00007FF60D0048CF
?setSpacing@QBoxLayout@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D0048F6
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D00490E
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D00491C
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D004928
??0QSpacerItem@@QEAA@HHW4Policy@QSizePolicy@@0@Z.QT5WIDGETS ref: 00007FF60D004958
??0QLabel@@QEAA@PEAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D004995
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D0049C6
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D0049D4
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0049E0
?setAlignment@QLabel@@QEAAXV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D0049EF
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D004A03
??0QSpacerItem@@QEAA@HHW4Policy@QSizePolicy@@0@Z.QT5WIDGETS ref: 00007FF60D004A33
?addLayout@QBoxLayout@@QEAAXPEAVQLayout@@H@Z.QT5WIDGETS ref: 00007FF60D004A5F
??0QHBoxLayout@@QEAA@XZ.QT5WIDGETS ref: 00007FF60D004A7A
?setSpacing@QBoxLayout@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D004AA4
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D004ABC
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D004ACD
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D004AD9
??0QLineEdit@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D004AF8
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D004B1E
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D004B2F
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D004B3B
??0QSizePolicy@@QEAA@W4Policy@0@0W4ControlType@0@@Z.QT5WIDGETS ref: 00007FF60D004B55
?setHorizontalStretch@QSizePolicy@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D004B64
?setVerticalStretch@QSizePolicy@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D004B73
?sizePolicy@QWidget@@QEBA?AVQSizePolicy@@XZ.QT5WIDGETS ref: 00007FF60D004B85
?hasHeightForWidth@QSizePolicy@@QEBA_NXZ.QT5WIDGETS ref: 00007FF60D004B8E
?setHeightForWidth@QSizePolicy@@QEAAX_N@Z.QT5WIDGETS ref: 00007FF60D004B9E
?setSizePolicy@QWidget@@QEAAXVQSizePolicy@@@Z.QT5WIDGETS ref: 00007FF60D004BB1
??0QSize@@QEAA@HH@Z.QT5CORE ref: 00007FF60D004BC4
?setMinimumSize@QWidget@@QEAAXAEBVQSize@@@Z.QT5WIDGETS ref: 00007FF60D004BD4
?setReadOnly@QLineEdit@@QEAAX_N@Z.QT5WIDGETS ref: 00007FF60D004BE3
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D004BFD
??0QPushButton@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D004C1C
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D004C50
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D004C61
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D004C6D
??0QSize@@QEAA@HH@Z.QT5CORE ref: 00007FF60D004C81
?setMaximumSize@QWidget@@QEAAXAEBVQSize@@@Z.QT5WIDGETS ref: 00007FF60D004C91
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D004CAB
?addLayout@QBoxLayout@@QEAAXPEAVQLayout@@H@Z.QT5WIDGETS ref: 00007FF60D004CBF
??0QHBoxLayout@@QEAA@XZ.QT5WIDGETS ref: 00007FF60D004CDA
?setSpacing@QBoxLayout@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D004D04
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D004D1C
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D004D2D
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D004D39
??0QCheckBox@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D004D58
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D004D8C
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D004D9D
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D004DA9
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D004DC3
??0QLabel@@QEAA@PEAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D004DE5
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D004E19
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D004E2A
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D004E36
??0QSizePolicy@@QEAA@W4Policy@0@0W4ControlType@0@@Z.QT5WIDGETS ref: 00007FF60D004E50
?setHorizontalStretch@QSizePolicy@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D004E5F
?setVerticalStretch@QSizePolicy@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D004E6E
?sizePolicy@QWidget@@QEBA?AVQSizePolicy@@XZ.QT5WIDGETS ref: 00007FF60D004E80
?hasHeightForWidth@QSizePolicy@@QEBA_NXZ.QT5WIDGETS ref: 00007FF60D004E89
?setHeightForWidth@QSizePolicy@@QEAAX_N@Z.QT5WIDGETS ref: 00007FF60D004E99
?setSizePolicy@QWidget@@QEAAXVQSizePolicy@@@Z.QT5WIDGETS ref: 00007FF60D004EAC
??0QSize@@QEAA@HH@Z.QT5CORE ref: 00007FF60D004EBF
?setMinimumSize@QWidget@@QEAAXAEBVQSize@@@Z.QT5WIDGETS ref: 00007FF60D004ECF
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D004EE9
??0QSpacerItem@@QEAA@HHW4Policy@QSizePolicy@@0@Z.QT5WIDGETS ref: 00007FF60D004F19
?addLayout@QBoxLayout@@QEAAXPEAVQLayout@@H@Z.QT5WIDGETS ref: 00007FF60D004F4E
??0QHBoxLayout@@QEAA@XZ.QT5WIDGETS ref: 00007FF60D004F69
?setSpacing@QBoxLayout@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D004F93
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D004FAB
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D004FBC
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D004FC8
??0QSpacerItem@@QEAA@HHW4Policy@QSizePolicy@@0@Z.QT5WIDGETS ref: 00007FF60D004FF8
??0QLabel@@QEAA@PEAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D00503B
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D00506F
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D005080
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D00508C
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D0050A6
??0QLabel@@QEAA@PEAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D0050C8
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D0050FC
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D00510D
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D005119
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D005133
?addLayout@QBoxLayout@@QEAAXPEAVQLayout@@H@Z.QT5WIDGETS ref: 00007FF60D005147
??0QByteArray@@QEAA@XZ.QT5CORE ref: 00007FF60D005152
?addTab@QTabWidget@@QEAAHPEAVQWidget@@AEBVQString@@@Z.QT5WIDGETS ref: 00007FF60D005164
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D005170
??0QWidget@@QEAA@PEAV0@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D005190
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D0051C4
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D0051D5
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0051E1
??0QVBoxLayout@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D005203
?setSpacing@QBoxLayout@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D00521F
?setContentsMargins@QLayout@@QEAAXHHHH@Z.QT5WIDGETS ref: 00007FF60D00523F
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D005257
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D005268
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D005274
??0QHBoxLayout@@QEAA@XZ.QT5WIDGETS ref: 00007FF60D00528F
?setSpacing@QBoxLayout@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D0052B9
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D0052D1
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D0052E2
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0052EE
??0QSpacerItem@@QEAA@HHW4Policy@QSizePolicy@@0@Z.QT5WIDGETS ref: 00007FF60D00531E
??0QLabel@@QEAA@PEAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D005364
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D005398
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D0053A9
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0053B5
?setAlignment@QLabel@@QEAAXV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D0053C7
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D0053E1
??0QSpacerItem@@QEAA@HHW4Policy@QSizePolicy@@0@Z.QT5WIDGETS ref: 00007FF60D005411
?addLayout@QBoxLayout@@QEAAXPEAVQLayout@@H@Z.QT5WIDGETS ref: 00007FF60D005449
??0QHBoxLayout@@QEAA@XZ.QT5WIDGETS ref: 00007FF60D005464
?setSpacing@QBoxLayout@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D005480
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D005498
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D0054A9
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0054B5
??0QComboBox@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D0054D7
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D00550B
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D00551C
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D005528
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D005542
??0QLabel@@QEAA@PEAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D005567
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D00559B
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D0055AC
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0055B8
?sizePolicy@QWidget@@QEBA?AVQSizePolicy@@XZ.QT5WIDGETS ref: 00007FF60D0055CA
?hasHeightForWidth@QSizePolicy@@QEBA_NXZ.QT5WIDGETS ref: 00007FF60D0055D3
?setHeightForWidth@QSizePolicy@@QEAAX_N@Z.QT5WIDGETS ref: 00007FF60D0055E3
?setSizePolicy@QWidget@@QEAAXVQSizePolicy@@@Z.QT5WIDGETS ref: 00007FF60D0055F6
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D00560E
?setText@QLabel@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60D00561F
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D00562B
?setAlignment@QLabel@@QEAAXV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D00563D
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D005657
??0QPushButton@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D005679
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D0056AD
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D0056BE
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0056CA
??0QSizePolicy@@QEAA@W4Policy@0@0W4ControlType@0@@Z.QT5WIDGETS ref: 00007FF60D0056E2
?setHorizontalStretch@QSizePolicy@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D0056EF
?setVerticalStretch@QSizePolicy@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D0056FC
?sizePolicy@QWidget@@QEBA?AVQSizePolicy@@XZ.QT5WIDGETS ref: 00007FF60D00570E
?hasHeightForWidth@QSizePolicy@@QEBA_NXZ.QT5WIDGETS ref: 00007FF60D005717
?setHeightForWidth@QSizePolicy@@QEAAX_N@Z.QT5WIDGETS ref: 00007FF60D005725
?setSizePolicy@QWidget@@QEAAXVQSizePolicy@@@Z.QT5WIDGETS ref: 00007FF60D005736
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D005750
??0QPushButton@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D005772
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D0057A6
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D0057B7
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0057C3
??0QSize@@QEAA@HH@Z.QT5CORE ref: 00007FF60D0057D7
?setMaximumSize@QWidget@@QEAAXAEBVQSize@@@Z.QT5WIDGETS ref: 00007FF60D0057E7
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D005801
?addLayout@QBoxLayout@@QEAAXPEAVQLayout@@H@Z.QT5WIDGETS ref: 00007FF60D005818
??0QSpacerItem@@QEAA@HHW4Policy@QSizePolicy@@0@Z.QT5WIDGETS ref: 00007FF60D005847
??0QHBoxLayout@@QEAA@XZ.QT5WIDGETS ref: 00007FF60D005883
?setSpacing@QBoxLayout@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D0058AD
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D0058C5
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D0058D6
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0058E2
??0QLabel@@QEAA@PEAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D005907
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D00593B
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D00594C
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D005958
??0QSizePolicy@@QEAA@W4Policy@0@0W4ControlType@0@@Z.QT5WIDGETS ref: 00007FF60D005971
?setHorizontalStretch@QSizePolicy@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D005980
?setVerticalStretch@QSizePolicy@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D00598F
?sizePolicy@QWidget@@QEBA?AVQSizePolicy@@XZ.QT5WIDGETS ref: 00007FF60D0059A1
?hasHeightForWidth@QSizePolicy@@QEBA_NXZ.QT5WIDGETS ref: 00007FF60D0059AA
?setHeightForWidth@QSizePolicy@@QEAAX_N@Z.QT5WIDGETS ref: 00007FF60D0059BA
?setSizePolicy@QWidget@@QEAAXVQSizePolicy@@@Z.QT5WIDGETS ref: 00007FF60D0059CD
?setAlignment@QLabel@@QEAAXV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D0059DF
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D0059F9
??0QCheckBox@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D005A1B
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D005A40
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D005A51
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D005A5C
??0QSizePolicy@@QEAA@W4Policy@0@0W4ControlType@0@@Z.QT5WIDGETS ref: 00007FF60D005A72
?setHorizontalStretch@QSizePolicy@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D005A7F
?setVerticalStretch@QSizePolicy@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D005A8C
?sizePolicy@QWidget@@QEBA?AVQSizePolicy@@XZ.QT5WIDGETS ref: 00007FF60D005A9E
?hasHeightForWidth@QSizePolicy@@QEBA_NXZ.QT5WIDGETS ref: 00007FF60D005AA7
?setHeightForWidth@QSizePolicy@@QEAAX_N@Z.QT5WIDGETS ref: 00007FF60D005AB5
?setSizePolicy@QWidget@@QEAAXVQSizePolicy@@@Z.QT5WIDGETS ref: 00007FF60D005AC6
??0QSize@@QEAA@HH@Z.QT5CORE ref: 00007FF60D005ADC
?setMaximumSize@QWidget@@QEAAXAEBVQSize@@@Z.QT5WIDGETS ref: 00007FF60D005AEC
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D005B06
??0QSpacerItem@@QEAA@HHW4Policy@QSizePolicy@@0@Z.QT5WIDGETS ref: 00007FF60D005B36
??0QPushButton@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D005B79
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D005BAC
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D005BBD
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D005BC8
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D005BDF
?setText@QAbstractButton@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60D005BF0
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D005BFB
?setCheckable@QAbstractButton@@QEAAX_N@Z.QT5WIDGETS ref: 00007FF60D005C0A
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D005C24
?addLayout@QBoxLayout@@QEAAXPEAVQLayout@@H@Z.QT5WIDGETS ref: 00007FF60D005C3B
??0QSpacerItem@@QEAA@HHW4Policy@QSizePolicy@@0@Z.QT5WIDGETS ref: 00007FF60D005C69
??0QByteArray@@QEAA@XZ.QT5CORE ref: 00007FF60D005C94
?addTab@QTabWidget@@QEAAHPEAVQWidget@@AEBVQString@@@Z.QT5WIDGETS ref: 00007FF60D005CA9
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D005CB4
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D005CC8
??0QGridLayout@@QEAA@XZ.QT5WIDGETS ref: 00007FF60D005CE3
?setSpacing@QGridLayout@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D005D0D
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D005D24
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D005D35
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D005D40
?addLayout@QBoxLayout@@QEAAXPEAVQLayout@@H@Z.QT5WIDGETS ref: 00007FF60D005D54
??0QSpacerItem@@QEAA@HHW4Policy@QSizePolicy@@0@Z.QT5WIDGETS ref: 00007FF60D005D84
??0QHBoxLayout@@QEAA@XZ.QT5WIDGETS ref: 00007FF60D005DBD
?setSpacing@QBoxLayout@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D005DE7
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D005DFE
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D005E0F
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D005E1A
??0QComboBox@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D005E38
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D005E5D
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D005E6E
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D005E79
??0QSize@@QEAA@HH@Z.QT5CORE ref: 00007FF60D005E8B
?setMinimumSize@QWidget@@QEAAXAEBVQSize@@@Z.QT5WIDGETS ref: 00007FF60D005E9B
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D005EB5
??0QLabel@@QEAA@PEAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D005ED5
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D005F08
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D005F19
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D005F24
??0QSize@@QEAA@HH@Z.QT5CORE ref: 00007FF60D005F36
?setMinimumSize@QWidget@@QEAAXAEBVQSize@@@Z.QT5WIDGETS ref: 00007FF60D005F46
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D005F60
??0QComboBox@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D005F7D
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D005FA2
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D005FB3
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D005FBE
??0QSize@@QEAA@HH@Z.QT5CORE ref: 00007FF60D005FD0
?setMinimumSize@QWidget@@QEAAXAEBVQSize@@@Z.QT5WIDGETS ref: 00007FF60D005FE0
??0QSize@@QEAA@HH@Z.QT5CORE ref: 00007FF60D005FF6
?setMaximumSize@QWidget@@QEAAXAEBVQSize@@@Z.QT5WIDGETS ref: 00007FF60D006006
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D006020
??0QPushButton@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D00603E
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D006063
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D006074
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D00607F
?sizePolicy@QWidget@@QEBA?AVQSizePolicy@@XZ.QT5WIDGETS ref: 00007FF60D006091
?hasHeightForWidth@QSizePolicy@@QEBA_NXZ.QT5WIDGETS ref: 00007FF60D00609A
?setHeightForWidth@QSizePolicy@@QEAAX_N@Z.QT5WIDGETS ref: 00007FF60D0060AA
?setSizePolicy@QWidget@@QEAAXVQSizePolicy@@@Z.QT5WIDGETS ref: 00007FF60D0060BD
??0QCursor@@QEAA@W4CursorShape@Qt@@@Z.QT5GUI ref: 00007FF60D0060CC
?setCursor@QWidget@@QEAAXAEBVQCursor@@@Z.QT5WIDGETS ref: 00007FF60D0060DD
??1QCursor@@QEAA@XZ.QT5GUI ref: 00007FF60D0060E8
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D0060FF
?setStyleSheet@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60D006110
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D00611B
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D006135
??0QHBoxLayout@@QEAA@XZ.QT5WIDGETS ref: 00007FF60D006150
?setSpacing@QBoxLayout@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D006177
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D00618E
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D00619F
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0061AA
?setSizeConstraint@QLayout@@QEAAXW4SizeConstraint@1@@Z.QT5WIDGETS ref: 00007FF60D0061BC
?setContentsMargins@QLayout@@QEAAXHHHH@Z.QT5WIDGETS ref: 00007FF60D0061DC
??0QRadioButton@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D0061FA
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D00622D
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D00623E
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D006249
?sizePolicy@QWidget@@QEBA?AVQSizePolicy@@XZ.QT5WIDGETS ref: 00007FF60D00625B
?hasHeightForWidth@QSizePolicy@@QEBA_NXZ.QT5WIDGETS ref: 00007FF60D006264
?setHeightForWidth@QSizePolicy@@QEAAX_N@Z.QT5WIDGETS ref: 00007FF60D006274
?setSizePolicy@QWidget@@QEAAXVQSizePolicy@@@Z.QT5WIDGETS ref: 00007FF60D006287
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D00629E
?setStyleSheet@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60D0062AF
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0062BA
?setChecked@QAbstractButton@@QEAAX_N@Z.QT5WIDGETS ref: 00007FF60D0062C9
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D0062E3
??0QRadioButton@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D006301
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D006326
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D006337
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D006342
?sizePolicy@QWidget@@QEBA?AVQSizePolicy@@XZ.QT5WIDGETS ref: 00007FF60D006353
?hasHeightForWidth@QSizePolicy@@QEBA_NXZ.QT5WIDGETS ref: 00007FF60D00635C
?setHeightForWidth@QSizePolicy@@QEAAX_N@Z.QT5WIDGETS ref: 00007FF60D00636C
?setSizePolicy@QWidget@@QEAAXVQSizePolicy@@@Z.QT5WIDGETS ref: 00007FF60D00637F
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D006396
?setStyleSheet@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60D0063A7
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0063B2
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D0063CC
?addLayout@QBoxLayout@@QEAAXPEAVQLayout@@H@Z.QT5WIDGETS ref: 00007FF60D0063E3
??0QSpacerItem@@QEAA@HHW4Policy@QSizePolicy@@0@Z.QT5WIDGETS ref: 00007FF60D006413
??0QLabel@@QEAA@PEAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D006455
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D006488
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D006499
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0064A4
?setAlignment@QLabel@@QEAAXV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D0064B6
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D0064D0
??0QComboBox@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D0064EE
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D006513
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D006524
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D00652F
??0QSize@@QEAA@HH@Z.QT5CORE ref: 00007FF60D006545
?setMaximumSize@QWidget@@QEAAXAEBVQSize@@@Z.QT5WIDGETS ref: 00007FF60D006555
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D00656F
?addLayout@QBoxLayout@@QEAAXPEAVQLayout@@H@Z.QT5WIDGETS ref: 00007FF60D006583
?setCentralWidget@QMainWindow@@QEAAXPEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D00658F
??0QStatusBar@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D0065AD
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D0065E0
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D0065F1
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0065FC
??0QSizePolicy@@QEAA@W4Policy@0@0W4ControlType@0@@Z.QT5WIDGETS ref: 00007FF60D006614
?setHorizontalStretch@QSizePolicy@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D006621
?setVerticalStretch@QSizePolicy@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D00662E
?sizePolicy@QWidget@@QEBA?AVQSizePolicy@@XZ.QT5WIDGETS ref: 00007FF60D006640
?hasHeightForWidth@QSizePolicy@@QEBA_NXZ.QT5WIDGETS ref: 00007FF60D006649
?setHeightForWidth@QSizePolicy@@QEAAX_N@Z.QT5WIDGETS ref: 00007FF60D006657
?setSizePolicy@QWidget@@QEAAXVQSizePolicy@@@Z.QT5WIDGETS ref: 00007FF60D006668
?setStatusBar@QMainWindow@@QEAAXPEAVQStatusBar@@@Z.QT5WIDGETS ref: 00007FF60D006678
??0QToolBar@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D006696
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D0066C9
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D0066DA
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0066E5
?setMovable@QToolBar@@QEAAX_N@Z.QT5WIDGETS ref: 00007FF60D0066F4
?setOrientation@QToolBar@@QEAAXW4Orientation@Qt@@@Z.QT5WIDGETS ref: 00007FF60D006706
?addToolBar@QMainWindow@@QEAAXW4ToolBarArea@Qt@@PEAVQToolBar@@@Z.QT5WIDGETS ref: 00007FF60D00671B

Part of subcall function 00007FF60D002850: ?translate@QCoreApplication@@SA?AVQString@@PEBD00H@Z.QT5CORE(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D002882
Part of subcall function 00007FF60D002850: ?setText@QLabel@@QEAAXAEBVQString@@@Z.QT5WIDGETS(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D002890
Part of subcall function 00007FF60D002850: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D00289B
Part of subcall function 00007FF60D002850: ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D0028A5
Part of subcall function 00007FF60D002850: ?setText@QAbstractButton@@QEAAXAEBVQString@@@Z.QT5WIDGETS(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D0028B3
Part of subcall function 00007FF60D002850: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D0028BE
Part of subcall function 00007FF60D002850: ?translate@QCoreApplication@@SA?AVQString@@PEBD00H@Z.QT5CORE(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D0028E1
Part of subcall function 00007FF60D002850: ?indexOf@QTabWidget@@QEBAHPEAVQWidget@@@Z.QT5WIDGETS(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D0028F2
Part of subcall function 00007FF60D002850: ?setTabText@QTabWidget@@QEAAXHAEBVQString@@@Z.QT5WIDGETS(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D002901
Part of subcall function 00007FF60D002850: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D00290C
Part of subcall function 00007FF60D002850: ?translate@QCoreApplication@@SA?AVQString@@PEBD00H@Z.QT5CORE(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D00292F
Part of subcall function 00007FF60D002850: ?setText@QLabel@@QEAAXAEBVQString@@@Z.QT5WIDGETS(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D00293D
Part of subcall function 00007FF60D002850: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D002948
Part of subcall function 00007FF60D002850: ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D002952
Part of subcall function 00007FF60D002850: ?setText@QAbstractButton@@QEAAXAEBVQString@@@Z.QT5WIDGETS(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D002963
Part of subcall function 00007FF60D002850: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D00296E
Part of subcall function 00007FF60D002850: ?translate@QCoreApplication@@SA?AVQString@@PEBD00H@Z.QT5CORE(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D002991
Part of subcall function 00007FF60D002850: ?setText@QAbstractButton@@QEAAXAEBVQString@@@Z.QT5WIDGETS(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D0029A2
Part of subcall function 00007FF60D002850: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D0029AD
Part of subcall function 00007FF60D002850: ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D0029B7
Part of subcall function 00007FF60D002850: ?setText@QLabel@@QEAAXAEBVQString@@@Z.QT5WIDGETS(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D0029C8
Part of subcall function 00007FF60D002850: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D0029D3
Part of subcall function 00007FF60D002850: ?translate@QCoreApplication@@SA?AVQString@@PEBD00H@Z.QT5CORE(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D0029F6
Part of subcall function 00007FF60D002850: ?setText@QLabel@@QEAAXAEBVQString@@@Z.QT5WIDGETS(?,?,?,?,?,00007FF60D00672C), ref: 00007FF60D002A07

?setCurrentIndex@QTabWidget@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60D006732
?connectSlotsByName@QMetaObject@@SAXPEAVQObject@@@Z.QT5CORE ref: 00007FF60D00673B

Strings

label_3, xrefs: 00007FF60D00647D
verticalLayout_2, xrefs: 00007FF60D00488E
rbUD, xrefs: 00007FF60D00631B
cmdCopyPA, xrefs: 00007FF60D00579A
lblHelpBottomLinesName, xrefs: 00007FF60D005EFD
label_2, xrefs: 00007FF60D004505
cmdCopyINT, xrefs: 00007FF60D004C44
cbxWindows, xrefs: 00007FF60D005F97
lblEasyWay, xrefs: 00007FF60D005063
MainWindow, xrefs: 00007FF60D00415A, 00007FF60D00419D
horizontalLayout_7, xrefs: 00007FF60D00548C
mainToolBar, xrefs: 00007FF60D0066BE
tab, xrefs: 00007FF60D0043AD, 00007FF60D0043DF
horizontalLayout_6, xrefs: 00007FF60D004D10
ckbAutoConnectProxy, xrefs: 00007FF60D005A35
forConnectFromLocalNetworkLineEdit, xrefs: 00007FF60D004606
verticalLayout, xrefs: 00007FF60D00429A
horizontalLayout_2, xrefs: 00007FF60D004F9F
tab_3, xrefs: 00007FF60D0051B8
lblProxyAddon, xrefs: 00007FF60D0050F0
lblHelpDynDNS, xrefs: 00007FF60D004E0D
lblProxyConditions, xrefs: 00007FF60D00538C
gridLayout, xrefs: 00007FF60D005D19
horizontalLayout_5, xrefs: 00007FF60D004902
pbRefreshWindows, xrefs: 00007FF60D006058
cbProxyServer, xrefs: 00007FF60D0054FF
centralWidget, xrefs: 00007FF60D004207
horizontalLayout_8, xrefs: 00007FF60D0058B9
rbLR, xrefs: 00007FF60D006222
statusBar, xrefs: 00007FF60D0065D5
cmdCopyLOC, xrefs: 00007FF60D0046B0
lblPublicAddress, xrefs: 00007FF60D00558F
cbxLinesNames, xrefs: 00007FF60D005E52
horizontalLayout_3, xrefs: 00007FF60D004AB0
ckbShowDynDNS, xrefs: 00007FF60D004D80
cbxDecoders, xrefs: 00007FF60D006508
border:none;, xrefs: 00007FF60D0060F4
lblAutoStart, xrefs: 00007FF60D00592F
verticalLayout_3, xrefs: 00007FF60D004498
horizontalLayout_9, xrefs: 00007FF60D0052C5
lblNetConditions, xrefs: 00007FF60D0049BA
verticalLayout_4, xrefs: 00007FF60D00524B
tab_2, xrefs: 00007FF60D0047D5, 00007FF60D004807
tabWidget, xrefs: 00007FF60D004321
boxRbArrowsMode, xrefs: 00007FF60D006183
horizontalLayout_4, xrefs: 00007FF60D00459C
cmdConnectProxy, xrefs: 00007FF60D005BA1
pbCustomProxy, xrefs: 00007FF60D0056A1
horizontalLayout, xrefs: 00007FF60D005DF3
forConnectFromINTERNETLineEdit, xrefs: 00007FF60D004B12

Memory Dump Source

Source File: 0000000F.00000002.3088052427.00007FF60CFC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF60CFC0000, based on PE: true

Associated: 0000000F.00000002.3088035517.00007FF60CFC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088110305.00007FF60D086000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088157309.00007FF60D101000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088175807.00007FF60D104000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088193777.00007FF60D108000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088211068.00007FF60D10B000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff60cfc0000_SRTMiniServer.jbxd

Similarity

API ID: ?set$String@@$Widget@@$Layout@@$Size$String@@@$?fromUtf8@$Name@$Object@@$Object$Policy@@$Flags@Qt@@@@@$?add$AlignmentFlag@$Policy@$Widget@$Widget@@@$Label@@$HeightWidth@$Spacing@Window$Button@@Type@$Size@Size@@Size@@@$Item@@Policy@@0@SpacerStretch@$Layout@$?has?sizePolicy@@@Text@$Maximum$AbstractAlignment@Array@@Box@@ByteContentsControlHorizontalMargins@MinimumPolicy@0@0PushToolType@0@@Vertical$?translate@Application@@Core$Bar@@ComboEdit@@LineSheet@Style$MainStatusTab@Window@@$AccessibleBar@Bar@@@CheckConcurrency::cancel_current_taskCursor@@GridOnly@Orientation@Qt@@@RadioReadShape@$?connect?index?object?resize@Area@CentralCheckable@Checked@Constraint@Constraint@1@@CurrentCursorCursor@Cursor@@@Index@MetaMovable@Object@@@Qt@@Shape@1@@SlotsTitle@malloc
String ID: MainWindow$border:none;$boxRbArrowsMode$cbProxyServer$cbxDecoders$cbxLinesNames$cbxWindows$centralWidget$ckbAutoConnectProxy$ckbShowDynDNS$cmdConnectProxy$cmdCopyINT$cmdCopyLOC$cmdCopyPA$forConnectFromINTERNETLineEdit$forConnectFromLocalNetworkLineEdit$gridLayout$horizontalLayout$horizontalLayout_2$horizontalLayout_3$horizontalLayout_4$horizontalLayout_5$horizontalLayout_6$horizontalLayout_7$horizontalLayout_8$horizontalLayout_9$label_2$label_3$lblAutoStart$lblEasyWay$lblHelpBottomLinesName$lblHelpDynDNS$lblNetConditions$lblProxyAddon$lblProxyConditions$lblPublicAddress$mainToolBar$pbCustomProxy$pbRefreshWindows$rbLR$rbUD$statusBar$tab$tabWidget$tab_2$tab_3$verticalLayout$verticalLayout_2$verticalLayout_3$verticalLayout_4
API String ID: 27468836-3545281026
Opcode ID: 0a21d3f53fd1e6b06b6dcc8b5a66817b89151b5d886acc79f06f27fe731a1966
Instruction ID: c6d68533bc86384f963f33fe8277876e619033a7f49a9d8e9b80f418ba9dd49a
Opcode Fuzzy Hash: 0a21d3f53fd1e6b06b6dcc8b5a66817b89151b5d886acc79f06f27fe731a1966
Instruction Fuzzy Hash: 43332C31A14E4296EB509F21F8546AE7360FF89B85FA05235DA9F83768EF7CE508C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62F6B00 Relevance: 152.7, APIs: 72, Strings: 15, Instructions: 470
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FFDF62F8500: memset.VCRUNTIME140 ref: 00007FFDF62F8545
Part of subcall function 00007FFDF62F8500: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?), ref: 00007FFDF62F8712
Part of subcall function 00007FFDF62F8500: ?isEmpty@QString@@QEBA_NXZ.QT5CORE ref: 00007FFDF62F871D
Part of subcall function 00007FFDF62F8500: ??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF62F872F
Part of subcall function 00007FFDF62F8500: ?length@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF62F873A
Part of subcall function 00007FFDF62F8500: ?toLocal8Bit@QString@@QEHAA?AVQByteArray@@XZ.QT5CORE ref: 00007FFDF62F874F
Part of subcall function 00007FFDF62F8500: ??BQByteArray@@QEBAPEBDXZ.QT5CORE ref: 00007FFDF62F8758

CreateFontIndirectW.GDI32 ref: 00007FFDF62F6BAE
?qErrnoWarning@@YAXPEBDZZ.QT5CORE ref: 00007FFDF62F6BCA
SelectObject.GDI32 ref: 00007FFDF62F6BE5
GetTextMetricsW.GDI32 ref: 00007FFDF62F6BFC
?qErrnoWarning@@YAXPEBDZZ.QT5CORE ref: 00007FFDF62F6C14
SelectObject.GDI32 ref: 00007FFDF62F6C46
DeleteObject.GDI32 ref: 00007FFDF62F6C4F
?fromWCharArray@QString@@SA?AV1@PEB_WH@Z.QT5CORE(?), ref: 00007FFDF62F6C7A
??8@YA_NAEBVQString@@0@Z.QT5CORE ref: 00007FFDF62F6C99
?length@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF62F6CAD
?utf16@QString@@QEBAPEBGXZ.QT5CORE ref: 00007FFDF62F6CC4
memmove.VCRUNTIME140 ref: 00007FFDF62F6CD4
CreateFontIndirectW.GDI32 ref: 00007FFDF62F6CE3
?qErrnoWarning@@YAXPEBDZZ.QT5CORE ref: 00007FFDF62F6CFF
SelectObject.GDI32 ref: 00007FFDF62F6D17
?startsWith@QString@@QEBA_NVQLatin1String@@W4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FFDF62F6D62
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF62F6E23
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF62F6E4B
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF62F6E59
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F6E69
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FFDF62F6E75
??6QDebug@@QEAAAEAV0@N@Z.QT5CORE ref: 00007FFDF62F6E83
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F6E93
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F6EA3
?qt_QMetaEnum_debugOperator@@YA?AVQDebug@@AEAV1@HPEBUQMetaObject@@PEBD@Z.QT5CORE ref: 00007FFDF62F6ED4
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62F6EDF
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F6EF1
??6QDebug@@QEAAAEAV0@_N@Z.QT5CORE ref: 00007FFDF62F6EFE
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE ref: 00007FFDF62F6F0B
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F6F1B
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F6F2B
??6QDebug@@QEAAAEAV0@_N@Z.QT5CORE ref: 00007FFDF62F6F38
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62F6F43
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62F6F4E
GetTextFaceW.GDI32 ref: 00007FFDF62F6F95
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF62F6FA2
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF62F6FB0
?fromWCharArray@QString@@SA?AV1@PEB_WH@Z.QT5CORE ref: 00007FFDF62F6FE7
??4QUrl@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62F6FF4
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F6FFF
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F7036
?qt_error_string@@YA?AVQString@@H@Z.QT5CORE ref: 00007FFDF62F706A
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FFDF62F707C
?warning@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF62F7089
?noquote@QDebug@@QEAAAEAV1@XZ.QT5CORE ref: 00007FFDF62F7092
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F70A9
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FFDF62F70B7
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F70C7
??6QDebug@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FFDF62F70EE
??0QDebugStateSaver@@QEAA@AEAVQDebug@@@Z.QT5CORE ref: 00007FFDF62F7109
?noquote@QDebug@@QEAAAEAV1@XZ.QT5CORE ref: 00007FFDF62F711D
?fromWCharArray@QString@@SA?AV1@PEB_WH@Z.QT5CORE ref: 00007FFDF62F7130
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F7145
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FFDF62F7151
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F7161
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE ref: 00007FFDF62F716D
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F717D
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE ref: 00007FFDF62F7189
??6QDebug@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FFDF62F7194
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F719F
??1QDebugStateSaver@@QEAA@XZ.QT5CORE ref: 00007FFDF62F71B7
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62F71C2
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F71D4
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE ref: 00007FFDF62F71E0
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62F71EB
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62F71F5
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62F71FF
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F720A
SelectObject.GDI32 ref: 00007FFDF62F721E
DeleteObject.GDI32 ref: 00007FFDF62F7227
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F7232
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F723D

Strings

HintingPreference, xrefs: 00007FFDF62F6EC1
QWindowsFontDatabase::createEngine, xrefs: 00007FFDF62F6BBC, 00007FFDF62F6C06, 00007FFDF62F6CF1, 00007FFDF62F6E62
useDirectWrite=, xrefs: 00007FFDF62F6F24
dpi, xrefs: 00007FFDF62F6F14
, lfHeight=, xrefs: 00007FFDF62F7176
%s: CreateFontIndirect failed, xrefs: 00007FFDF62F6BC3, 00007FFDF62F6CF8
LOGFONT(", xrefs: 00007FFDF62F7136
dpi=, xrefs: 00007FFDF62F71C8
DirectWrite: CreateFontFaceFromHDC() failed (, xrefs: 00007FFDF62F709B
) for , xrefs: 00007FFDF62F70C0
hintingPreference=, xrefs: 00007FFDF62F6E9C
MingLiU, xrefs: 00007FFDF62F6D3F
color=, xrefs: 00007FFDF62F6EE5
", lfWidth=, xrefs: 00007FFDF62F715A
%s: GetTextMetrics failed, xrefs: 00007FFDF62F6C0D

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$String@@$Object$Array@@ByteV0@@$Logger@@MessageSelect$?fromArray@CharDebugErrnoString@@@Warning@@$?length@?noquote@CreateDeleteFontIndirectMetaSaver@@StateTextV0@_$??8@?debug@?qt_?qt_error_string@@?starts?utf16@?warning@Bit@CaseCategory@@Debug@@@Empty@Enabled@Enum_debugFaceH00@Latin1Local8LoggingMetricsObject@@Operator@@Qt@@@Sensitivity@String@@0@Url@@V0@$$With@memmovememset
String ID: dpi=$", lfWidth=$%s: CreateFontIndirect failed$%s: GetTextMetrics failed$) for $, lfHeight=$DirectWrite: CreateFontFaceFromHDC() failed ($HintingPreference$LOGFONT("$MingLiU$QWindowsFontDatabase::createEngine$color=$dpi$hintingPreference=$useDirectWrite=
API String ID: 3429225515-4042161376
Opcode ID: dcc417a218691e34dadace363d8066e011207729225f42727b1cbd70fcc039a8
Instruction ID: 0589f725e9b7bcfe40d59fa0ad90f2cd2ccf7fadb0dec66a7266eece7c732aa5
Opcode Fuzzy Hash: dcc417a218691e34dadace363d8066e011207729225f42727b1cbd70fcc039a8
Instruction Fuzzy Hash: 68326F22B08A4286EB10AF75E8649E963B4FF84B84F558131DA5E43FADEF3CD549C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66EFE40 Relevance: 140.6, APIs: 69, Strings: 11, Instructions: 557
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FFDF6759290: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDF668328F), ref: 00007FFDF67592AA

??0QDaemonThread@@QEAA@PEAVQObject@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF66EBFE2), ref: 00007FFDF66EFE5F

Part of subcall function 00007FFDF66EE5B0: ??0QByteArray@@QEAA@UQByteArrayDataPtr@@@Z.QT5CORE(?,?,00000000,00007FFDF66EFE88,?,?,?,?,?,?,?,?,?,?,00007FFDF66EBFE2), ref: 00007FFDF66EE5E6

?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF66EBFE2), ref: 00007FFDF66EFE8F
??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF66EBFE2), ref: 00007FFDF66EFE9A
?mainThread@QCoreApplicationPrivate@@SAPEAVQThread@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF66EBFE2), ref: 00007FFDF66EFEA0
?moveToThread@QObject@@QEAAXPEAVQThread@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF66EBFE2), ref: 00007FFDF66EFEAD
?moveToThread@QObject@@QEAAXPEAVQThread@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF66EBFE2), ref: 00007FFDF66EFEBA
?start@QThread@@QEAAXW4Priority@1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF66EBFE2), ref: 00007FFDF66EFEC9
?lock@QMutex@@QEAAXXZ.QT5CORE ref: 00007FFDF66F0B45
?sender@QObject@@IEBAPEAV1@XZ.QT5CORE ref: 00007FFDF66F0B78
?cast@QMetaObject@@QEBAPEAVQObject@@PEAV2@@Z.QT5CORE ref: 00007FFDF66F0B88
?qEnvironmentVariableIntValue@@YAHPEBDPEA_N@Z.QT5CORE ref: 00007FFDF66F0BB8
?keyMap@QFactoryLoader@@QEBA?AV?$QMultiMap@HVQString@@@@XZ.QT5CORE ref: 00007FFDF66F0BD4
?QStringList_contains@QtPrivate@@YA_NPEBVQStringList@@AEBVQString@@W4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FFDF66F0C21
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66F0C52
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE ref: 00007FFDF66F0C70
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66F0C80
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66F0C98
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66F0CB7
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66F0CDC
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66F0CEC
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66F0D16
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66F0D67
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF66F0D75
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66F0D82
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66F0D9A
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66F0DB1
?append@QListData@@QEAAPEAPEAXXZ.QT5CORE ref: 00007FFDF66F0DBE
?indexOf@QFactoryLoader@@QEBAHAEBVQString@@@Z.QT5CORE ref: 00007FFDF66F0DD1
?instance@QFactoryLoader@@QEBAPEAVQObject@@H@Z.QT5CORE ref: 00007FFDF66F0DE1
?cast@QMetaObject@@QEBAPEAVQObject@@PEAV2@@Z.QT5CORE ref: 00007FFDF66F0DF1
??8QString@@QEBA_NVQLatin1String@@@Z.QT5CORE ref: 00007FFDF66F0E50
?moveToThread@QObject@@QEAAXPEAVQThread@@@Z.QT5CORE ref: 00007FFDF66F0E74
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66F0E9F
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66F0EA9
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66F0ED4
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66F0EDE
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66F0F09
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66F0F13
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66F0F3E
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66F0F48
?nextNode@QMapNodeBase@@QEBAPEBU1@XZ.QT5CORE ref: 00007FFDF66F0F56
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66F0FF7
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF66F1005
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66F103E
?freeTree@QMapDataBase@@QEAAXPEAUQMapNodeBase@@H@Z.QT5CORE ref: 00007FFDF66F106D
?freeData@QMapDataBase@@SAXPEAU1@@Z.QT5CORE ref: 00007FFDF66F1076
?sender@QObject@@IEBAPEAV1@XZ.QT5CORE ref: 00007FFDF66F1084
?cast@QMetaObject@@QEBAPEAVQObject@@PEAV2@@Z.QT5CORE ref: 00007FFDF66F1094
?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE ref: 00007FFDF66F1145
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66F114F
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66F115D
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66F116B
memcpy.VCRUNTIME140 ref: 00007FFDF66F1190
?unlock@QMutexLocker@@QEAAXXZ.QT5CORE ref: 00007FFDF66F1199
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66F11A4
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66F11B2
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66F11EF
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66F1208
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66F1221
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66F123A
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66F1253
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66F126C
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66F1285
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66F129E
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66F12B7
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66F12D0
?invokeMethod@QMetaObject@@SA_NPEAVQObject@@PEBDW4ConnectionType@Qt@@VQGenericArgument@@333333333@Z.QT5CORE ref: 00007FFDF66F1348
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF66F1383
?unlock@QMutexLocker@@QEAAXXZ.QT5CORE ref: 00007FFDF66F138D

Strings

2configurationChanged(QNetworkConfigurationPrivatePointer), xrefs: 00007FFDF66F0F30
1configurationAdded(QNetworkConfigurationPrivatePointer), xrefs: 00007FFDF66F0EAF
1configurationRemoved(QNetworkConfigurationPrivatePointer), xrefs: 00007FFDF66F0EE4
initialize, xrefs: 00007FFDF66F133E
QT_EXCLUDE_GENERIC_BEARER, xrefs: 00007FFDF66F0BA6
2configurationRemoved(QNetworkConfigurationPrivatePointer), xrefs: 00007FFDF66F0EFB
1updateConfigurations(), xrefs: 00007FFDF66F0E7A
2updateCompleted(), xrefs: 00007FFDF66F0E91
1configurationChanged(QNetworkConfigurationPrivatePointer), xrefs: 00007FFDF66F0F19
generic, xrefs: 00007FFDF66F0E23
2configurationAdded(QNetworkConfigurationPrivatePointer), xrefs: 00007FFDF66F0EC6

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Object@@$Data@@List$Meta$Generic$Argument@@Return$?begin@Connection@$ByteString@@$Array@@ConnectionQt@@@Type@$?connect@Base@@Thread@V0@@$?cast@?dispose@?end@?moveDataData@1@@FactoryLoader@@String@@@Thread@@Thread@@@V2@@$?free?sender@?unlock@Data@1@Locker@@Map@MutexNodePrivate@@String$?append@?detach@?detach_grow@?index?instance@?invoke?key?lock@?main?next?set?start@ApplicationArgument@@333333333@ArrayCaseCoreDaemonData@EnvironmentLatin1List@@List_contains@Method@MultiMutex@@Name@Node@ObjectObject@@@Priority@1@@Ptr@@@Qt@@Sensitivity@String@@@@Tree@U1@@Value@@Variablemallocmemcpy
String ID: 1configurationAdded(QNetworkConfigurationPrivatePointer)$1configurationChanged(QNetworkConfigurationPrivatePointer)$1configurationRemoved(QNetworkConfigurationPrivatePointer)$1updateConfigurations()$2configurationAdded(QNetworkConfigurationPrivatePointer)$2configurationChanged(QNetworkConfigurationPrivatePointer)$2configurationRemoved(QNetworkConfigurationPrivatePointer)$2updateCompleted()$QT_EXCLUDE_GENERIC_BEARER$generic$initialize
API String ID: 2893259685-3116662586
Opcode ID: e5b3ccdbb102bd0099cbdfc0bb5653ac2f42c5fd28705bc2e53c26da7d95626b
Instruction ID: 80ea41c98e2ff066a256d588d26772d902d477744d4c36bf0c90d97ec87ca3c4
Opcode Fuzzy Hash: e5b3ccdbb102bd0099cbdfc0bb5653ac2f42c5fd28705bc2e53c26da7d95626b
Instruction Fuzzy Hash: DD526232B08A8695EB108F25E8746B97368FF44B94F444171DA1E07EE8EF3CD986C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF629CDA0 Relevance: 122.8, APIs: 61, Strings: 9, Instructions: 337
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

?type@QWindow@@QEBA?AW4WindowType@Qt@@XZ.QT5GUI ref: 00007FFDF629CDC6
??0QPlatformWindow@@QEAA@PEAVQWindow@@@Z.QT5GUI ref: 00007FFDF629CDE6
GetDesktopWindow.USER32 ref: 00007FFDF629CDF6
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF629CE30
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF629CE3E
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF629CE4E
??6@YA?AVQDebug@@V0@PEBVQWindow@@@Z.QT5GUI ref: 00007FFDF629CE7C
??6QDebug@@QEAAAEAV0@P6AAEAVQTextStream@@AEAV1@@Z@Z.QT5CORE ref: 00007FFDF629CE8C
??6QDebug@@QEAAAEAV0@P6AAEAVQTextStream@@AEAV1@@Z@Z.QT5CORE ref: 00007FFDF629CE9C
??6QDebug@@QEAAAEAV0@_K@Z.QT5CORE ref: 00007FFDF629CEA8
??6QDebug@@QEAAAEAV0@P6AAEAVQTextStream@@AEAV1@@Z@Z.QT5CORE ref: 00007FFDF629CEB8
??6QDebug@@QEAAAEAV0@P6AAEAVQTextStream@@AEAV1@@Z@Z.QT5CORE ref: 00007FFDF629CEC8
??6@YA?AVQDebug@@V0@AEBVQRect@@@Z.QT5CORE ref: 00007FFDF629CEF8
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF629CF03
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF629CF0E
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF629CF19
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF629CE08

Part of subcall function 00007FFDF62A1690: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,00000000,00007FFDF62914BE), ref: 00007FFDF62A16EC
Part of subcall function 00007FFDF62A1690: _Init_thread_footer.LIBCMT ref: 00007FFDF62A1705

?flags@QWindow@@QEBA?AV?$QFlags@W4WindowType@Qt@@@@XZ.QT5GUI ref: 00007FFDF629CF5D
?geometry@QWindow@@QEBA?AVQRect@@XZ.QT5GUI ref: 00007FFDF629CF6F
?scaleAndOrigin@QHighDpiScaling@@SA?AUScaleAndOrigin@1@PEBVQWindow@@PEAVQPoint@@@Z.QT5GUI ref: 00007FFDF629CF82
?property@QObject@@QEBA?AVQVariant@@PEBD@Z.QT5CORE ref: 00007FFDF629CFBB
?userType@QVariant@@QEBAHXZ.QT5CORE ref: 00007FFDF629CFD7
?constData@QVariant@@QEBAPEBXXZ.QT5CORE ref: 00007FFDF629CFE6
?title@QWindow@@QEBA?AVQString@@XZ.QT5GUI ref: 00007FFDF629D023
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF629D07E
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF629D08B
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF629D099
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF629D0C4
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF629D0D2
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF629D0E9
??6QDebug@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FFDF629D0F4

Part of subcall function 00007FFDF6380E9C: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDF6291204), ref: 00007FFDF6380EB6

Strings

frame incl.=, xrefs: 00007FFDF629D151
QWindowsIntegration::createPlatformWindow, xrefs: 00007FFDF629D0D8
Desktop window:, xrefs: 00007FFDF629CE47
Requested: , xrefs: 00007FFDF629D11A
margins=, xrefs: 00007FFDF629D207
WindowType, xrefs: 00007FFDF629D175
_q_windowsCustomMargins, xrefs: 00007FFDF629CFA8
Obtained : , xrefs: 00007FFDF629D1D6
handle=, xrefs: 00007FFDF629D233

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$Window@@$Logger@@MessageStream@@TextV1@@$Category@@LoggingString@@Type@Variant@@Window$??6@?debug@DebugEnabled@H00@Window@@@$?const?flags@?geometry@?property@?scale?title@?type@?userData@DesktopFlags@HighInit_thread_footerObject@@Origin@Origin@1@PlatformPoint@@@Qt@@Qt@@@@Rect@@Rect@@@ScaleScaling@@V0@_malloc
String ID: Obtained : $ Requested: $ frame incl.=$ handle=$ margins=$Desktop window:$QWindowsIntegration::createPlatformWindow$WindowType$_q_windowsCustomMargins
API String ID: 3378367475-792223184
Opcode ID: 964648a10685d754689c75a22564bc0b0829a1da5981d5f4793b8a769884a764
Instruction ID: df9fe5f31c973befe8baee02f5b8822ab7d1ab27374c5c0202fb1f26fe2eede1
Opcode Fuzzy Hash: 964648a10685d754689c75a22564bc0b0829a1da5981d5f4793b8a769884a764
Instruction Fuzzy Hash: 94024E32B08B4686EB10AF64E8645E873B4FB94B95F458131DA5E43FA9EF3CD549C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF67083E0 Relevance: 98.5, APIs: 54, Strings: 2, Instructions: 524
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDF6708452
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF67084A4
GetAdaptersAddresses.IPHLPAPI ref: 00007FFDF67084C5
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDF67084D5
??0QSharedData@@QEAA@XZ.QT5CORE ref: 00007FFDF67085A1
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF67085BB
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF67085C5
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF67085CF
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF670860A
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE ref: 00007FFDF6708623
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF6708631
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF6708645
memcpy.VCRUNTIME140 ref: 00007FFDF670866A
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF670867D
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF670868B
memcpy.VCRUNTIME140 ref: 00007FFDF67086B9
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF67086D8
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF67086E3
?append@QListData@@QEAAPEAPEAXXZ.QT5CORE ref: 00007FFDF67086FF

Strings

, xrefs: 00007FFDF670874D
Got unknown socket family %d, xrefs: 00007FFDF67089AD

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Data@@$List$?begin@$String@@$?dispose@Data@1@@memcpy$?append@?detach_grow@?end@AdaptersAddressesData@1@Sharedfreemalloc
String ID: $Got unknown socket family %d
API String ID: 3909885361-1948063521
Opcode ID: cc49d97b066f84b7a56e5b31922028aa9d1808e669f827b588908a4d531b1ee0
Instruction ID: 46364dcdb1d734419aede4ed89829d702369eb8548f04e3f2a6cbd6420d5b81b
Opcode Fuzzy Hash: cc49d97b066f84b7a56e5b31922028aa9d1808e669f827b588908a4d531b1ee0
Instruction Fuzzy Hash: 10427032B19A8296EB509F25E870AB97368FB84B54F444235DA6E47EDCEF3CD845C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62A1C30 Relevance: 94.8, APIs: 44, Strings: 10, Instructions: 276
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32 ref: 00007FFDF62A1C88
?utf16@QString@@QEBAPEBGXZ.QT5CORE ref: 00007FFDF62A1C9F
GetClassInfoW.USER32 ref: 00007FFDF62A1CAF
?createUuid@QUuid@@SA?AV1@XZ.QT5CORE ref: 00007FFDF62A1CDF
?toString@QUuid@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FFDF62A1CED
?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FFDF62A1CF9
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62A1D04
?qHash@@YAIAEBVQString@@I@Z.QT5CORE ref: 00007FFDF62A1D21
LoadImageW.USER32 ref: 00007FFDF62A1D98
GetSystemMetrics.USER32 ref: 00007FFDF62A1DAB
GetSystemMetrics.USER32 ref: 00007FFDF62A1DB7
LoadImageW.USER32 ref: 00007FFDF62A1DD7
LoadImageW.USER32 ref: 00007FFDF62A1DFE
?utf16@QString@@QEBAPEBGXZ.QT5CORE ref: 00007FFDF62A1E19
RegisterClassExW.USER32 ref: 00007FFDF62A1E28
?toLocal8Bit@QString@@QEHAA?AVQByteArray@@XZ.QT5CORE ref: 00007FFDF62A1E3F
??BQByteArray@@QEBAPEBDXZ.QT5CORE ref: 00007FFDF62A1E48
?qErrnoWarning@@YAXPEBDZZ.QT5CORE ref: 00007FFDF62A1E58
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF62A1E63
?detach_helper@QHashData@@QEAAPEAU1@P6AXPEAUNode@1@PEAX@ZP6AX0@ZHH@Z.QT5CORE ref: 00007FFDF62A1E99
?free_helper@QHashData@@QEAAXP6AXPEAUNode@1@@Z@Z.QT5CORE ref: 00007FFDF62A1ECA
?qHash@@YAIAEBVQString@@I@Z.QT5CORE ref: 00007FFDF62A1EDE
?rehash@QHashData@@QEAAXH@Z.QT5CORE ref: 00007FFDF62A1F10
?allocateNode@QHashData@@QEAAPEAXH@Z.QT5CORE ref: 00007FFDF62A1F31
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF62A1F4B
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF62A1F63
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF62A1F8B
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF62A1F99
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62A1FB0
??6QDebug@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FFDF62A1FBB
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FFDF62A1FC7
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62A1FD7
??6QDebug@@QEAAAEAV0@P6AAEAVQTextStream@@AEAV1@@Z@Z.QT5CORE ref: 00007FFDF62A1FE7
??6QDebug@@QEAAAEAV0@K@Z.QT5CORE ref: 00007FFDF62A1FF4
??6QDebug@@QEAAAEAV0@P6AAEAVQTextStream@@AEAV1@@Z@Z.QT5CORE ref: 00007FFDF62A2004
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62A2014
??6QDebug@@QEAAAEAV0@PEBX@Z.QT5CORE ref: 00007FFDF62A2022
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62A2032
??6QDebug@@QEAAAEAV0@_N@Z.QT5CORE ref: 00007FFDF62A2040
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62A2050
??6QDebug@@QEAAAEAV0@G@Z.QT5CORE ref: 00007FFDF62A205D
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62A2068
??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62A2074
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62A207D

Strings

IDI_ICON1, xrefs: 00007FFDF62A1D8E, 00007FFDF62A1DCD
OpenGLDummyWindow, xrefs: 00007FFDF62A1C33
@, xrefs: 00007FFDF62A1D7A
atom=, xrefs: 00007FFDF62A2049
style=0x, xrefs: 00007FFDF62A1FD0
brush=, xrefs: 00007FFDF62A200D
QWindowsContext::registerWindowClass, xrefs: 00007FFDF62A1F9F
P, xrefs: 00007FFDF62A1D50
QApplication::regClass: Registering window class '%s' failed., xrefs: 00007FFDF62A1E51
icon=, xrefs: 00007FFDF62A202B

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$String@@$Array@@Byte$Data@@Hash$ImageLoadV1@@$?utf16@ClassHash@@Logger@@MessageMetricsStream@@SystemTextUuid@@V0@@$?allocate?append@?create?debug@?detach_helper@?free_helper@?rehash@A@$$Bit@Category@@DebugEnabled@ErrnoH00@HandleInfoLocal8LoggingModuleNode@Node@1@Node@1@@RegisterString@String@@@Uuid@V0@_Warning@@
String ID: atom=$ brush=$ icon=$ style=0x$@$IDI_ICON1$OpenGLDummyWindow$P$QApplication::regClass: Registering window class '%s' failed.$QWindowsContext::registerWindowClass
API String ID: 2943025083-357600035
Opcode ID: 6b22b87744d534e83682f18f5c680bb724feed060eb5963be1a8358b573c1f65
Instruction ID: 7b74749601eedd34955a35f10a4792621d84839cf79b604781234c10e3d88179
Opcode Fuzzy Hash: 6b22b87744d534e83682f18f5c680bb724feed060eb5963be1a8358b573c1f65
Instruction Fuzzy Hash: 31D18F36B08B4287EB10AF61E8649A977E9FB84B94F458135DA6E47FA8DF3CD444C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6291780 Relevance: 93.1, APIs: 52, Strings: 1, Instructions: 364
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

??0QPlatformWindow@@QEAA@PEAVQWindow@@@Z.QT5GUI ref: 00007FFDF629179D

Part of subcall function 00007FFDF6380E9C: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDF6291204), ref: 00007FFDF6380EB6

?requestedFormat@QWindow@@QEBA?AVQSurfaceFormat@@XZ.QT5GUI ref: 00007FFDF6291849

Part of subcall function 00007FFDF629EE80: ?rehash@QHashData@@QEAAXH@Z.QT5CORE ref: 00007FFDF629EF17
Part of subcall function 00007FFDF629EE80: ?allocateNode@QHashData@@QEAAPEAXH@Z.QT5CORE ref: 00007FFDF629EF63

?type@QWindow@@QEBA?AW4WindowType@Qt@@XZ.QT5GUI ref: 00007FFDF6291882
?openGLModuleType@QOpenGLContext@@SA?AW4OpenGLModuleType@1@XZ.QT5GUI ref: 00007FFDF62918BC
?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF62918EA
?isTopLevel@QWindow@@QEBA_NXZ.QT5GUI ref: 00007FFDF62918F3
?qt_window_private@@YAPEAVQWindowPrivate@@PEAVQWindow@@@Z.QT5GUI ref: 00007FFDF6291912
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF6291970
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF6291994
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF62919A1
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62919B1
??6QDebug@@QEAAAEAV0@N@Z.QT5CORE ref: 00007FFDF62919BD
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62919C7
?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF6291A23
?hasAlpha@QSurfaceFormat@@QEBA_NXZ.QT5GUI ref: 00007FFDF6291A44
??1QSurfaceFormat@@QEAA@XZ.QT5GUI ref: 00007FFDF6291A68
?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF6291A71
?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF6291A7D
?mask@QWindow@@QEBA?AVQRegion@@XZ.QT5GUI ref: 00007FFDF6291A8A
?scaleAndOrigin@QHighDpiScaling@@SA?AUScaleAndOrigin@1@PEBVQWindow@@PEAVQPoint@@@Z.QT5GUI ref: 00007FFDF6291AA1
?isEmpty@QRegion@@QEBA_NXZ.QT5GUI ref: 00007FFDF6291ABD
SetWindowRgn.USER32 ref: 00007FFDF6291AE4
?begin@QRegion@@QEBAPEBVQRect@@XZ.QT5GUI ref: 00007FFDF6291AFB
?end@QRegion@@QEBAPEBVQRect@@XZ.QT5GUI ref: 00007FFDF6291B08
CreateRectRgn.GDI32 ref: 00007FFDF6291B31
CreateRectRgn.GDI32 ref: 00007FFDF6291B63
CreateRectRgn.GDI32 ref: 00007FFDF6291B7B
CombineRgn.GDI32 ref: 00007FFDF6291B93
DeleteObject.GDI32 ref: 00007FFDF6291BA0
DeleteObject.GDI32 ref: 00007FFDF6291BAC
?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF6291BC9
?isTopLevel@QWindow@@QEBA_NXZ.QT5GUI ref: 00007FFDF6291BD2
OffsetRgn.GDI32 ref: 00007FFDF6291BFE
SetWindowRgn.USER32 ref: 00007FFDF6291C11
DeleteObject.GDI32 ref: 00007FFDF6291C1E
??1QRegion@@QEAA@XZ.QT5GUI ref: 00007FFDF6291C28
??1QRegion@@QEAA@XZ.QT5GUI ref: 00007FFDF6291C32
?isTopLevel@QWindow@@QEBA_NXZ.QT5GUI ref: 00007FFDF6291C3B
?icon@QWindow@@QEBA?AVQIcon@@XZ.QT5GUI ref: 00007FFDF6291C50
DestroyIcon.USER32 ref: 00007FFDF6291C70
DestroyIcon.USER32 ref: 00007FFDF6291C89
GetSystemMetrics.USER32 ref: 00007FFDF6291C9B
GetSystemMetrics.USER32 ref: 00007FFDF6291CA8
GetSystemMetrics.USER32 ref: 00007FFDF6291CC7
GetSystemMetrics.USER32 ref: 00007FFDF6291CD4
SendMessageW.USER32 ref: 00007FFDF6291D06
SendMessageW.USER32 ref: 00007FFDF6291D15
SendMessageW.USER32 ref: 00007FFDF6291D30
??1QIcon@@QEAA@XZ.QT5GUI ref: 00007FFDF6291D3A
?property@QObject@@QEBA?AVQVariant@@PEBD@Z.QT5CORE ref: 00007FFDF6291D4E
?toBool@QVariant@@QEBA_NXZ.QT5CORE ref: 00007FFDF6291D57
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF6291D64

Strings

QWindowsWindow::setOpacity, xrefs: 00007FFDF62919AA

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Window@@$PlatformRegion@@$?window@Message$Debug@@MetricsSystemWindow$CreateDeleteFormat@@Level@ObjectRectSendSurfaceVariant@@$Data@@DestroyHashIconIcon@@Logger@@ModuleOpenRect@@Type@Window@@@$?allocate?begin@?debug@?end@?has?icon@?mask@?open?property@?qt_window_private@@?rehash@?requested?scale?type@Alpha@Bool@Category@@CombineContext@@DebugEmpty@Enabled@Format@H00@HighLoggingNode@Object@@OffsetOrigin@Origin@1@Point@@@Private@@Qt@@ScaleScaling@@Type@1@malloc
String ID: QWindowsWindow::setOpacity
API String ID: 4068540682-54840919
Opcode ID: 81f333a01f4e35ee07e395bb86e53616022adff81194c8bb01ebf6e504be85b6
Instruction ID: 616c5d3a0e25e4d01458b20ab746c160189813871ba757d3cf159801addeeb6a
Opcode Fuzzy Hash: 81f333a01f4e35ee07e395bb86e53616022adff81194c8bb01ebf6e504be85b6
Instruction Fuzzy Hash: E2027222B04B4183EB559F72E464AA973A8FF95B84F448235DE6E53B99DF3CE049D300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62A42A0 Relevance: 75.5, APIs: 35, Strings: 8, Instructions: 275
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF62A4367
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF62A4390
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF62A43B8
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF62A43C5
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62A43EA
??6QDebug@@QEAAAEAV0@PEBX@Z.QT5CORE ref: 00007FFDF62A43F6
??6QDebug@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FFDF62A4401
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62A440D
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62A441D
??6QDebug@@QEAAAEAV0@P6AAEAVQTextStream@@AEAV1@@Z@Z.QT5CORE ref: 00007FFDF62A442D
??6QDebug@@QEAAAEAV0@K@Z.QT5CORE ref: 00007FFDF62A4438
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62A4448
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE ref: 00007FFDF62A4455
??6QDebug@@QEAAAEAV0@P6AAEAVQTextStream@@AEAV1@@Z@Z.QT5CORE ref: 00007FFDF62A4465
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62A4475
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE ref: 00007FFDF62A4481
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62A4491
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE ref: 00007FFDF62A449C
??6QDebug@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FFDF62A44A7
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE ref: 00007FFDF62A44B2
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62A44C2
??6QDebug@@QEAAAEAV0@_N@Z.QT5CORE ref: 00007FFDF62A44D3
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62A44DD
DefWindowProcW.USER32 ref: 00007FFDF62A44F2
GetWindowLongPtrW.USER32 ref: 00007FFDF62A452F
GetWindowPlacement.USER32 ref: 00007FFDF62A4551
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF62A45C7
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF62A45EF
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF62A45FD
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62A460D
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62A461D
??6QDebug@@QEAAAEAV0@PEBX@Z.QT5CORE ref: 00007FFDF62A4629
??6@YA?AVQDebug@@V0@AEBVQMargins@@@Z.QT5CORE ref: 00007FFDF62A4648
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62A4652
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62A465D

Part of subcall function 00007FFDF6298970: ?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF62989A9
Part of subcall function 00007FFDF6298970: ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF62989D2
Part of subcall function 00007FFDF6298970: ?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF62989E0
Part of subcall function 00007FFDF6298970: ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62989F0
Part of subcall function 00007FFDF6298970: ?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF6298A07
Part of subcall function 00007FFDF6298970: ??6@YA?AVQDebug@@V0@PEBVQWindow@@@Z.QT5GUI ref: 00007FFDF6298A1D
Part of subcall function 00007FFDF6298970: ??6@YA?AVQDebug@@V0@AEBVQMargins@@@Z.QT5CORE ref: 00007FFDF6298A32
Part of subcall function 00007FFDF6298970: ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF6298A42
Part of subcall function 00007FFDF6298970: ??6@YA?AVQDebug@@V0@AEBVQMargins@@@Z.QT5CORE ref: 00007FFDF6298A69
Part of subcall function 00007FFDF6298970: ??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF6298A77
Part of subcall function 00007FFDF6298970: ??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF6298A85
Part of subcall function 00007FFDF6298970: ??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF6298A90

Strings

WM_NCCALCSIZE for, xrefs: 00007FFDF62A4616
at , xrefs: 00007FFDF62A448A
msg=0x, xrefs: 00007FFDF62A4416
qWindowsWndProc, xrefs: 00007FFDF62A4606
et=0x, xrefs: 00007FFDF62A4441
wp=, xrefs: 00007FFDF62A446E
EVENT: hwd=, xrefs: 00007FFDF62A43CB
handled=, xrefs: 00007FFDF62A44BB

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$Logger@@Message$??6@Category@@DebugEnabled@Logging$?debug@H00@Margins@@@Window$Stream@@TextV1@@Window@@$?window@LongPlacementPlatformProcV0@_Window@@@
String ID: at $ et=0x$ handled=$ msg=0x$ wp=$EVENT: hwd=$WM_NCCALCSIZE for$qWindowsWndProc
API String ID: 896697855-1425763513
Opcode ID: d023754dda9504ddcd42045a43c29bf6450e83424029cf40505417cf15b57675
Instruction ID: 45b4cd209c731e805f63c9d0446e40e9d23488b7209ce90d0a5b54dda6b80f45
Opcode Fuzzy Hash: d023754dda9504ddcd42045a43c29bf6450e83424029cf40505417cf15b57675
Instruction Fuzzy Hash: 34C19122B08B4283EB14AB65E8649B963A8FF84B94F098135DD5D47FADEF7CE444C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF60D03A580 Relevance: 68.4, APIs: 36, Strings: 3, Instructions: 173
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60D03B939
?locate@QStandardPaths@@SA?AVQString@@W4StandardLocation@1@AEBV2@V?$QFlags@W4LocateOption@QStandardPaths@@@@@Z.QT5CORE ref: 00007FF60D03B952
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D03B95D
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FF60D03B96F
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FF60D03B97C
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FF60D03B98A
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FF60D03B995
??0QFile@@QEAA@AEBVQString@@@Z.QT5CORE ref: 00007FF60D03B9AD
?open@QFile@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z.QT5CORE ref: 00007FF60D03B9BD
?readAll@QIODevice@@QEAA?AVQByteArray@@XZ.QT5CORE ref: 00007FF60D03B9CB
??0QString@@QEAA@AEBVQByteArray@@@Z.QT5CORE ref: 00007FF60D03B9DA
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FF60D03B9E5
??1QFile@@UEAA@XZ.QT5CORE ref: 00007FF60D03B9F0
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60D03BA01
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D03BA0F
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60D03BA28
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60D03BA5F
?locate@QStandardPaths@@SA?AVQString@@W4StandardLocation@1@AEBV2@V?$QFlags@W4LocateOption@QStandardPaths@@@@@Z.QT5CORE ref: 00007FF60D03BA78
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D03BA83
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FF60D03BA95
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FF60D03BAA2
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60D03BAB3
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FF60D03BAC0
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FF60D03BACB
??0QFile@@QEAA@AEBVQString@@@Z.QT5CORE ref: 00007FF60D03BAE3
?open@QFile@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z.QT5CORE ref: 00007FF60D03BAF3
?readAll@QIODevice@@QEAA?AVQByteArray@@XZ.QT5CORE ref: 00007FF60D03BB01
??0QString@@QEAA@AEBVQByteArray@@@Z.QT5CORE ref: 00007FF60D03BB10
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FF60D03BB1B
??1QFile@@UEAA@XZ.QT5CORE ref: 00007FF60D03BB26
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60D03BB37
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D03BB45
??4QByteArray@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FF60D03BB53
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D03BB5D
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60D03BB8D

Part of subcall function 00007FF60D03B630: ??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000008,?), ref: 00007FF60D03B65C
Part of subcall function 00007FF60D03B630: ?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000008,?), ref: 00007FF60D03B669
Part of subcall function 00007FF60D03B630: ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000008,?), ref: 00007FF60D03B67A
Part of subcall function 00007FF60D03B630: ??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000008,?), ref: 00007FF60D03B686
Part of subcall function 00007FF60D03B630: ??1QDebug@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000008,?), ref: 00007FF60D03B691
Part of subcall function 00007FF60D03B630: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000008,?), ref: 00007FF60D03B6B9
Part of subcall function 00007FF60D03B630: ?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000008,?), ref: 00007FF60D03B6E4
Part of subcall function 00007FF60D03B630: ?split@QString@@QEBA?AVQStringList@@AEBV1@W4SplitBehavior@1@W4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FF60D03B704
Part of subcall function 00007FF60D03B630: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D03B70F
Part of subcall function 00007FF60D03B630: ?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60D03B744
Part of subcall function 00007FF60D03B630: ?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60D03B75A
Part of subcall function 00007FF60D03B630: ?fromString@QDate@@SA?AV1@AEBVQString@@0@Z.QT5CORE ref: 00007FF60D03B770
Part of subcall function 00007FF60D03B630: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D03B786
Part of subcall function 00007FF60D03B630: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D03B7F4

??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D03BBA8

Strings

trial fname, xrefs: 00007FF60D03BAA9
trial/key.crt, xrefs: 00007FF60D03BA58
pro/key.crt, xrefs: 00007FF60D03B932

Memory Dump Source

Source File: 0000000F.00000002.3088052427.00007FF60CFC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF60CFC0000, based on PE: true

Associated: 0000000F.00000002.3088035517.00007FF60CFC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088110305.00007FF60D086000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088157309.00007FF60D101000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088175807.00007FF60D104000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088193777.00007FF60D108000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088211068.00007FF60D10B000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff60cfc0000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Debug@@$Byte$?fromArray@@$ArrayAscii_helper@Data@Typed$File@@Logger@@MessageStandard$String@@@$Flags@V0@@$?debug@$?locate@?open@?readAll@Array@@@Device@@Device@@@@@Flag@LocateLocation@1@ModeOpenOption@Paths@@Paths@@@@@$?split@Behavior@1@CaseDate@@List@@Qt@@@Sensitivity@SplitStringString@String@@0@V0@$$
String ID: pro/key.crt$trial fname$trial/key.crt
API String ID: 1298016467-1044991157
Opcode ID: ba78630fabff5619e3917c4de20d7081482441342b2ace8bc664fe7725655c30
Instruction ID: fa198768aee11da18afae5f3e06484f07d91639f423f6cf4548328a5c4a02478
Opcode Fuzzy Hash: ba78630fabff5619e3917c4de20d7081482441342b2ace8bc664fe7725655c30
Instruction Fuzzy Hash: 04812D32B08A42DAEB00DF64E8546EC3371FB95749FA05132CA4F96AA8EF7CD509C744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF60CFC1A40 Relevance: 54.5, APIs: 25, Strings: 6, Instructions: 202windowcommemoryCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF60CFC1A86
printf.MSPDB140-MSVCRT ref: 00007FF60CFC1AD6

Part of subcall function 00007FF60CFC1DB0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF60CFC1DD8
Part of subcall function 00007FF60CFC1DB0: __stdio_common_vfwprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF60CFC1DF7

??0QApplication@@QEAA@AEAHPEAPEADH@Z.QT5WIDGETS ref: 00007FF60CFC1AF5
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFC1B08
?instance@QCoreApplication@@SAPEAV1@XZ.QT5CORE ref: 00007FF60CFC1B13
?setStyleSheet@QApplication@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60CFC1B21
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFC1B2D
?number@QByteArray@@SA?AV1@HH@Z.QT5CORE ref: 00007FF60CFC1B41
?qputenv@@YA_NPEBDAEBVQByteArray@@@Z.QT5CORE ref: 00007FF60CFC1B52
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FF60CFC1B5E
CoCreateInstance.OLE32 ref: 00007FF60CFC1B94
SysAllocString.OLEAUT32 ref: 00007FF60CFC1BD4
SysFreeString.OLEAUT32 ref: 00007FF60CFC1BF4
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FF60CFC1D02
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FF60CFC1D10
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60CFC1D27
??6QDebug@@QEAAAEAV0@_N@Z.QT5CORE ref: 00007FF60CFC1D33
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FF60CFC1D3F
av_log_set_level.AVUTIL-56 ref: 00007FF60CFC1D4A
?show@QWidget@@QEAAXXZ.QT5WIDGETS ref: 00007FF60CFC1D5F
?exec@QApplication@@SAHXZ.QT5WIDGETS ref: 00007FF60CFC1D65
#9.CRASHRPT1403 ref: 00007FF60CFC1D6D

Strings

ver 2.4.3 (build 134), xrefs: 00007FF60CFC1A9A
MFORMAT INIT:, xrefs: 00007FF60CFC1D1D
MainWindow { background-color: #050F15; }QWidget{color: black;}QDialog {background-color: #050F15; border:4px solid lightgray;}QDialog#TUrlChoiseDlg > QPushButton {color:white;font-size:25px;background-color:#0E2B47;}QStatusBar {background-color:transparent; c, xrefs: 00007FF60CFC1B01
QT_BEARER_POLL_TIMEOUT, xrefs: 00007FF60CFC1B4B
%s, xrefs: 00007FF60CFC1ACF
SRTMiniServer, xrefs: 00007FF60CFC1A8F

Memory Dump Source

Source File: 0000000F.00000002.3088052427.00007FF60CFC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF60CFC0000, based on PE: true

Associated: 0000000F.00000002.3088035517.00007FF60CFC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088110305.00007FF60D086000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088157309.00007FF60D101000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088175807.00007FF60D104000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088193777.00007FF60D108000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088211068.00007FF60D10B000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff60cfc0000_SRTMiniServer.jbxd

Similarity

API ID: Application@@Debug@@$Byte$Array@@Logger@@MessageStringString@@$?debug@?exec@?from?instance@?number@?qputenv@@?set?show@AllocArrayArray@@@Ascii_helper@CoreCreateData@FreeInstanceSheet@String@@@StyleTypedV0@_Widget@@__acrt_iob_func__stdio_common_vfwprintfav_log_set_levelmemsetprintf
String ID: %s$MFORMAT INIT:$MainWindow { background-color: #050F15; }QWidget{color: black;}QDialog {background-color: #050F15; border:4px solid lightgray;}QDialog#TUrlChoiseDlg > QPushButton {color:white;font-size:25px;background-color:#0E2B47;}QStatusBar {background-color:transparent; c$QT_BEARER_POLL_TIMEOUT$SRTMiniServer$ver 2.4.3 (build 134)
API String ID: 366498195-1543199677
Opcode ID: 1b5c110c632d938aebfde15e49f5e3e2893661a19dd2817ca364be622e3fc186
Instruction ID: a331ef8af64f106ba6a262bcde05783db3c2e264768b21bbf27e0b80e3e9d01a
Opcode Fuzzy Hash: 1b5c110c632d938aebfde15e49f5e3e2893661a19dd2817ca364be622e3fc186
Instruction Fuzzy Hash: 79916F32B28A42D6EB10DF25E8945A97361FF84784F645232EA4F877A5EF7CD508CB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62A5870 Relevance: 42.2, APIs: 21, Strings: 3, Instructions: 207COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FFDF62A589E
GetMonitorInfoW.USER32 ref: 00007FFDF62A58B1
?fromWCharArray@QString@@SA?AV1@PEB_WH@Z.QT5CORE ref: 00007FFDF62A592F
??4QUrl@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62A593C
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62A5947
??8QString@@QEBA_NVQLatin1String@@@Z.QT5CORE ref: 00007FFDF62A5978
CreateDCW.GDI32 ref: 00007FFDF62A5997
GetDeviceCaps.GDI32 ref: 00007FFDF62A5A66
GetDeviceCaps.GDI32 ref: 00007FFDF62A5A86
GetDeviceCaps.GDI32 ref: 00007FFDF62A5A9C
GetDeviceCaps.GDI32 ref: 00007FFDF62A5ABC
DeleteDC.GDI32 ref: 00007FFDF62A5ADF

Strings

monitorData, xrefs: 00007FFDF62A5B2A
%s: Unable to obtain handle for monitor '%s', defaulting to %g DPI., xrefs: 00007FFDF62A5B3D
WinDisc, xrefs: 00007FFDF62A594D

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: CapsDevice$String@@$?fromArray@CharCreateDeleteInfoLatin1MonitorString@@@Url@@V0@$$V0@@memset
String ID: %s: Unable to obtain handle for monitor '%s', defaulting to %g DPI.$WinDisc$monitorData
API String ID: 397620118-524077370
Opcode ID: 7e44acf968412ca75c51a4ec35e63b874baaf26f506d7e51b00dd75cfb328c8f
Instruction ID: 46235227857f6d78290c10c4f7ebce086cd81ffca4befc1380df29ee8cfe329c
Opcode Fuzzy Hash: 7e44acf968412ca75c51a4ec35e63b874baaf26f506d7e51b00dd75cfb328c8f
Instruction Fuzzy Hash: 61A19033B28A419BE710DF74D450AAE73A5FB89744F049235EA1E67E98EF38E095C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6302230 Relevance: 42.2, APIs: 21, Strings: 3, Instructions: 173COMMON

Download Yara Rule

APIs

SelectObject.GDI32 ref: 00007FFDF630225D
GetFontData.GDI32 ref: 00007FFDF6302279
SelectObject.GDI32 ref: 00007FFDF63022B7
GetFontData.GDI32 ref: 00007FFDF63022D3
SelectObject.GDI32 ref: 00007FFDF630230F
?getSfntTable@QFontEngine@@QEBA?AVQByteArray@@I@Z.QT5GUI ref: 00007FFDF6302337
??4QUrl@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF6302347
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6302352
?length@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF630235F
??BQByteArray@@QEBAPEBDXZ.QT5CORE ref: 00007FFDF630236E
?getCMap@QFontEngine@@SAPEBEPEBEIPEA_NPEAH@Z.QT5GUI ref: 00007FFDF6302385
GetOutlineTextMetricsW.GDI32 ref: 00007FFDF63023E0
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDF63023EA
GetOutlineTextMetricsW.GDI32 ref: 00007FFDF63023FB
?loadKerningPairs@QFontEngine@@QEAAXUQFixed@@@Z.QT5GUI ref: 00007FFDF6302482
?fromWCharArray@QString@@SA?AV1@PEB_WH@Z.QT5CORE ref: 00007FFDF630249B
?encodeName@QFile@@SA?AVQByteArray@@AEBVQString@@@Z.QT5CORE ref: 00007FFDF63024AB
??4QUrl@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF63024BB
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF63024C6
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF63024D1
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDF63024F1

Strings

CFF , xrefs: 00007FFDF63022CB
cmap, xrefs: 00007FFDF6302271
pamc, xrefs: 00007FFDF6302324

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Array@@ByteFont$Engine@@ObjectSelectString@@$?getDataMetricsOutlineTextUrl@@V0@$$V0@@$?encode?from?length@?loadArray@CharFile@@Fixed@@@KerningMap@Name@Pairs@SfntString@@@Table@freemalloc
String ID: CFF $cmap$pamc
API String ID: 61011042-4095685674
Opcode ID: 3e2c11ca7ec68a11a0123252ce4ad2f5d3b197de2130e3c1e28521f9ef807c29
Instruction ID: 72ade847ebf5817300a34763c90bfff24610506bf840a59591c4940b48d57c3d
Opcode Fuzzy Hash: 3e2c11ca7ec68a11a0123252ce4ad2f5d3b197de2130e3c1e28521f9ef807c29
Instruction Fuzzy Hash: 29819E727046828BEB609F75E8607E937A4FB49798F088135DA2A47F98DF38D549C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62D34F0 Relevance: 37.7, APIs: 25, Instructions: 201COMMON

Download Yara Rule

APIs

??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF62D3531
??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF62D353C
??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF62D3547

Part of subcall function 00007FFDF62D29F0: ??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF62D2A35
Part of subcall function 00007FFDF62D29F0: ??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF62D2A44
Part of subcall function 00007FFDF62D29F0: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62D2A5A
Part of subcall function 00007FFDF62D29F0: ?utf16@QString@@QEBAPEBGXZ.QT5CORE ref: 00007FFDF62D2A6C
Part of subcall function 00007FFDF62D29F0: ?load@QSystemLibrary@@SAPEAUHINSTANCE__@@PEB_W_N@Z.QT5CORE ref: 00007FFDF62D2A77
Part of subcall function 00007FFDF62D29F0: GetProcAddress.KERNEL32 ref: 00007FFDF62D2A93

??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62D3597
??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62D35A6
??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62D35B5
??4QUrl@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62D3640
??4QUrl@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62D364F
??4QUrl@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62D365E
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62D3668
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF62D3672
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF62D367C
??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62D37C6
??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62D37D5
??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62D37E4
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62D37FF
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62D380A
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF62D3815
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF62D3820

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Array@@ByteV0@@$A@$$String@@$??0?$F@@@@PointVector@$Url@@V0@$$$?load@?utf16@AddressE__@@Library@@ProcSystem
String ID:
API String ID: 1125703135-0
Opcode ID: b5eef81233551aea58a322298a061804c84d4b1586667fd165478ad58a08ca5b
Instruction ID: 2d642d1c38190002c503b5d60ae17d94d1ec4fc4ab333328d8504d32b72173ca
Opcode Fuzzy Hash: b5eef81233551aea58a322298a061804c84d4b1586667fd165478ad58a08ca5b
Instruction Fuzzy Hash: B9A14372709A4297EB60DF64E490AADB7B4FB84744F444031D69E87E98DF3CE549CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62E1200 Relevance: 35.1, APIs: 14, Strings: 6, Instructions: 82windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF629FCE0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF629FD0D
Part of subcall function 00007FFDF629FCE0: GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFDF62D7447), ref: 00007FFDF629FD3B
Part of subcall function 00007FFDF629FCE0: ?utf16@QString@@QEBAPEBGXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFDF62D7447), ref: 00007FFDF629FD4C
Part of subcall function 00007FFDF629FCE0: CreateWindowExW.USER32 ref: 00007FFDF629FD9A
Part of subcall function 00007FFDF629FCE0: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF629FDAB

??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62E1254
?qErrnoWarning@@YAXPEBDZZ.QT5CORE ref: 00007FFDF62E1289
SetClipboardViewer.USER32 ref: 00007FFDF62E1299
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF62E12AB
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF62E12D4
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF62E12E2
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62E12F2
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62E1302
??6QDebug@@QEAAAEAV0@PEBX@Z.QT5CORE ref: 00007FFDF62E130F
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62E131F
??6QDebug@@QEAAAEAV0@_N@Z.QT5CORE ref: 00007FFDF62E132C
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62E133C
??6QDebug@@QEAAAEAV0@PEBX@Z.QT5CORE ref: 00007FFDF62E1349
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62E1354

Strings

next:, xrefs: 00007FFDF62E1335
QWindowsClipboard::registerViewer, xrefs: 00007FFDF62E12EB
AddClipboardFormatListener() failed., xrefs: 00007FFDF62E1282
Qt5ClipboardView, xrefs: 00007FFDF62E123F
m_clipboardViewer:, xrefs: 00007FFDF62E12FB
format listener:, xrefs: 00007FFDF62E1318

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$String@@$Logger@@Message$?debug@?utf16@Array@@ByteCategory@@ClipboardCreateDebugEnabled@ErrnoH00@HandleLoggingModuleV0@@V0@_ViewerWarning@@Window
String ID: AddClipboardFormatListener() failed.$QWindowsClipboard::registerViewer$Qt5ClipboardView$format listener:$m_clipboardViewer:$next:
API String ID: 1810827003-2802464883
Opcode ID: d4e667823de9cd76428318bd894f7bc6723a2048596805bc849acf351ec3777a
Instruction ID: 033c8a62d49e189a385b60afde18bc2cb24bc1d3d2e443eeef79f9939266567f
Opcode Fuzzy Hash: d4e667823de9cd76428318bd894f7bc6723a2048596805bc849acf351ec3777a
Instruction Fuzzy Hash: 56414226B08B4293EB00EB61F8649A933A5FF95B90F484135D96D83EA9EF3CE554C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66F00A0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

?lock@QMutex@@QEAAXXZ.QT5CORE ref: 00007FFDF66F00C4
?isEmpty@QListData@@QEBA_NXZ.QT5CORE ref: 00007FFDF66F00D6
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66F010E
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66F011B

Part of subcall function 00007FFDF66EFB60: ?detach_helper@QHashData@@QEAAPEAU1@P6AXPEAUNode@1@PEAX@ZP6AX0@ZHH@Z.QT5CORE ref: 00007FFDF66EFB98
Part of subcall function 00007FFDF66EFB60: ?free_helper@QHashData@@QEAAXP6AXPEAUNode@1@@Z@Z.QT5CORE ref: 00007FFDF66EFBC9

?willGrow@QHashData@@QEAA_NXZ.QT5CORE ref: 00007FFDF66F01C3
?allocateNode@QHashData@@QEAAPEAXH@Z.QT5CORE ref: 00007FFDF66F0213
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66F0238
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66F024F
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66F0266
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66F027C
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66F0292
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66F02A8
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66F02BE
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66F02D4
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66F02ED
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66F0306
?invokeMethod@QMetaObject@@SA_NPEAVQObject@@PEBDVQGenericArgument@@222222222@Z.QT5CORE ref: 00007FFDF66F036F
?unlock@QMutexLocker@@QEAAXXZ.QT5CORE ref: 00007FFDF66F03B4

Strings

requestUpdate, xrefs: 00007FFDF66F0317

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Generic$Argument@@Return$Data@@$Hash$List$Object@@$?allocate?begin@?detach_helper@?end@?free_helper@?invoke?lock@?unlock@?willArgument@@222222222@Empty@Grow@Locker@@MetaMethod@MutexMutex@@Node@Node@1@Node@1@@
String ID: requestUpdate
API String ID: 823351508-1218863351
Opcode ID: 7dfa295c943cfd66bf4f77ce242626c179ff09aaf2f6eb05172888d827db6574
Instruction ID: ce5bece1fafde38e8931eb5e17283ea7b4b9b998cfc074f8c482a6bf09f4459e
Opcode Fuzzy Hash: 7dfa295c943cfd66bf4f77ce242626c179ff09aaf2f6eb05172888d827db6574
Instruction Fuzzy Hash: C6A19C32B08A95C5E711DF29D864AE973A5FF88B48F858122DA5E13F68EF38D585C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6296480 Relevance: 27.1, APIs: 18, Instructions: 136windowCOMMON

Download Yara Rule

APIs

?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF62964AE
?isVisible@QWindow@@QEBA_NXZ.QT5GUI ref: 00007FFDF62964B7
GetWindowLongW.USER32 ref: 00007FFDF62964C9
GetUpdateRect.USER32 ref: 00007FFDF62964E7
?openGLModuleType@QOpenGLContext@@SA?AW4OpenGLModuleType@1@XZ.QT5GUI ref: 00007FFDF629650D
DwmIsCompositionEnabled.DWMAPI ref: 00007FFDF629651E
InvalidateRect.USER32 ref: 00007FFDF6296536
BeginPaint.USER32 ref: 00007FFDF6296543
DwmIsCompositionEnabled.DWMAPI ref: 00007FFDF6296550
SelectClipRgn.GDI32 ref: 00007FFDF629657A
??0QRect@@QEAA@AEBVQPoint@@AEBVQSize@@@Z.QT5CORE ref: 00007FFDF62965A8
??0QRegion@@QEAA@AEBVQRect@@W4RegionType@0@@Z.QT5GUI ref: 00007FFDF62965B9
?isEmpty@QRegion@@QEBA_NXZ.QT5GUI ref: 00007FFDF62965C5
?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF62965D5
??$handleExposeEvent@UDefaultDelivery@QWindowSystemInterface@@@QWindowSystemInterface@@SAXPEAVQWindow@@AEBVQRegion@@@Z.QT5GUI ref: 00007FFDF62965E1
??1QRegion@@QEAA@XZ.QT5GUI ref: 00007FFDF62965EA
?flushWindowSystemEvents@QWindowSystemInterface@@SA_NV?$QFlags@W4ProcessEventsFlag@QEventLoop@@@@@Z.QT5GUI ref: 00007FFDF6296635
EndPaint.USER32 ref: 00007FFDF6296642

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Window@@$Window$System$Region@@$?window@CompositionEnabledInterface@@ModuleOpenPaintPlatformRectRect@@$??$handle?flush?openBeginClipContext@@DefaultDelivery@Empty@EventEvent@EventsEvents@ExposeFlag@Flags@Interface@@@InvalidateLongLoop@@@@@Point@@ProcessRegionRegion@@@SelectSize@@@Type@Type@0@@Type@1@UpdateVisible@
String ID:
API String ID: 2946135873-0
Opcode ID: 41dec08c3f831ded019d59447002dd1a65b5fba96cf1ca645f40dae1b9e7df21
Instruction ID: d46a6cf2d15b770a19ed0290194639fa6fa1ff917927e64958d47c5bab4aa0f6
Opcode Fuzzy Hash: 41dec08c3f831ded019d59447002dd1a65b5fba96cf1ca645f40dae1b9e7df21
Instruction Fuzzy Hash: 28514A32B086128BFB14DFB5D464AAC33E5BB85748F444135CA1E87E9DDE2CE40ADB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF629E400 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 133windowcomCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF62A6DA0: ??0QLocale@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFDF629E446), ref: 00007FFDF62A6DB9
Part of subcall function 00007FFDF62A6DA0: memset.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000,00007FFDF629E446), ref: 00007FFDF62A6DDC
Part of subcall function 00007FFDF62A6DA0: ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFDF629E446), ref: 00007FFDF62A6E4A
Part of subcall function 00007FFDF62A6DA0: ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFDF629E446), ref: 00007FFDF62A6E55

OleInitializeWOW.OLE32 ref: 00007FFDF629E4DB

Part of subcall function 00007FFDF62A06B0: ??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFDF629E501), ref: 00007FFDF62A06DB
Part of subcall function 00007FFDF62A06B0: ??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFDF629E501), ref: 00007FFDF62A06E8
Part of subcall function 00007FFDF62A06B0: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFDF629E501), ref: 00007FFDF62A06FB
Part of subcall function 00007FFDF62A06B0: ?utf16@QString@@QEBAPEBGXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFDF629E501), ref: 00007FFDF62A070D
Part of subcall function 00007FFDF62A06B0: ?load@QSystemLibrary@@SAPEAUHINSTANCE__@@PEB_W_N@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFDF629E501), ref: 00007FFDF62A0718
Part of subcall function 00007FFDF62A06B0: ?utf16@QString@@QEBAPEBGXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFDF629E501), ref: 00007FFDF62A075E
Part of subcall function 00007FFDF62A06B0: ?load@QSystemLibrary@@SAPEAUHINSTANCE__@@PEB_W_N@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFDF629E501), ref: 00007FFDF62A0769
Part of subcall function 00007FFDF62A06B0: ?utf16@QString@@QEBAPEBGXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFDF629E501), ref: 00007FFDF62A07A9
Part of subcall function 00007FFDF62A06B0: ?load@QSystemLibrary@@SAPEAUHINSTANCE__@@PEB_W_N@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFDF629E501), ref: 00007FFDF62A07B4
Part of subcall function 00007FFDF62A06B0: ?utf16@QString@@QEBAPEBGXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFDF629E501), ref: 00007FFDF62A07F4
Part of subcall function 00007FFDF62A06B0: ?load@QSystemLibrary@@SAPEAUHINSTANCE__@@PEB_W_N@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFDF629E501), ref: 00007FFDF62A07FF
Part of subcall function 00007FFDF62A06B0: ?utf16@QString@@QEBAPEBGXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFDF629E501), ref: 00007FFDF62A083F
Part of subcall function 00007FFDF62A06B0: ?load@QSystemLibrary@@SAPEAUHINSTANCE__@@PEB_W_N@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFDF629E501), ref: 00007FFDF62A084A

Part of subcall function 00007FFDF62A0530: ?current@QOperatingSystemVersion@@SA?AV1@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF629E50D), ref: 00007FFDF62A0550
Part of subcall function 00007FFDF62A0530: ?compare@QOperatingSystemVersion@@CAHAEBV1@0@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF629E50D), ref: 00007FFDF62A0564
Part of subcall function 00007FFDF62A0530: ??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF629E50D), ref: 00007FFDF62A058B
Part of subcall function 00007FFDF62A0530: ??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF629E50D), ref: 00007FFDF62A0598
Part of subcall function 00007FFDF62A0530: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF629E50D), ref: 00007FFDF62A05AB
Part of subcall function 00007FFDF62A0530: ?utf16@QString@@QEBAPEBGXZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF629E50D), ref: 00007FFDF62A05BD
Part of subcall function 00007FFDF62A0530: ?load@QSystemLibrary@@SAPEAUHINSTANCE__@@PEB_W_N@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF629E50D), ref: 00007FFDF62A05C8
Part of subcall function 00007FFDF62A0530: ?utf16@QString@@QEBAPEBGXZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF629E50D), ref: 00007FFDF62A060D
Part of subcall function 00007FFDF62A0530: ?load@QSystemLibrary@@SAPEAUHINSTANCE__@@PEB_W_N@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF629E50D), ref: 00007FFDF62A0618
Part of subcall function 00007FFDF62A0530: ?utf16@QString@@QEBAPEBGXZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF629E50D), ref: 00007FFDF62A0658
Part of subcall function 00007FFDF62A0530: ?load@QSystemLibrary@@SAPEAUHINSTANCE__@@PEB_W_N@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF629E50D), ref: 00007FFDF62A0663
Part of subcall function 00007FFDF62A0530: GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFDF629E50D), ref: 00007FFDF62A0680
Part of subcall function 00007FFDF62A0530: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF629E50D), ref: 00007FFDF62A0691

GetDC.USER32 ref: 00007FFDF629E52C
GetDeviceCaps.GDI32 ref: 00007FFDF629E53E
GetKeyboardLayoutList.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00007FFDF629E39B,?,?,00000000,00007FFDF629C54F), ref: 00007FFDF629E54B
GetKeyboardLayoutList.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00007FFDF629E39B,?,?,00000000,00007FFDF629C54F), ref: 00007FFDF629E581
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00007FFDF629E39B,?,?,00000000,00007FFDF629C54F), ref: 00007FFDF629E605
?warning@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00007FFDF629E39B,?,?,00000000,00007FFDF629C54F), ref: 00007FFDF629E613
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00007FFDF629E39B,?,?,00000000,00007FFDF629C54F), ref: 00007FFDF629E623
??6QDebug@@QEAAAEAV0@AEBVQByteArray@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00007FFDF629E39B,?,?,00000000,00007FFDF629C54F), ref: 00007FFDF629E62F
??1QDebug@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00007FFDF629E39B,?,?,00000000,00007FFDF629C54F), ref: 00007FFDF629E63A
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00007FFDF629E39B,?,?,00000000,00007FFDF629C54F), ref: 00007FFDF629E645

Strings

QWindowsContext: OleInitialize() failed: , xrefs: 00007FFDF629E61C

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: String@@$System$?load@?utf16@E__@@Library@@$Debug@@$Object@@$??0?$ByteConnection@F@@@@KeyboardLayoutListLogger@@MessageMetaOperatingPointV0@@Vector@Version@@$?compare@?connect?current@?warning@AddressArray@@Array@@@Base@CapsConnectionDeviceImpl@InitializeLocale@@ObjectPrivate@@ProcQt@@SlotType@U3@@V1@0@memset
String ID: QWindowsContext: OleInitialize() failed:
API String ID: 3249308831-1565728777
Opcode ID: f42ace6f45ca6e41dbb5da9e2a0d804069763704a6c27af5cedb84b4f8b1d6e1
Instruction ID: a9a2c52bdbd6454a4f9c45d18f193db65aa3031c0a885bb2434444abf3dfaad5
Opcode Fuzzy Hash: f42ace6f45ca6e41dbb5da9e2a0d804069763704a6c27af5cedb84b4f8b1d6e1
Instruction Fuzzy Hash: A4514D32708A4286EB249B25F8645AEB3E8FF94794F544135D7AE82BE9DF3CE045D700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62967E0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 149windowCOMMON

Download Yara Rule

APIs

SetWindowPos.USER32(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62934DB), ref: 00007FFDF6296848
SetWindowPos.USER32(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62934DB), ref: 00007FFDF6296870
SetWindowPos.USER32(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62934DB), ref: 00007FFDF6296893
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62934DB), ref: 00007FFDF62968AE
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62934DB), ref: 00007FFDF62968BE
GetSystemMenu.USER32(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62934DB), ref: 00007FFDF62968D1
EnableMenuItem.USER32 ref: 00007FFDF62968F2
SetWindowPos.USER32(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62934DB), ref: 00007FFDF6296937
?hasAlpha@QSurfaceFormat@@QEBA_NXZ.QT5GUI ref: 00007FFDF629BF4D
??1QSurfaceFormat@@QEAA@XZ.QT5GUI ref: 00007FFDF629BF5B

Strings

QWidget: Incompatible window flags: the window can't be on top and on bottom at the same time, xrefs: 00007FFDF62968B7

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Window$Format@@Logger@@MenuMessageSurface$?has?warning@Alpha@EnableItemSystem
String ID: QWidget: Incompatible window flags: the window can't be on top and on bottom at the same time
API String ID: 3764170481-2631108776
Opcode ID: 87dc2f9602d6f97a40d0db4e69a47f9b538e3fa025e5afe5e2bdbdf1d81dc0ee
Instruction ID: e4cc92a82231b7d08bea0015aa2049df94e3c8f00a39168ca4d195a133b908fa
Opcode Fuzzy Hash: 87dc2f9602d6f97a40d0db4e69a47f9b538e3fa025e5afe5e2bdbdf1d81dc0ee
Instruction Fuzzy Hash: 55519032B1865183F724CF35A464A6A76A5FB85BD8F048231EA6983EDDDF3CD145AB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62F5A10 Relevance: 177.2, APIs: 88, Strings: 13, Instructions: 460
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

?isEmpty@QString@@QEBA_NXZ.QT5CORE ref: 00007FFDF62F5A4F
??0QChar@@QEAA@UQLatin1Char@@@Z.QT5CORE ref: 00007FFDF62F5A64
?at@QString@@QEBA?BVQChar@@H@Z.QT5CORE ref: 00007FFDF62F5A78
?startsWith@QString@@QEBA_NVQLatin1String@@W4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FFDF62F5AAF
??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF62F5AD9
?weightFromInteger@QPlatformFontDatabase@@SA?AW4Weight@QFont@@H@Z.QT5GUI(?), ref: 00007FFDF62F5B28
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF62F5B3C
??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF62F5B54
??0QTextStream@@QEAA@PEAVQString@@V?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z.QT5CORE ref: 00007FFDF62F5B65
??6QTextStream@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F5B7F
??6QTextStream@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FFDF62F5B8A
??6QTextStream@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FFDF62F5B96
??6QTextStream@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FFDF62F5BA1
??6QTextStream@@QEAAAEAV0@H@Z.QT5CORE ref: 00007FFDF62F5BAC
??6QTextStream@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F5BBC
??6QTextStream@@QEAAAEAV0@H@Z.QT5CORE ref: 00007FFDF62F5BC7
??6QTextStream@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F5BE3
??6QTextStream@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F5BF9
??6QTextStream@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F5C0F
??6QTextStream@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F5C25
??6QTextStream@@QEAAAEAV0@H@Z.QT5CORE ref: 00007FFDF62F5C30
??6QTextStream@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F5C40
??6QTextStream@@QEAAAEAV0@H@Z.QT5CORE ref: 00007FFDF62F5C4E
??6QTextStream@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F5C5E
??6QTextStream@@QEAAAEAV0@H@Z.QT5CORE ref: 00007FFDF62F5C6A
??6QTextStream@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F5C7A
??6QTextStream@@QEAAAEAV0@H@Z.QT5CORE ref: 00007FFDF62F5C89
??6QTextStream@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F5C99
??6QTextStream@@QEAAAEAV0@H@Z.QT5CORE ref: 00007FFDF62F5CA7
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF62F5CB5
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF62F5CD9
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF62F5CE6
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FFDF62F5CF3
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62F5CFD
??1QTextStream@@UEAA@XZ.QT5CORE ref: 00007FFDF62F5D07
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F5D11
??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF62F5D1B
??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF62F5D25
??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF62F5D2F
??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF62F5D39
?isEmpty@QString@@QEBA_NXZ.QT5CORE ref: 00007FFDF62F5D65
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF62F5D77
?isEmpty@QString@@QEBA_NXZ.QT5CORE ref: 00007FFDF62F5D81
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF62F5D92
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF62F5D9F
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF62F5DAC
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF62F5DB9
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF62F5DC6
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F5DD0
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F5DDA
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F5DE4
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F5DEE
??0QSupportedWritingSystems@@QEAA@XZ.QT5GUI ref: 00007FFDF62F5DF9
?writingSystemsFromTrueTypeBits@QPlatformFontDatabase@@SA?AVQSupportedWritingSystems@@QEAI0@Z.QT5GUI ref: 00007FFDF62F5E31
??4QSupportedWritingSystems@@QEAAAEAV0@AEBV0@@Z.QT5GUI ref: 00007FFDF62F5E3F
??1QSupportedWritingSystems@@QEAA@XZ.QT5GUI ref: 00007FFDF62F5E4A
?supported@QSupportedWritingSystems@@QEBA_NW4WritingSystem@QFontDatabase@@@Z.QT5GUI ref: 00007FFDF62F5E5E
??8QString@@QEBA_NVQLatin1String@@@Z.QT5CORE ref: 00007FFDF62F5E8E
?setSupported@QSupportedWritingSystems@@QEAAXW4WritingSystem@QFontDatabase@@_N@Z.QT5GUI ref: 00007FFDF62F5F30
?registerFont@QPlatformFontDatabase@@SAXAEBVQString@@00W4Weight@QFont@@W4Style@4@W4Stretch@4@_N4H4AEBVQSupportedWritingSystems@@PEAX@Z.QT5GUI ref: 00007FFDF62F5F85
?isEmpty@QString@@QEBA_NXZ.QT5CORE ref: 00007FFDF62F5F93
??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF62F5FAE
?registerFont@QPlatformFontDatabase@@SAXAEBVQString@@00W4Weight@QFont@@W4Style@4@W4Stretch@4@_N4H4AEBVQSupportedWritingSystems@@PEAX@Z.QT5GUI ref: 00007FFDF62F5FF3
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F5FFE
?isEmpty@QString@@QEBA_NXZ.QT5CORE ref: 00007FFDF62F6014
??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF62F602F

Part of subcall function 00007FFDF62FADE0: ??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FADFF
Part of subcall function 00007FFDF62FADE0: ??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAE09
Part of subcall function 00007FFDF62FADE0: ??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAE13
Part of subcall function 00007FFDF62FADE0: ??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAE1D
Part of subcall function 00007FFDF62FADE0: GetDC.USER32 ref: 00007FFDF62FAE25
Part of subcall function 00007FFDF62FADE0: CreateFontIndirectW.GDI32 ref: 00007FFDF62FAE31
Part of subcall function 00007FFDF62FADE0: ReleaseDC.USER32 ref: 00007FFDF62FAE44
Part of subcall function 00007FFDF62FADE0: ??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAE51
Part of subcall function 00007FFDF62FADE0: ??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAE5F
Part of subcall function 00007FFDF62FADE0: ??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAE6D
Part of subcall function 00007FFDF62FADE0: ??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAE7B
Part of subcall function 00007FFDF62FADE0: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAE85
Part of subcall function 00007FFDF62FADE0: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAE8F
Part of subcall function 00007FFDF62FADE0: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAE99
Part of subcall function 00007FFDF62FADE0: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAEA3

Part of subcall function 00007FFDF62FB2F0: ??BQByteArray@@QEBAPEBDXZ.QT5CORE(?,?,0000FFFF,00007FFDF62F5D5D), ref: 00007FFDF62FB307
Part of subcall function 00007FFDF62FB2F0: ?length@QString@@QEBAHXZ.QT5CORE(?,?,0000FFFF,00007FFDF62F5D5D), ref: 00007FFDF62FB315
Part of subcall function 00007FFDF62FB2F0: ?unicode@QChar@@QEBAGXZ.QT5CORE(?,?,0000FFFF,00007FFDF62F5D5D), ref: 00007FFDF62FB337
Part of subcall function 00007FFDF62FB2F0: ?length@QString@@QEBAHXZ.QT5CORE(?,?,0000FFFF,00007FFDF62F5D5D), ref: 00007FFDF62FB347

??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F6210
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F6219

Strings

stretch=, xrefs: 00007FFDF62F5C92
scalable=, xrefs: 00007FFDF62F5C1A
DEVICE, xrefs: 00007FFDF62F5BD8
WST_, xrefs: 00007FFDF62F5A8E
Weight=, xrefs: 00007FFDF62F5C73
d, xrefs: 00007FFDF62F616B
TTF=, xrefs: 00007FFDF62F5BB5
TRUETYPE, xrefs: 00007FFDF62F5C04
Style=, xrefs: 00007FFDF62F5C57
RASTER, xrefs: 00007FFDF62F5BEE
Size=, xrefs: 00007FFDF62F5C39
addFontToDatabase, xrefs: 00007FFDF62F5B70
Segoe UI, xrefs: 00007FFDF62F5E73

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Stream@@Text$??0?$F@@@@PointVector@$V0@@$Writing$SupportedSystems@@$Font$Array@@ByteEmpty@$A@$$Database@@Platform$Char@@Debug@@Font@@Latin1String@@@Weight@$?length@?registerCategory@@DebugEnabled@Font@FromLogger@@LoggingMessageStretch@4@_String@@00Style@4@System@$?at@?debug@?set?starts?supported@?unicode@?weight?writingBits@CaseChar@@@CreateDatabase@@@Database@@_Device@@@@@Flag@Flags@H00@IndirectInteger@ModeOpenQt@@@ReleaseSensitivity@Supported@SystemsTrueTypeWith@
String ID: DEVICE$ RASTER$ Size=$ Style=$ TRUETYPE$ TTF=$ Weight=$ scalable=$ stretch=$Segoe UI$WST_$addFontToDatabase$d
API String ID: 2062803053-3181495196
Opcode ID: 60df43b82587438844761b465bcd141362fe0031bfbf7d25d7bf616afbeec32b
Instruction ID: 11723e6d9e53fd33253c70db3d14cab33887c61070d9c72eb39713a74bf72f42
Opcode Fuzzy Hash: 60df43b82587438844761b465bcd141362fe0031bfbf7d25d7bf616afbeec32b
Instruction Fuzzy Hash: 99325C22B08A4296FB009FB0E8649AD77B9FB94B58F494031DA5E53EADDF3CD549C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6293500 Relevance: 121.2, APIs: 59, Strings: 10, Instructions: 420
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32 ref: 00007FFDF6293564

Part of subcall function 00007FFDF62A19A0: ?flags@QWindow@@QEBA?AV?$QFlags@W4WindowType@Qt@@@@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,00007FFDF6293585), ref: 00007FFDF62A19CE
Part of subcall function 00007FFDF62A19A0: ?property@QObject@@QEBA?AVQVariant@@PEBD@Z.QT5CORE ref: 00007FFDF62A1A1F
Part of subcall function 00007FFDF62A19A0: ?toBool@QVariant@@QEBA_NXZ.QT5CORE ref: 00007FFDF62A1A28
Part of subcall function 00007FFDF62A19A0: ??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF62A1A44
Part of subcall function 00007FFDF62A19A0: ??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF62A1A86
Part of subcall function 00007FFDF62A19A0: ?append@QString@@QEAAAEAV1@VQLatin1String@@@Z.QT5CORE ref: 00007FFDF62A1AAF
Part of subcall function 00007FFDF62A19A0: ?append@QString@@QEAAAEAV1@VQLatin1String@@@Z.QT5CORE ref: 00007FFDF62A1B07
Part of subcall function 00007FFDF62A19A0: ?append@QString@@QEAAAEAV1@VQLatin1String@@@Z.QT5CORE ref: 00007FFDF62A1B36

?initialGeometry@QPlatformWindow@@SA?AVQRect@@PEBVQWindow@@AEBV2@HH@Z.QT5GUI ref: 00007FFDF62935A1
?qAppName@@YA?AVQString@@XZ.QT5CORE ref: 00007FFDF62935CC
?objectName@QObject@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FFDF62935E0
??4QUrl@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62935EC
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62935FB
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF629360A
?utf16@QString@@QEBAPEBGXZ.QT5CORE ref: 00007FFDF6293613
?utf16@QString@@QEBAPEBGXZ.QT5CORE ref: 00007FFDF6293624
?qt_window_private@@YAPEAVQWindowPrivate@@PEAVQWindow@@@Z.QT5GUI(?), ref: 00007FFDF6293735
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?), ref: 00007FFDF6293797
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF62937C7
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF62937D4
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62937EB
??6@YA?AVQDebug@@V0@PEBVQWindow@@@Z.QT5GUI ref: 00007FFDF6293806
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF6293816
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FFDF6293826
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF6293836
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FFDF6293842
??6QDebug@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FFDF629384D
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF6293877
??6@YA?AVQDebug@@V0@AEBVQRect@@@Z.QT5CORE ref: 00007FFDF6293896
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62938A6
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE ref: 00007FFDF62938B2
??6QDebug@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FFDF62938BD
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE ref: 00007FFDF62938C9
??6QDebug@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FFDF62938D4
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE ref: 00007FFDF62938E0
??6QDebug@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FFDF62938EB
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE ref: 00007FFDF62938F7
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF6293907
??6@YA?AVQDebug@@V0@AEBVQMargins@@@Z.QT5CORE ref: 00007FFDF6293923
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF6293933
??6@YA?AVQDebug@@V0@AEBVQMargins@@@Z.QT5CORE ref: 00007FFDF6293952
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF629395C
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF6293966
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF6293970
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF629397A
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF6293984
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF629398E
CreateWindowExW.USER32 ref: 00007FFDF62939FF
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF6293A14
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF6293A44
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF6293A51
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF6293A68
??6@YA?AVQDebug@@V0@PEBVQWindow@@@Z.QT5GUI ref: 00007FFDF6293A83
??6QDebug@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FFDF6293A8E
??6QDebug@@QEAAAEAV0@PEBX@Z.QT5CORE ref: 00007FFDF6293A9A
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF6293AAA
??6@YA?AVQDebug@@V0@AEBVQRect@@@Z.QT5CORE ref: 00007FFDF6293AC6
??6QDebug@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FFDF6293AD1
??6@YA?AVQDebug@@V0@AEBVQMargins@@@Z.QT5CORE ref: 00007FFDF6293AED
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF6293AF7
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF6293B01
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF6293B0B
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF6293B15
?qErrnoWarning@@YAXPEBDZZ.QT5CORE ref: 00007FFDF6293B2E
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6293BC4
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6293BCD

Strings

obtained geometry: , xrefs: 00007FFDF6293AA3
title=, xrefs: 00007FFDF629382F
custom margins: , xrefs: 00007FFDF6293900
requested: , xrefs: 00007FFDF6293870
invisible margins: , xrefs: 00007FFDF629392C
WindowCreationData::create, xrefs: 00007FFDF6293B20
CreateWindowEx: returns , xrefs: 00007FFDF6293A57
class=, xrefs: 00007FFDF629380F
%s: CreateWindowEx failed, xrefs: 00007FFDF6293B27
CreateWindowEx: , xrefs: 00007FFDF62937DA

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$String@@$??6@$String@@@$Logger@@Message$?append@Latin1Margins@@@Variant@@WindowWindow@@Window@@@$?debug@?utf16@Category@@DebugEnabled@H00@LoggingObject@@Rect@@@$??0?$?flags@?initial?object?property@?qt_window_private@@Bool@CreateErrnoF@@@@Flags@Geometry@HandleModuleName@Name@@PlatformPointPrivate@@Qt@@@@Rect@@Type@Url@@V0@$$V0@@Vector@Warning@@
String ID: requested: $ class=$ custom margins: $ invisible margins: $ obtained geometry: $ title=$%s: CreateWindowEx failed$CreateWindowEx: $CreateWindowEx: returns $WindowCreationData::create
API String ID: 673872497-1297568575
Opcode ID: f985ad0a96db52d648e870a48dffa9de7342739bc6dc8f106543a8914ab6fe6e
Instruction ID: 4ef2dbf7b3db07094eabb67e1a7d64d9eda4c89aa8c2d816323c2c9e82282e5e
Opcode Fuzzy Hash: f985ad0a96db52d648e870a48dffa9de7342739bc6dc8f106543a8914ab6fe6e
Instruction Fuzzy Hash: A4226D36B04B8286EB10DF75E8646E833B4FB88B88F458035DA5D47BA9EF38D549C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62FFF10 Relevance: 86.1, APIs: 46, Strings: 3, Instructions: 368
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

??0QFontEngine@@IEAA@W4Type@0@@Z.QT5GUI ref: 00007FFDF62FFF3D
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF62FFF8B
??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF62FFF98
??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF6300008
??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF630003E
??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF630004B
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF6300091
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF63000B5
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF63000C2
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF63000D2
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FFDF63000DE
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE ref: 00007FFDF63000EA
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF63000F4
CreateFontIndirectW.GDI32 ref: 00007FFDF6300101
?toLocal8Bit@QString@@QEHAA?AVQByteArray@@XZ.QT5CORE ref: 00007FFDF630011A
??BQByteArray@@QEBAPEBDXZ.QT5CORE ref: 00007FFDF6300123
?qErrnoWarning@@YAXPEBDZZ.QT5CORE ref: 00007FFDF630013A
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6300144
SelectObject.GDI32 ref: 00007FFDF630016E
GetTextMetricsW.GDI32 ref: 00007FFDF6300181
?qErrnoWarning@@YAXPEBDZZ.QT5CORE ref: 00007FFDF6300199

Part of subcall function 00007FFDF6302230: SelectObject.GDI32 ref: 00007FFDF630225D
Part of subcall function 00007FFDF6302230: GetFontData.GDI32 ref: 00007FFDF6302279
Part of subcall function 00007FFDF6302230: SelectObject.GDI32 ref: 00007FFDF63022B7
Part of subcall function 00007FFDF6302230: GetFontData.GDI32 ref: 00007FFDF63022D3
Part of subcall function 00007FFDF6302230: SelectObject.GDI32 ref: 00007FFDF630230F
Part of subcall function 00007FFDF6302230: ?getSfntTable@QFontEngine@@QEBA?AVQByteArray@@I@Z.QT5GUI ref: 00007FFDF6302337
Part of subcall function 00007FFDF6302230: ??4QUrl@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF6302347
Part of subcall function 00007FFDF6302230: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6302352
Part of subcall function 00007FFDF6302230: ?length@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF630235F
Part of subcall function 00007FFDF6302230: ??BQByteArray@@QEBAPEBDXZ.QT5CORE ref: 00007FFDF630236E
Part of subcall function 00007FFDF6302230: ?getCMap@QFontEngine@@SAPEBEPEBEIPEA_NPEAH@Z.QT5GUI ref: 00007FFDF6302385
Part of subcall function 00007FFDF6302230: GetOutlineTextMetricsW.GDI32 ref: 00007FFDF63023E0
Part of subcall function 00007FFDF6302230: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDF63023EA
Part of subcall function 00007FFDF6302230: GetOutlineTextMetricsW.GDI32 ref: 00007FFDF63023FB

??0QVariant@@QEAA@HPEBXI@Z.QT5CORE ref: 00007FFDF6300239
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6300264
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF630026E
??0QVariant@@QEAA@HPEBXI@Z.QT5CORE ref: 00007FFDF630028C
??0QString@@QEAA@UQStringDataPtr@@@Z.QT5CORE ref: 00007FFDF63002C8
?createData@QMapDataBase@@SAPEAU1@XZ.QT5CORE ref: 00007FFDF63002D9
?setParent@QMapNodeBase@@QEAAXPEAU1@@Z.QT5CORE ref: 00007FFDF6300302
?recalcMostLeftNode@QMapDataBase@@QEAAXXZ.QT5CORE ref: 00007FFDF6300337
??M@YA_NAEBVQString@@0@Z.QT5CORE ref: 00007FFDF630035F
??M@YA_NAEBVQString@@0@Z.QT5CORE ref: 00007FFDF630038E
??4QVariant@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF63003A0

Part of subcall function 00007FFDF6303B50: ??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00007FFDF6300214), ref: 00007FFDF6303B8A
Part of subcall function 00007FFDF6303B50: ??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,00007FFDF6300214), ref: 00007FFDF6303B98
Part of subcall function 00007FFDF6303B50: ?utf16@QString@@QEBAPEBGXZ.QT5CORE(?,?,?,?,?,?,?,?,00007FFDF6300214), ref: 00007FFDF6303BAE
Part of subcall function 00007FFDF6303B50: ?load@QSystemLibrary@@SAPEAUHINSTANCE__@@PEB_W_N@Z.QT5CORE(?,?,?,?,?,?,?,?,00007FFDF6300214), ref: 00007FFDF6303BB9
Part of subcall function 00007FFDF6303B50: GetProcAddress.KERNEL32 ref: 00007FFDF6303BD8
Part of subcall function 00007FFDF6303B50: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6303BE6
Part of subcall function 00007FFDF6303B50: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6303BF8

?createNode@QMapDataBase@@QEAAPEAUQMapNodeBase@@HHPEAU2@_N@Z.QT5CORE ref: 00007FFDF63003BD
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF63003CE
??0QVariant@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF63003DC
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF63003E6
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF63003F0
??0QString@@QEAA@UQStringDataPtr@@@Z.QT5CORE ref: 00007FFDF6300419
??0QVariant@@QEAA@_N@Z.QT5CORE ref: 00007FFDF630042D
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF630044B
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF6300455
??0QVariant@@QEAA@AEBV?$QMap@VQString@@VQVariant@@@@@Z.QT5CORE ref: 00007FFDF6300463
??4QVariant@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF6300474
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF630047E
_Init_thread_footer.LIBCMT ref: 00007FFDF63005AE

Part of subcall function 00007FFDF63814AC: EnterCriticalSection.KERNEL32(?,?,00000000,00007FFDF62A16D2,?,?,00000000,00007FFDF62914BE), ref: 00007FFDF63814BC

_Init_thread_footer.LIBCMT ref: 00007FFDF6300548

Strings

QWindowsFontEngine::QWindowsFontEngine, xrefs: 00007FFDF63000CB, 00007FFDF630012C, 00007FFDF630018B
%s: CreateFontIndirect failed for family '%s', xrefs: 00007FFDF6300133
%s: GetTextMetrics failed, xrefs: 00007FFDF6300192

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Variant@@$Array@@Byte$DataV0@@$Font$??0?$Base@@Debug@@F@@@@PointVector@$ObjectSelect$Engine@@MetricsText$?create?getErrnoInit_thread_footerLogger@@Map@MessageNodeNode@OutlinePtr@@@StringString@@0@Warning@@$?debug@?length@?load@?recalc?set?utf16@AddressBit@Category@@CreateCriticalData@DebugE__@@Enabled@EnterH00@IndirectLeftLibrary@@Local8LoggingMostParent@ProcSectionSfntString@@@SystemTable@Type@0@@U1@@U2@_Url@@V0@$$Variant@@@@@malloc
String ID: %s: CreateFontIndirect failed for family '%s'$%s: GetTextMetrics failed$QWindowsFontEngine::QWindowsFontEngine
API String ID: 2259239318-1363371599
Opcode ID: aed85cfb9d537dc5a0b47a6f7c01f32685aa30524a4c696e30363132bf5a728f
Instruction ID: a34d73fe346256b1dfd3ccaea59d34f318333bc3207c773b08e23b238da0e195
Opcode Fuzzy Hash: aed85cfb9d537dc5a0b47a6f7c01f32685aa30524a4c696e30363132bf5a728f
Instruction Fuzzy Hash: A9125032B04A4297EB05EF74E960AE833A8FB55758F584131DA6E43AE9DF3CE559C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6298C40 Relevance: 86.1, APIs: 43, Strings: 6, Instructions: 302
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

??0QRect@@QEAA@AEBVQPoint@@0@Z.QT5CORE ref: 00007FFDF6298CB0
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF6298CBE
?marginsRemoved@QRect@@QEBA?AV1@AEBVQMargins@@@Z.QT5CORE ref: 00007FFDF6298CF5

Part of subcall function 00007FFDF62A1690: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,00000000,00007FFDF62914BE), ref: 00007FFDF62A16EC
Part of subcall function 00007FFDF62A1690: _Init_thread_footer.LIBCMT ref: 00007FFDF62A1705

??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF6298D15
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF6298D23
??6QDebug@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FFDF6298D2E
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF6298D3E
?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF6298D52
??6@YA?AVQDebug@@V0@PEBVQWindow@@@Z.QT5GUI ref: 00007FFDF6298D65
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF6298D75
??6@YA?AVQDebug@@V0@AEBVQRect@@@Z.QT5CORE ref: 00007FFDF6298D94
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF6298DA4
??6@YA?AVQDebug@@V0@AEBVQMargins@@@Z.QT5CORE ref: 00007FFDF6298DC1
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF6298DD1
??6@YA?AVQDebug@@V0@AEBVQRect@@@Z.QT5CORE ref: 00007FFDF6298DED
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF6298DFD
??6@YA?AVQDebug@@V0@AEBVQRect@@@Z.QT5CORE ref: 00007FFDF6298E1A
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF6298E24
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF6298E2F
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF6298E3A
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF6298E45
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF6298E50
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF6298E5B

Part of subcall function 00007FFDF62A6450: ?contains@QRect@@QEBA_NAEBVQPoint@@_N@Z.QT5CORE(?,?,?,?,?,00007FFDF6291325), ref: 00007FFDF62A64AA

GetWindowPlacement.USER32 ref: 00007FFDF6298E7E
IsWindowVisible.USER32 ref: 00007FFDF6298E8F
GetWindowLongPtrW.USER32 ref: 00007FFDF6298ECD
?translated@QRect@@QEBA?AV1@AEBVQPoint@@@Z.QT5CORE ref: 00007FFDF6298F5D
SetWindowPlacement.USER32 ref: 00007FFDF6298FA0
MoveWindow.USER32 ref: 00007FFDF6298FE4
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF6298FF8

Part of subcall function 00007FFDF6294960: GetWindowPlacement.USER32 ref: 00007FFDF62949BE
Part of subcall function 00007FFDF6294960: ??0QRect@@QEAA@AEBVQPoint@@AEBVQSize@@@Z.QT5CORE ref: 00007FFDF62949F2
Part of subcall function 00007FFDF6294960: ?translated@QRect@@QEBA?AV1@AEBVQPoint@@@Z.QT5CORE ref: 00007FFDF6294A1E

?marginsRemoved@QRect@@QEBA?AV1@AEBVQMargins@@@Z.QT5CORE ref: 00007FFDF6299037
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF6299057
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF6299065
??6QDebug@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FFDF6299070
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF6299080
?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF6299094
??6@YA?AVQDebug@@V0@PEBVQWindow@@@Z.QT5GUI ref: 00007FFDF62990A7
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62990B7
??6QDebug@@QEAAAEAV0@_N@Z.QT5CORE ref: 00007FFDF62990C4
??6@YA?AVQDebug@@V0@AEBVQRect@@@Z.QT5CORE ref: 00007FFDF62990E3
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62990EE
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62990F9
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF6299104

Strings

to , xrefs: 00007FFDF6298DCA
new frame: , xrefs: 00007FFDF6298DF6
resulting , xrefs: 00007FFDF62990B0
from , xrefs: 00007FFDF6298D6E
QWindowsBaseWindow::setGeometry_sys, xrefs: 00007FFDF6298D37, 00007FFDF6299079
frame: , xrefs: 00007FFDF6298D9D

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$??6@Rect@@$Window$Logger@@MessageRect@@@Window@@$Category@@LoggingMargins@@@Placement$?debug@?margins?translated@?window@DebugEnabled@H00@PlatformPoint@@@Removed@Window@@@$?contains@Init_thread_footerLongMovePoint@@Point@@0@Point@@_Size@@@V0@_Visible
String ID: from $ resulting $ frame: $ new frame: $ to $QWindowsBaseWindow::setGeometry_sys
API String ID: 972927508-1440467865
Opcode ID: e8143b6a1625361cd3832c53460e88ca40120af244b451685133be8d742a2dd9
Instruction ID: 46adc40d4135cf9680918163694a41de7542d710e5b77437b55804289faf04aa
Opcode Fuzzy Hash: e8143b6a1625361cd3832c53460e88ca40120af244b451685133be8d742a2dd9
Instruction Fuzzy Hash: 0EE12B36B18A4297DB009FA5E8604AD77B4FB84B85B448036EA5E43FA9DF7CD509CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62FADE0 Relevance: 77.1, APIs: 42, Strings: 2, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FADFF
??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAE09
??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAE13
??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAE1D
GetDC.USER32 ref: 00007FFDF62FAE25
CreateFontIndirectW.GDI32 ref: 00007FFDF62FAE31
ReleaseDC.USER32 ref: 00007FFDF62FAE44
??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAE51
??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAE5F
??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAE6D
??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAE7B
??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAE85
??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAE8F
??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAE99
??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAEA3
SelectObject.GDI32 ref: 00007FFDF62FAEBC
??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,0000FFFF,?,00007FFDF62F5D55), ref: 00007FFDF62FAEC9
GetFontData.GDI32 ref: 00007FFDF62FAEE5
?resize@QByteArray@@QEAAXH@Z.QT5CORE ref: 00007FFDF62FAEFC
?data@QByteArray@@QEAAPEADXZ.QT5CORE ref: 00007FFDF62FAF06
GetFontData.GDI32 ref: 00007FFDF62FAF1E
??BQByteArray@@QEBAPEBDXZ.QT5CORE ref: 00007FFDF62FAF2D
??4QUrl@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62FAF4C
??4QUrl@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62FAF5A
??4QUrl@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62FAF68
??4QUrl@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62FAF76
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FAF80
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FAF8A
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FAF94
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FAF9E
SelectObject.GDI32 ref: 00007FFDF62FAFAA
DeleteObject.GDI32 ref: 00007FFDF62FAFB3
ReleaseDC.USER32 ref: 00007FFDF62FAFBE
??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62FAFCB
??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62FAFD9
??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62FAFE7
??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62FAFF5
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF62FAFFF
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FB009
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FB013
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FB01D
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FB027

Strings

name, xrefs: 00007FFDF62FAF16
name, xrefs: 00007FFDF62FAEDD

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Array@@ByteString@@V0@@$A@$$$??0?$F@@@@PointVector@$Url@@V0@$$$FontObject$DataReleaseSelect$?data@?resize@CreateDeleteIndirect
String ID: name$name
API String ID: 389826523-2543285679
Opcode ID: 4c95747d7c62e8a07b1054de7847d7941e868ba2c15ecbeb14eecc365828c74b
Instruction ID: c90f6a2ffc3cfed077bd3dcdf4e7912f788159e04e40b0c704e0c5c8b27382ff
Opcode Fuzzy Hash: 4c95747d7c62e8a07b1054de7847d7941e868ba2c15ecbeb14eecc365828c74b
Instruction Fuzzy Hash: 6471EC62B14917A7EB00EFB1E8648EC2375FB94B59B598031D91E53DA9EF3CD54AC300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6299D70 Relevance: 61.4, APIs: 25, Strings: 10, Instructions: 117windowCOMMON

Download Yara Rule

APIs

?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF6299D84
??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF6299DAA
?number@QByteArray@@SA?AV1@_KH@Z.QT5CORE ref: 00007FFDF6299DC0
?append@QByteArray@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FFDF6299DD1
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6299DDF
?append@QByteArray@@QEAAAEAV1@PEBD@Z.QT5CORE ref: 00007FFDF6299DF8
?append@QByteArray@@QEAAAEAV1@PEBD@Z.QT5CORE ref: 00007FFDF6299E13
?append@QByteArray@@QEAAAEAV1@PEBD@Z.QT5CORE ref: 00007FFDF6299E2E
?append@QByteArray@@QEAAAEAV1@PEBD@Z.QT5CORE ref: 00007FFDF6299E49
?append@QByteArray@@QEAAAEAV1@PEBD@Z.QT5CORE ref: 00007FFDF6299E64
?append@QByteArray@@QEAAAEAV1@PEBD@Z.QT5CORE ref: 00007FFDF6299E7F
?append@QByteArray@@QEAAAEAV1@PEBD@Z.QT5CORE ref: 00007FFDF6299E9A
?append@QByteArray@@QEAAAEAV1@PEBD@Z.QT5CORE ref: 00007FFDF6299EB5
?append@QByteArray@@QEAAAEAV1@PEBD@Z.QT5CORE ref: 00007FFDF6299ED0
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF6299EF1
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF6299EFF
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF6299F0F
?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF6299F26
??6@YA?AVQDebug@@V0@PEBVQPlatformSurface@@@Z.QT5GUI ref: 00007FFDF6299F3F
??6@YA?AVQDebug@@V0@PEBVQWindow@@@Z.QT5GUI ref: 00007FFDF6299F50
??6QDebug@@QEAAAEAV0@AEBVQByteArray@@@Z.QT5CORE ref: 00007FFDF6299F61
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF6299F6C
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF6299F77
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6299F85
SetWindowLongPtrW.USER32 ref: 00007FFDF6299FA3

Strings

WS_CHILD, xrefs: 00007FFDF6299E04
WS_MAXIMIZEBOX, xrefs: 00007FFDF6299EC1
WS_CLIPCHILDREN, xrefs: 00007FFDF6299E3A
WS_THICKFRAME, xrefs: 00007FFDF6299E55
WS_SYSMENU, xrefs: 00007FFDF6299E8B
WS_MINIMIZEBOX, xrefs: 00007FFDF6299EA6
WS_DLGFRAME, xrefs: 00007FFDF6299E70
QWindowsWindow::setStyle, xrefs: 00007FFDF6299F08
WS_CLIPSIBLINGS, xrefs: 00007FFDF6299E1F
WS_POPUP, xrefs: 00007FFDF6299DE9

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Byte$Array@@$?append@$Debug@@$??6@Logger@@MessagePlatformWindow@@$?debug@?number@?window@Array@@@Category@@DebugEnabled@H00@LoggingLongSurface@@@V1@@V1@_WindowWindow@@@
String ID: WS_CHILD$ WS_CLIPCHILDREN$ WS_CLIPSIBLINGS$ WS_DLGFRAME$ WS_MAXIMIZEBOX$ WS_MINIMIZEBOX$ WS_POPUP$ WS_SYSMENU$ WS_THICKFRAME$QWindowsWindow::setStyle
API String ID: 3261088342-3177746206
Opcode ID: 8ad41b6ab076ba4618e6628cfec730b99fb6099927632468873b2b51477ff49c
Instruction ID: 8d20c89fcfe4541a1ef2ade40c33806f414a03fe6ea0392d1087a2becff4f463
Opcode Fuzzy Hash: 8ad41b6ab076ba4618e6628cfec730b99fb6099927632468873b2b51477ff49c
Instruction Fuzzy Hash: 0E518322B08A4293EB10AF74F864AE96365FBC1755F898131C56E43EEEEE3CD109C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62F7D10 Relevance: 58.0, APIs: 30, Strings: 3, Instructions: 223windowCOMMON

Download Yara Rule

APIs

??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F7D64

Part of subcall function 00007FFDF62F6370: ?isEmpty@QListData@@QEBA_NXZ.QT5CORE ref: 00007FFDF62F6383
Part of subcall function 00007FFDF62F6370: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F6419
Part of subcall function 00007FFDF62F6370: ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF62F6427

Part of subcall function 00007FFDF62F7930: ??0QFontDatabase@@QEAA@XZ.QT5GUI ref: 00007FFDF62F7964
Part of subcall function 00007FFDF62F7930: ?writingSystems@QFontDatabase@@QEBA?AV?$QList@W4WritingSystem@QFontDatabase@@@@AEBVQString@@@Z.QT5GUI ref: 00007FFDF62F7975
Part of subcall function 00007FFDF62F7930: ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF62F7981
Part of subcall function 00007FFDF62F7930: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF62F798D
Part of subcall function 00007FFDF62F7930: ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF62F7A1B
Part of subcall function 00007FFDF62F7930: GetUserDefaultLangID.KERNEL32 ref: 00007FFDF62F7A39
Part of subcall function 00007FFDF62F7930: ??0QFontDatabase@@QEAA@XZ.QT5GUI ref: 00007FFDF62F7AA4
Part of subcall function 00007FFDF62F7930: ?families@QFontDatabase@@QEBA?AVQStringList@@W4WritingSystem@1@@Z.QT5GUI ref: 00007FFDF62F7AB5
Part of subcall function 00007FFDF62F7930: ?fromLatin1@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FFDF62F7AE3

Part of subcall function 00007FFDF62F6370: ?size@QListData@@QEBAHXZ.QT5CORE ref: 00007FFDF62F6447
Part of subcall function 00007FFDF62F6370: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF62F6471
Part of subcall function 00007FFDF62F6370: ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF62F647D
Part of subcall function 00007FFDF62F6370: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF62F6497

??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F7DD8
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF62F7DE6
?fallbacksForFamily@QPlatformFontDatabase@@UEBA?AVQStringList@@AEBVQString@@W4Style@QFont@@W4StyleHint@5@W4Script@QChar@@@Z.QT5GUI ref: 00007FFDF62F7E0B
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F7E67
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF62F7E75
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF62F7E8D
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF62F7EB5
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF62F7EC2
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F7ED2
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FFDF62F7EDE
?qt_QMetaEnum_debugOperator@@YA?AVQDebug@@AEAV1@HPEBUQMetaObject@@PEBD@Z.QT5CORE ref: 00007FFDF62F7F0C
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62F7F16
?qt_QMetaEnum_debugOperator@@YA?AVQDebug@@AEAV1@HPEBUQMetaObject@@PEBD@Z.QT5CORE ref: 00007FFDF62F7F3A
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62F7F44
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE ref: 00007FFDF62F7F50
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F7F7F
??6QDebug@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FFDF62F7F8A
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF62F7F93
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF62F7F9F
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FFDF62F7FB4
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F7FCE
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FFDF62F7FDA
??6QDebug@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FFDF62F7FEF
??6QTextStream@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FFDF62F8008
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62F801D
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62F8027
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62F8031
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62F803B
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62F8045

Strings

Style, xrefs: 00007FFDF62F7EF9
StyleHint, xrefs: 00007FFDF62F7F23
QWindowsFontDatabase::fallbacksForFamily, xrefs: 00007FFDF62F7ECB

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$Data@@List$FontString@@$Database@@$?dispose@Data@1@@MetaString@@@$?begin@?end@$?qt_Enum_debugList@@Logger@@MessageObject@@Operator@@StringWriting$?debug@?fallbacks?families@?from?size@?writingArray@@ByteCategory@@Char@@@Database@@@@DebugDefaultEmpty@Enabled@Family@Font@@H00@Hint@5@LangLatin1@List@LoggingPlatformScript@Stream@@StyleStyle@System@System@1@@Systems@TextUserV0@@
String ID: QWindowsFontDatabase::fallbacksForFamily$Style$StyleHint
API String ID: 1338076830-1179042823
Opcode ID: 49270d2ece49cdc338daaeaae1875397167f8ff45ef6096f429c67eab911f46f
Instruction ID: 5faeeb992f81b0cb3b5cf6daf6d28d0ef7134148d37b4a2662aea6250248d4c9
Opcode Fuzzy Hash: 49270d2ece49cdc338daaeaae1875397167f8ff45ef6096f429c67eab911f46f
Instruction Fuzzy Hash: 48A14936B09A4286EB109FB5E8609EC23B9FB54B99B494135DE1E43FA9DF3CD509C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF629A120 Relevance: 57.9, APIs: 32, Strings: 1, Instructions: 165windowCOMMON

Download Yara Rule

APIs

?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF629A131
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF629A142
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF629A16B
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF629A17C
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF629A18C
??6@YA?AVQDebug@@V0@PEBVQPlatformSurface@@@Z.QT5GUI ref: 00007FFDF629A1B0
??6@YA?AVQDebug@@V0@PEBVQWindow@@@Z.QT5GUI ref: 00007FFDF629A1C4
??6QDebug@@QEAAAEAV0@PEBX@Z.QT5CORE ref: 00007FFDF629A1D1
??6QDebug@@QEAAAEAV0@_N@Z.QT5CORE ref: 00007FFDF629A1DD
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF629A1EB
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF629A1F9
GetWindowLongPtrW.USER32 ref: 00007FFDF629A223
?geometry@QWindow@@QEBA?AVQRect@@XZ.QT5GUI ref: 00007FFDF629A245
?geometry@QWindow@@QEBA?AVQRect@@XZ.QT5GUI ref: 00007FFDF629A259
??0QRegion@@QEAA@AEBVQRect@@W4RegionType@0@@Z.QT5GUI ref: 00007FFDF629A287
?isEmpty@QRegion@@QEBA_NXZ.QT5GUI ref: 00007FFDF629A295
?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF629A2BA
??$handleExposeEvent@UDefaultDelivery@QWindowSystemInterface@@@QWindowSystemInterface@@SAXPEAVQWindow@@AEBVQRegion@@@Z.QT5GUI ref: 00007FFDF629A2CB
??1QRegion@@QEAA@XZ.QT5GUI ref: 00007FFDF629A2D8
?type@QWindow@@QEBA?AW4WindowType@Qt@@XZ.QT5GUI ref: 00007FFDF629A2E1
?parent@QWindow@@QEBAPEAV1@XZ.QT5GUI ref: 00007FFDF629A2F3
?focusWindow@QGuiApplication@@SAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF629A302

Part of subcall function 00007FFDF62A1690: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,00000000,00007FFDF62914BE), ref: 00007FFDF62A16EC
Part of subcall function 00007FFDF62A1690: _Init_thread_footer.LIBCMT ref: 00007FFDF62A1705

GetCapture.USER32 ref: 00007FFDF629A326
?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF629A343
?flags@QWindow@@QEBA?AV?$QFlags@W4WindowType@Qt@@@@XZ.QT5GUI ref: 00007FFDF629A354
ShowWindow.USER32 ref: 00007FFDF629A365
SetWindowPos.USER32 ref: 00007FFDF629A396
??0QRegion@@QEAA@XZ.QT5GUI ref: 00007FFDF629A3A4
?isEmpty@QRegion@@QEBA_NXZ.QT5GUI ref: 00007FFDF629A3B0
?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF629A3CD
??$handleExposeEvent@UDefaultDelivery@QWindowSystemInterface@@@QWindowSystemInterface@@SAXPEAVQWindow@@AEBVQRegion@@@Z.QT5GUI ref: 00007FFDF629A3D9
??1QRegion@@QEAA@XZ.QT5GUI ref: 00007FFDF629A3E6

Strings

QWindowsWindow::setVisible, xrefs: 00007FFDF629A185

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Window@@$Window$Debug@@$Region@@$Platform$?window@System$Rect@@$??$handle??6@?geometry@Category@@DefaultDelivery@Empty@Event@ExposeInterface@@Interface@@@Logger@@LoggingMessageRegion@@@Type@$?debug@?flags@?focus?parent@?type@Application@@CaptureDebugEnabled@Flags@H00@Init_thread_footerLongQt@@Qt@@@@RegionShowSurface@@@Type@0@@V0@_Window@Window@@@
String ID: QWindowsWindow::setVisible
API String ID: 3453942269-973687656
Opcode ID: 8887ecb58c79dedf98df2250aee1ad991c231bdd2c74bb1e690bce98bcb634e2
Instruction ID: 3b87358d5ad050ff7709d7d5a59da6a2318a50e84cec4b53413e6a282183a07c
Opcode Fuzzy Hash: 8887ecb58c79dedf98df2250aee1ad991c231bdd2c74bb1e690bce98bcb634e2
Instruction Fuzzy Hash: 88715E22B0874287EB60AB75E864BA973A5FB85B55F488035CA9E43B9DDF3CD449C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62ABCF0 Relevance: 49.1, APIs: 24, Strings: 4, Instructions: 117windowCOMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 00007FFDF62ABD15
GetSystemMetrics.USER32 ref: 00007FFDF62ABD3F
GetSystemMetrics.USER32 ref: 00007FFDF62ABD4D
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62A0EDA), ref: 00007FFDF62ABD5D
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62A0EDA), ref: 00007FFDF62ABD94
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62A0EDA), ref: 00007FFDF62ABDA2
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62A0EDA), ref: 00007FFDF62ABDB2
??6QDebug@@QEAAAEAV0@P6AAEAVQTextStream@@AEAV1@@Z@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62A0EDA), ref: 00007FFDF62ABDC2
??6QDebug@@QEAAAEAV0@P6AAEAVQTextStream@@AEAV1@@Z@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62A0EDA), ref: 00007FFDF62ABDD2
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62A0EDA), ref: 00007FFDF62ABDDD
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62A0EDA), ref: 00007FFDF62ABDED
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62A0EDA), ref: 00007FFDF62ABDF8
??6QDebug@@QEAAAEAV0@P6AAEAVQTextStream@@AEAV1@@Z@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62A0EDA), ref: 00007FFDF62ABE08
??6QDebug@@QEAAAEAV0@P6AAEAVQTextStream@@AEAV1@@Z@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62A0EDA), ref: 00007FFDF62ABE18
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62A0EDA), ref: 00007FFDF62ABE28
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62A0EDA), ref: 00007FFDF62ABE34
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62A0EDA), ref: 00007FFDF62ABE44
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62A0EDA), ref: 00007FFDF62ABE4F
??1QDebug@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62A0EDA), ref: 00007FFDF62ABE5A
??0QTouchDevice@@QEAA@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62A0EDA), ref: 00007FFDF62ABE6D
?setType@QTouchDevice@@QEAAXW4DeviceType@1@@Z.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62A0EDA), ref: 00007FFDF62ABE80
?type@QTouchDevice@@QEBA?AW4DeviceType@1@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62A0EDA), ref: 00007FFDF62ABE8E
?setCapabilities@QTouchDevice@@QEAAXV?$QFlags@W4CapabilityFlag@QTouchDevice@@@@@Z.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62A0EDA), ref: 00007FFDF62ABEA4
?setMaximumTouchPoints@QTouchDevice@@QEAAXH@Z.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62A0EDA), ref: 00007FFDF62ABEAF

Strings

Max touch points:, xrefs: 00007FFDF62ABE3D
Tablet PC:, xrefs: 00007FFDF62ABE21
Digitizers:, xrefs: 00007FFDF62ABDAB
Ready:, xrefs: 00007FFDF62ABDE6

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$Touch$Device@@$Stream@@TextV1@@$?setMetricsSystem$DeviceLogger@@Message$?debug@?type@Capabilities@CapabilityCategory@@DebugDevice@@@@@Enabled@Flag@Flags@H00@LoggingMaximumPoints@Type@Type@1@Type@1@@
String ID: Digitizers:$Max touch points:$Ready:$Tablet PC:
API String ID: 1074269435-3611611755
Opcode ID: 2bef38b386863913f2b56ee0f0bf40de75677071431523924f2bfa33c5d2c8dc
Instruction ID: 85b62b87d79ea2ccf00e2d3cc8b06c2f3338b74ab21f907fe98ac863580882a6
Opcode Fuzzy Hash: 2bef38b386863913f2b56ee0f0bf40de75677071431523924f2bfa33c5d2c8dc
Instruction Fuzzy Hash: 86517126B08B0283EB04ABB1F8246B923E9FF84B91F458035DD5E43FA9DE7CE4158700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF60D0104C0 Relevance: 47.4, APIs: 18, Strings: 9, Instructions: 147windowCOMMON

Download Yara Rule

APIs

??0QByteArray@@QEAA@XZ.QT5CORE ref: 00007FF60D0104DC
?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ.QT5CORE ref: 00007FF60D0104ED
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60D0104FB
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D010519
?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FF60D010527
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D010532
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FF60D010540
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D010551
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D01055C
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FF60D01056E
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FF60D01057B
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60D01058C
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FF60D010599
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FF60D0105A4
?toLocal8Bit@QString@@QEHAA?AVQByteArray@@XZ.QT5CORE ref: 00007FF60D0105B2
?data@QByteArray@@QEAAPEADXZ.QT5CORE ref: 00007FF60D0105BC

Part of subcall function 00007FF60D010BD0: _stat64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 00007FF60D010C47
Part of subcall function 00007FF60D010BD0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF60D010C96

??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FF60D0105D5
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0105E0

Part of subcall function 00007FF60D00F740: ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z.MSVCP140 ref: 00007FF60D00F785

Part of subcall function 00007FF60D00F910: ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z.MSVCP140 ref: 00007FF60D00F955

Strings

/api/v1/line/(\d+)/disconnect, xrefs: 00007FF60D01067E
/api/v1/line/(\d+)/resetbuffer, xrefs: 00007FF60D0106A9
/image.jpg, xrefs: 00007FF60D010628
/api/v1/hello, xrefs: 00007FF60D0105FD
/api/v1/crosslines, xrefs: 00007FF60D01072A
getWEBFolder: , xrefs: 00007FF60D010582
/api/v1/line/(\d+)/streamid, xrefs: 00007FF60D0106D4, 00007FF60D0106FF
/WEB, xrefs: 00007FF60D01050E
/api/v1/read, xrefs: 00007FF60D010653

Memory Dump Source

Source File: 0000000F.00000002.3088052427.00007FF60CFC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF60CFC0000, based on PE: true

Associated: 0000000F.00000002.3088035517.00007FF60CFC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088110305.00007FF60D086000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088157309.00007FF60D101000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088175807.00007FF60D104000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088193777.00007FF60D108000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088211068.00007FF60D10B000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff60cfc0000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Array@@Byte$Debug@@$Init@locale@std@@Locimp@12@_Logger@@MessageV0@@$?append@?application?data@?debug@?fromApplication@@Bit@CoreLocal8Path@String@@@Utf8@V1@@_invalid_parameter_noinfo_noreturn_stat64i32
String ID: /WEB$/api/v1/crosslines$/api/v1/hello$/api/v1/line/(\d+)/disconnect$/api/v1/line/(\d+)/resetbuffer$/api/v1/line/(\d+)/streamid$/api/v1/read$/image.jpg$getWEBFolder:
API String ID: 4255260187-296516890
Opcode ID: 8e7436b6fcd4fdc078b7c5c834cbfa2da7d59dc10842da190a3aec3a0569fcc5
Instruction ID: 70cd17686daad07f63007461d4806463f8c89ebadeb2a01d76cf44b8042789c2
Opcode Fuzzy Hash: 8e7436b6fcd4fdc078b7c5c834cbfa2da7d59dc10842da190a3aec3a0569fcc5
Instruction Fuzzy Hash: 2471FD32A05B42E9EB11DF61E8441EC3774FF44358FA41236DA4E92A68FF78D69AC344

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62F5780 Relevance: 47.4, APIs: 24, Strings: 3, Instructions: 143registrywindowCOMMON

Download Yara Rule

APIs

??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF62F57AE
RegOpenKeyExW.ADVAPI32 ref: 00007FFDF62F57D5
memset.VCRUNTIME140 ref: 00007FFDF62F57FF
RegQueryValueExW.ADVAPI32 ref: 00007FFDF62F5829
?fromWCharArray@QString@@SA?AV1@PEB_WH@Z.QT5CORE ref: 00007FFDF62F5842
??4QUrl@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62F5850
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F585B
RegCloseKey.ADVAPI32 ref: 00007FFDF62F5866
?isEmpty@QString@@QEBA_NXZ.QT5CORE ref: 00007FFDF62F5871
??0QFile@@QEAA@AEBVQString@@@Z.QT5CORE ref: 00007FFDF62F5889
?open@QFile@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z.QT5CORE ref: 00007FFDF62F58A1
?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF62F58B3
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF62F58D7
?warning@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF62F58E5
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F58F5
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FFDF62F5903
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62F590E
??1QFile@@UEAA@XZ.QT5CORE ref: 00007FFDF62F5919
?readAll@QIODevice@@QEAA?AVQByteArray@@XZ.QT5CORE ref: 00007FFDF62F5939

Part of subcall function 00007FFDF62F3A40: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F3AB7
Part of subcall function 00007FFDF62F3A40: ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF62F3AC5

??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F59A7
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF62F59B5
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF62F59C0
??1QFile@@UEAA@XZ.QT5CORE ref: 00007FFDF62F59CB
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F59E6

Strings

EUDC\1252, xrefs: 00007FFDF62F57C7
SystemDefaultEUDCFont, xrefs: 00007FFDF62F5813
Unable to open default EUDC font:, xrefs: 00007FFDF62F58EE

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Debug@@File@@$?dispose@Array@@ByteData@1@@Data@@ListLogger@@MessageOpenString@@@$??0?$?from?open@?read?warning@All@Array@Category@@CharCloseDevice@@Device@@@@@Empty@Enabled@F@@@@Flag@Flags@H00@LoggingModePointQueryUrl@@V0@$$V0@@ValueVector@Warningmemset
String ID: EUDC\1252$SystemDefaultEUDCFont$Unable to open default EUDC font:
API String ID: 1216839686-3770364387
Opcode ID: ef8e345c9ef45600d100b9bd43e96832bf0336a106d90ca98e619bfae7d47cc6
Instruction ID: b1547f1ae60c468267b3d4fee29cab8ef1fbadb2366bdfd3cd2b888a28c4addc
Opcode Fuzzy Hash: ef8e345c9ef45600d100b9bd43e96832bf0336a106d90ca98e619bfae7d47cc6
Instruction Fuzzy Hash: 2B616232718A82D3EB109F65E8649AA73A4FF90794F444132DA9E43EADDF3CD549C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62A19A0 Relevance: 40.4, APIs: 14, Strings: 9, Instructions: 165COMMON

Download Yara Rule

APIs

?flags@QWindow@@QEBA?AV?$QFlags@W4WindowType@Qt@@@@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,00007FFDF6293585), ref: 00007FFDF62A19CE
?property@QObject@@QEBA?AVQVariant@@PEBD@Z.QT5CORE ref: 00007FFDF62A1A1F
?toBool@QVariant@@QEBA_NXZ.QT5CORE ref: 00007FFDF62A1A28
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF62A1A44
??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF62A1A86
?append@QString@@QEAAAEAV1@VQLatin1String@@@Z.QT5CORE ref: 00007FFDF62A1AAF
?append@QString@@QEAAAEAV1@VQLatin1String@@@Z.QT5CORE ref: 00007FFDF62A1B07
?append@QString@@QEAAAEAV1@VQLatin1String@@@Z.QT5CORE ref: 00007FFDF62A1B36
?append@QString@@QEAAAEAV1@VQLatin1String@@@Z.QT5CORE ref: 00007FFDF62A1B65
?append@QString@@QEAAAEAV1@VQLatin1String@@@Z.QT5CORE ref: 00007FFDF62A1B94
?append@QString@@QEAAAEAV1@VQLatin1String@@@Z.QT5CORE ref: 00007FFDF62A1BC2
GetSysColorBrush.USER32 ref: 00007FFDF62A1BCD
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF62A1BDE
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62A1C0B

Strings

SaveBits, xrefs: 00007FFDF62A1B49
_q_windowsDropShadow, xrefs: 00007FFDF62A1A0B
DropShadow, xrefs: 00007FFDF62A1B1A
Popup, xrefs: 00007FFDF62A1AEB
Icon, xrefs: 00007FFDF62A1BA6
Tool, xrefs: 00007FFDF62A1ADB
ToolTip, xrefs: 00007FFDF62A1ACB
OwnDC, xrefs: 00007FFDF62A1B78
Qt5QWindow, xrefs: 00007FFDF62A1A93

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: String@@$?append@Latin1String@@@$Variant@@$??0?$?flags@?property@Array@@Bool@BrushByteColorF@@@@Flags@Object@@PointQt@@@@Type@V0@@Vector@WindowWindow@@
String ID: DropShadow$Icon$OwnDC$Popup$Qt5QWindow$SaveBits$Tool$ToolTip$_q_windowsDropShadow
API String ID: 3133559267-1001497984
Opcode ID: 75877db365945e7d2d582fddbeac82861bcf2c97084d64449190aed6ed1617d7
Instruction ID: 6f51549ece94cf65a1564ec43a24cec7921316cccf634be0a1d775347faaf88e
Opcode Fuzzy Hash: 75877db365945e7d2d582fddbeac82861bcf2c97084d64449190aed6ed1617d7
Instruction Fuzzy Hash: 7B718C32B04B12AAF7009FA4D8945FC33B9BB54768F444931DE6D52E98EFB8D288C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62FA440 Relevance: 40.4, APIs: 21, Strings: 2, Instructions: 122windowCOMMON

Download Yara Rule

APIs

?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF62FA466
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF62FA48B
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF62FA499
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FFDF62FA4A5
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62FA4B0
?length@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF62FA4B9
?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF62FA4D0
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF62FA51E
?warning@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF62FA52C
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62FA53C
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FFDF62FA548
??6QDebug@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FFDF62FA553
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62FA55E

Part of subcall function 00007FFDF62FA1D0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE ref: 00007FFDF62FA22C
Part of subcall function 00007FFDF62FA1D0: _Init_thread_footer.LIBCMT ref: 00007FFDF62FA245

GetDC.USER32 ref: 00007FFDF62FA573
?toWCharArray@QString@@QEBAHPEA_W@Z.QT5CORE ref: 00007FFDF62FA58F
?length@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF62FA598
EnumFontFamiliesExW.GDI32 ref: 00007FFDF62FA5D9
ReleaseDC.USER32 ref: 00007FFDF62FA5E4
?free_helper@QHashData@@QEAAXP6AXPEAUNode@1@@Z@Z.QT5CORE ref: 00007FFDF62FA61C
??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE ref: 00007FFDF62FA662
_Init_thread_footer.LIBCMT ref: 00007FFDF62FA67B

Strings

Unable to enumerate family ', xrefs: 00007FFDF62FA535
qt.qpa.fonts, xrefs: 00007FFDF62FA654

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$Category@@Logger@@LoggingMessage$String@@$?length@Enabled@H00@Init_thread_footerString@@@$?debug@?free_helper@?warning@Array@CharData@@DebugEnumFamiliesFontHashNode@1@@ReleaseWarning
String ID: Unable to enumerate family '$qt.qpa.fonts
API String ID: 3244261470-3558839791
Opcode ID: cb6cf8e06c2c2125a33903cd67acd959e604744acba50c775d728a0d0fa29dbc
Instruction ID: 3f08c82f30727b7ef48f26ea4d9a0d77a5a45807b109237427f4f0dec64b2df6
Opcode Fuzzy Hash: cb6cf8e06c2c2125a33903cd67acd959e604744acba50c775d728a0d0fa29dbc
Instruction Fuzzy Hash: 77515125B08647C2EB10AB74E874AB963A8FF94B45F458135D96E83EE9DF3CD049C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62A22B0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 117windowCOMMON

Download Yara Rule

APIs

?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF62A22C0
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF62A22E5
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF62A22F6
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62A2306
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE ref: 00007FFDF62A2311
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62A231F
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF62A2373
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FFDF62A23C3
?warning@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF62A23D4
?noquote@QDebug@@QEAAAEAV1@XZ.QT5CORE ref: 00007FFDF62A23DD
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62A2406
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE ref: 00007FFDF62A2411
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62A2421
??6QDebug@@QEAAAEAV0@AEBVQByteArray@@@Z.QT5CORE ref: 00007FFDF62A242D
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62A243D
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE ref: 00007FFDF62A2448
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62A2456
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF62A2461

Part of subcall function 00007FFDF62A1690: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,00000000,00007FFDF62914BE), ref: 00007FFDF62A16EC
Part of subcall function 00007FFDF62A1690: _Init_thread_footer.LIBCMT ref: 00007FFDF62A1705

Strings

) failed: , xrefs: 00007FFDF62A241A
SetProcessDPIAware() failed, xrefs: 00007FFDF62A2495
SetProcessDpiAwareness(, xrefs: 00007FFDF62A23F9
QWindowsContext::setProcessDpiAwareness, xrefs: 00007FFDF62A22FF
, using , xrefs: 00007FFDF62A2436

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$Logger@@Message$Category@@Logging$ByteDebugEnabled@$?debug@?noquote@?warning@Array@@Array@@@H00@Init_thread_footer
String ID: ) failed: $, using $QWindowsContext::setProcessDpiAwareness$SetProcessDPIAware() failed$SetProcessDpiAwareness(
API String ID: 172095700-2330795746
Opcode ID: b0616860d3ff119c406ce881539768ffe182f8c807bcb98c5df8e73876c4ef31
Instruction ID: 5d4bccb9ad90fdfffb412672bfc307d7b4e43c4a678bb420bacd975c6d204433
Opcode Fuzzy Hash: b0616860d3ff119c406ce881539768ffe182f8c807bcb98c5df8e73876c4ef31
Instruction Fuzzy Hash: 22518921B0974292EB14AB61F824BB923E9BF84B80F494035D96D87FEDEF7CE4458300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6295740 Relevance: 36.9, APIs: 20, Strings: 1, Instructions: 155windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF6294960: GetWindowPlacement.USER32 ref: 00007FFDF62949BE
Part of subcall function 00007FFDF6294960: ??0QRect@@QEAA@AEBVQPoint@@AEBVQSize@@@Z.QT5CORE ref: 00007FFDF62949F2
Part of subcall function 00007FFDF6294960: ?translated@QRect@@QEBA?AV1@AEBVQPoint@@@Z.QT5CORE ref: 00007FFDF6294A1E

?marginsRemoved@QRect@@QEBA?AV1@AEBVQMargins@@@Z.QT5CORE ref: 00007FFDF6295782
?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF62957A1
?size@QRect@@QEBA?AVQSize@@XZ.QT5CORE ref: 00007FFDF62957F8
??0QRect@@QEAA@AEBVQPoint@@AEBVQSize@@@Z.QT5CORE ref: 00007FFDF629584C
??0QRegion@@QEAA@AEBVQRect@@W4RegionType@0@@Z.QT5GUI ref: 00007FFDF629585C
?isEmpty@QRegion@@QEBA_NXZ.QT5GUI ref: 00007FFDF6295866
?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF6295876
??$handleExposeEvent@UDefaultDelivery@QWindowSystemInterface@@@QWindowSystemInterface@@SAXPEAVQWindow@@AEBVQRegion@@@Z.QT5GUI ref: 00007FFDF6295883
??1QRegion@@QEAA@XZ.QT5GUI ref: 00007FFDF629588C
?flushWindowSystemEvents@QWindowSystemInterface@@SA_NV?$QFlags@W4ProcessEventsFlag@QEventLoop@@@@@Z.QT5GUI ref: 00007FFDF62958BC
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF62958D5
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF62958FD
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF629590A
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF629591A
?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF629592D
??6@YA?AVQDebug@@V0@PEBVQPlatformSurface@@@Z.QT5GUI ref: 00007FFDF6295941
??6@YA?AVQDebug@@V0@PEBVQWindow@@@Z.QT5GUI ref: 00007FFDF6295951
??6@YA?AVQDebug@@V0@AEBVQRect@@@Z.QT5CORE ref: 00007FFDF6295962
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF629596C
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF6295976

Strings

QWindowsWindow::handleGeometryChange, xrefs: 00007FFDF6295913

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@Window@@$Rect@@$Window$PlatformSystem$??6@?window@Region@@$Interface@@Logger@@MessagePoint@@Size@@@$??$handle?debug@?flush?margins?size@?translated@Category@@DebugDefaultDelivery@Empty@Enabled@EventEvent@EventsEvents@ExposeFlag@Flags@H00@Interface@@@LoggingLoop@@@@@Margins@@@PlacementPoint@@@ProcessRect@@@RegionRegion@@@Removed@Size@@Surface@@@Type@0@@Window@@@
String ID: QWindowsWindow::handleGeometryChange
API String ID: 733305306-3577234724
Opcode ID: 0e34cd8cd6c0b83daf480887591fe9bd4afa12b8c3daf7870e6fd29293d99924
Instruction ID: 68ddf9efa709a27a6860768e3a1b6182995d12d4e50956b577e38777dada452a
Opcode Fuzzy Hash: 0e34cd8cd6c0b83daf480887591fe9bd4afa12b8c3daf7870e6fd29293d99924
Instruction Fuzzy Hash: 6F613C33B04A069BEB04DF78D5A45EC33A4FB84788B448131DA5E57E99EF38E559C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62BE400 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 91windowCOMMON

Download Yara Rule

APIs

?focusObject@QGuiApplication@@SAPEAVQObject@@XZ.QT5GUI ref: 00007FFDF62BE409
?focusWindow@QGuiApplication@@SAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF62BE41D
?mimeData@QDrag@@QEBAPEAVQMimeData@@XZ.QT5GUI ref: 00007FFDF62BE432
?type@QWindow@@QEBA?AW4WindowType@Qt@@XZ.QT5GUI ref: 00007FFDF62BE444
?mimeData@QDrag@@QEBAPEAVQMimeData@@XZ.QT5GUI ref: 00007FFDF62BE456
?mimeData@QDrag@@QEBAPEAVQMimeData@@XZ.QT5GUI ref: 00007FFDF62BE473
?inputMethodAccepted@QPlatformInputContext@@QEBA_NXZ.QT5GUI ref: 00007FFDF62BE488
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF62BE4A6
ImmAssociateContext.IMM32 ref: 00007FFDF62BE576

Part of subcall function 00007FFDF62A1330: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE ref: 00007FFDF62A138C
Part of subcall function 00007FFDF62A1330: _Init_thread_footer.LIBCMT ref: 00007FFDF62A13A5

??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF62BE4CF
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF62BE4DD
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62BE4ED
?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF62BE501
??6@YA?AVQDebug@@V0@PEBVQWindow@@@Z.QT5GUI ref: 00007FFDF62BE514
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62BE524
??6QDebug@@QEAAAEAV0@_N@Z.QT5CORE ref: 00007FFDF62BE531
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62BE53C
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62BE547

Strings

QWindowsInputContext::updateEnabled, xrefs: 00007FFDF62BE4E6
accepted=, xrefs: 00007FFDF62BE51D

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$Window@@$?mimeData@Data@@Drag@@Mime$?focusApplication@@Category@@Logger@@LoggingMessagePlatform$??6@?debug@?input?type@?window@Accepted@AssociateContextContext@@DebugEnabled@H00@Init_thread_footerInputMethodObject@Object@@Qt@@Type@V0@_WindowWindow@Window@@@
String ID: QWindowsInputContext::updateEnabled$accepted=
API String ID: 1867459339-1051743838
Opcode ID: 791a1fdacafdba55d21f533b1998f026f014d065960e18d7f604d4f16d7f4661
Instruction ID: f4d3b11d270581520bd6ca173908eb2558a99fc9d716ceadbba792fc0643cdb0
Opcode Fuzzy Hash: 791a1fdacafdba55d21f533b1998f026f014d065960e18d7f604d4f16d7f4661
Instruction Fuzzy Hash: CA415332F09A0283EB54AB65E8749B923E5FF84B91F484035D96E47FE9EE2CE445C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62A5390 Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 300windowCOMMON

Download Yara Rule

APIs

EnumDisplayMonitors.USER32 ref: 00007FFDF62A53C3
??8@YA_NAEBVQString@@0@Z.QT5CORE ref: 00007FFDF62A5477
??0QPlatformScreen@@QEAA@XZ.QT5GUI ref: 00007FFDF62A54A7
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE ref: 00007FFDF62A5516
memmove.VCRUNTIME140 ref: 00007FFDF62A555D
memmove.VCRUNTIME140 ref: 00007FFDF62A55A8
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF62A55C9
?append@QListData@@QEAAPEAPEAXXZ.QT5CORE ref: 00007FFDF62A5625
?handleScreenAdded@QWindowSystemInterface@@SAXPEAVQPlatformScreen@@_N@Z.QT5GUI ref: 00007FFDF62A5639
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF62A5647
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF62A566C
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF62A567A
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62A568A
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62A56B2
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62A56BD
??8@YA_NAEBVQString@@0@Z.QT5CORE ref: 00007FFDF62A5733
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62A57F1
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF62A580C

Strings

New Monitor: , xrefs: 00007FFDF62A5683

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Data@@Debug@@List$??8@?dispose@Data@1@@Logger@@MessagePlatformString@@0@memmove$?append@?debug@?detach_grow@?handleAdded@Category@@Data@1@DebugDisplayEnabled@EnumH00@Interface@@LoggingMonitorsScreenScreen@@Screen@@_String@@SystemWindow
String ID: New Monitor:
API String ID: 2686493274-2490063001
Opcode ID: 4bf9eab38f14c2641e7a43df18a7714a47cd0acbaefbed381e413119bb1be820
Instruction ID: 39def677a5d07352c7f5c9c5e44922afddb53762b949abe06b3c3e3c4fa0229c
Opcode Fuzzy Hash: 4bf9eab38f14c2641e7a43df18a7714a47cd0acbaefbed381e413119bb1be820
Instruction Fuzzy Hash: 63D1C632B18A8292DB10DF64D460ABE77A5FB81B94F058132DA6D57BE9DF7CD445C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62FC2C0 Relevance: 33.2, APIs: 22, Instructions: 165COMMON

Download Yara Rule

APIs

?fromWCharArray@QString@@SA?AV1@PEB_WH@Z.QT5CORE ref: 00007FFDF62FC2F7
?fromWCharArray@QString@@SA?AV1@PEB_WH@Z.QT5CORE ref: 00007FFDF62FC30B
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF62FC330
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF62FC33E
?qHash@@YAIAEBVQString@@I@Z.QT5CORE ref: 00007FFDF62FC355
?qHash@@YAIAEBVQString@@I@Z.QT5CORE ref: 00007FFDF62FC363
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FC38B
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FC395
?detach_helper@QHashData@@QEAAPEAU1@P6AXPEAUNode@1@PEAX@ZP6AX0@ZHH@Z.QT5CORE ref: 00007FFDF62FC3C7
?free_helper@QHashData@@QEAAXP6AXPEAUNode@1@@Z@Z.QT5CORE ref: 00007FFDF62FC3F8
?qHash@@YAIAEBVQString@@I@Z.QT5CORE ref: 00007FFDF62FC40D
?qHash@@YAIAEBVQString@@I@Z.QT5CORE ref: 00007FFDF62FC41B
?willGrow@QHashData@@QEAA_NXZ.QT5CORE ref: 00007FFDF62FC447
?allocateNode@QHashData@@QEAAPEAXH@Z.QT5CORE ref: 00007FFDF62FC46B
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF62FC486
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF62FC494
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FC4A7
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FC4B1
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF62FC4C7
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF62FC4D8
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FC4FD
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FC507

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Array@@ByteV0@@$Data@@HashHash@@$?fromArray@Char$?allocate?detach_helper@?free_helper@?willGrow@Node@Node@1@Node@1@@
String ID:
API String ID: 939731722-0
Opcode ID: 2bab91701eeb22162f8036f84dd80cc3a28acd9805e6fd0ddc131cad3741c3e3
Instruction ID: fbff4a7577bfb62efecb41c5a42fff7a9296014e5841f1b364079ec4e2b64c18
Opcode Fuzzy Hash: 2bab91701eeb22162f8036f84dd80cc3a28acd9805e6fd0ddc131cad3741c3e3
Instruction Fuzzy Hash: FC717E36B04A5296EB10DFA5E8608ED77B4FB94B94B458031CE2E93EA9DF38D549C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF629B5E0 Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 148windowCOMMON

Download Yara Rule

APIs

?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF629B61B
?flags@QWindow@@QEBA?AV?$QFlags@W4WindowType@Qt@@@@XZ.QT5GUI ref: 00007FFDF629B62C
?type@QWindow@@QEBA?AW4WindowType@Qt@@XZ.QT5GUI ref: 00007FFDF629B635
?isTopLevel@QWindow@@QEBA_NXZ.QT5GUI ref: 00007FFDF629B640
?windowStates@QWindow@@QEBA?AV?$QFlags@W4WindowState@Qt@@@@XZ.QT5GUI ref: 00007FFDF629B656
IsWindowVisible.USER32 ref: 00007FFDF629B66C
GetWindowLongPtrW.USER32 ref: 00007FFDF629B6D3
?property@QObject@@QEBA?AVQVariant@@PEBD@Z.QT5CORE ref: 00007FFDF629B705
?toBool@QVariant@@QEBA_NXZ.QT5CORE ref: 00007FFDF629B71A
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF629B731
?windowStates@QWindow@@QEBA?AV?$QFlags@W4WindowState@Qt@@@@XZ.QT5GUI ref: 00007FFDF629B749
ShowWindow.USER32 ref: 00007FFDF629B761
GetWindowLongPtrW.USER32 ref: 00007FFDF629B787
SetWindowPos.USER32 ref: 00007FFDF629B7B9
GetWindowPlacement.USER32 ref: 00007FFDF629B7D8
SetWindowPlacement.USER32 ref: 00007FFDF629B7EF

Strings

,, xrefs: 00007FFDF629B7D0
_q_showWithoutActivating, xrefs: 00007FFDF629B6F6

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Window$Window@@$Flags@Qt@@@@Variant@@$?windowLongPlacementState@States@Type@$?flags@?property@?type@?window@Bool@Level@Object@@PlatformQt@@ShowVisible
String ID: ,$_q_showWithoutActivating
API String ID: 1492462161-3675458727
Opcode ID: 5b84b9ad4c640b734f049e9d2e8acc3a4fe4a5611cfce2b08158ea28a21a1074
Instruction ID: 7fe3678ceb6cf7bd377287ed40f0742254f0e2e368d4806c1f6fa6ceb6b5ddeb
Opcode Fuzzy Hash: 5b84b9ad4c640b734f049e9d2e8acc3a4fe4a5611cfce2b08158ea28a21a1074
Instruction Fuzzy Hash: E151AF22B0864282EB509F61E464BBE63A4FBC5B99F584130CE6E87ADDCF3CE445D700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62C14C0 Relevance: 31.6, APIs: 21, Instructions: 140COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF62BF310: ??1QFont@@QEAA@XZ.QT5GUI(?,00000246C821BF60,?,00007FFDF62C14EE), ref: 00007FFDF62BF36B

?desktopSettingsAware@QGuiApplication@@SA_NXZ.QT5GUI ref: 00007FFDF62C14EE

Part of subcall function 00007FFDF62A1730: memset.VCRUNTIME140(?,?,?,?,00000246C821BF60,00007FFDF62C150F), ref: 00007FFDF62A1747

Part of subcall function 00007FFDF62F4B40: ?fromWCharArray@QString@@SA?AV1@PEB_WH@Z.QT5CORE(?,?,?,?,00000246C821BF60,00007FFDF62C1522), ref: 00007FFDF62F4B71
Part of subcall function 00007FFDF62F4B40: ??0QFont@@QEAA@AEBVQString@@HH_N@Z.QT5GUI ref: 00007FFDF62F4B89
Part of subcall function 00007FFDF62F4B40: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F4B94
Part of subcall function 00007FFDF62F4B40: ?setStyle@QFont@@QEAAXW4Style@1@@Z.QT5GUI ref: 00007FFDF62F4BA5
Part of subcall function 00007FFDF62F4B40: ?weightFromInteger@QPlatformFontDatabase@@SA?AW4Weight@QFont@@H@Z.QT5GUI ref: 00007FFDF62F4BB2
Part of subcall function 00007FFDF62F4B40: ?setWeight@QFont@@QEAAXH@Z.QT5GUI ref: 00007FFDF62F4BBD
Part of subcall function 00007FFDF62F4B40: ?setPointSizeF@QFont@@QEAAXN@Z.QT5GUI ref: 00007FFDF62F4BE9
Part of subcall function 00007FFDF62F4B40: ?setUnderline@QFont@@QEAAX_N@Z.QT5GUI ref: 00007FFDF62F4BF9
Part of subcall function 00007FFDF62F4B40: ?setOverline@QFont@@QEAAX_N@Z.QT5GUI ref: 00007FFDF62F4C04
Part of subcall function 00007FFDF62F4B40: ?setStrikeOut@QFont@@QEAAX_N@Z.QT5GUI ref: 00007FFDF62F4C14

?pointSize@QFont@@QEBAHXZ.QT5GUI ref: 00007FFDF62C1566
??0QFont@@QEAA@AEBVQString@@HH_N@Z.QT5GUI ref: 00007FFDF62C1591
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62C159C
?setStyleHint@QFont@@QEAAXW4StyleHint@1@W4StyleStrategy@1@@Z.QT5GUI ref: 00007FFDF62C15B0
SystemParametersInfoW.USER32 ref: 00007FFDF62C15C4

Part of subcall function 00007FFDF6380E9C: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDF6291204), ref: 00007FFDF6380EB6

Part of subcall function 00007FFDF62FC530: GetObjectW.GDI32 ref: 00007FFDF62FC569
Part of subcall function 00007FFDF62FC530: ?fromWCharArray@QString@@SA?AV1@PEB_WH@Z.QT5CORE ref: 00007FFDF62FC582
Part of subcall function 00007FFDF62FC530: ??0QFont@@QEAA@AEBVQString@@HH_N@Z.QT5GUI ref: 00007FFDF62FC59A
Part of subcall function 00007FFDF62FC530: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FC5A4
Part of subcall function 00007FFDF62FC530: ?setStyle@QFont@@QEAAXW4Style@1@@Z.QT5GUI ref: 00007FFDF62FC5B5
Part of subcall function 00007FFDF62FC530: ?weightFromInteger@QPlatformFontDatabase@@SA?AW4Weight@QFont@@H@Z.QT5GUI ref: 00007FFDF62FC5C2
Part of subcall function 00007FFDF62FC530: ?setWeight@QFont@@QEAAXH@Z.QT5GUI ref: 00007FFDF62FC5CD
Part of subcall function 00007FFDF62FC530: ?setPointSizeF@QFont@@QEAAXN@Z.QT5GUI ref: 00007FFDF62FC5FB
Part of subcall function 00007FFDF62FC530: ?setUnderline@QFont@@QEAAX_N@Z.QT5GUI ref: 00007FFDF62FC60B
Part of subcall function 00007FFDF62FC530: ?setOverline@QFont@@QEAAX_N@Z.QT5GUI ref: 00007FFDF62FC616
Part of subcall function 00007FFDF62FC530: ?setStrikeOut@QFont@@QEAAX_N@Z.QT5GUI ref: 00007FFDF62FC626
Part of subcall function 00007FFDF62FC530: ?family@QFont@@QEBA?AVQString@@XZ.QT5GUI ref: 00007FFDF62FC64E
Part of subcall function 00007FFDF62FC530: ??8QString@@QEBA_NVQLatin1String@@@Z.QT5CORE ref: 00007FFDF62FC65B
Part of subcall function 00007FFDF62FC530: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FC668
Part of subcall function 00007FFDF62FC530: ?setFamily@QFont@@QEAAXAEBVQString@@@Z.QT5GUI ref: 00007FFDF62FC68A
Part of subcall function 00007FFDF62FC530: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FC694
Part of subcall function 00007FFDF62FC530: ?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF62FC6A2

Part of subcall function 00007FFDF6380E9C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFDF6380ED2

??0QFont@@QEAA@AEBV0@@Z.QT5GUI ref: 00007FFDF62C1604
??0QFont@@QEAA@AEBV0@@Z.QT5GUI ref: 00007FFDF62C1622
??0QFont@@QEAA@AEBV0@@Z.QT5GUI ref: 00007FFDF62C1641
??0QFont@@QEAA@AEBV0@@Z.QT5GUI ref: 00007FFDF62C1660
??0QFont@@QEAA@AEBV0@@Z.QT5GUI ref: 00007FFDF62C167F
??0QFont@@QEAA@AEBV0@@Z.QT5GUI ref: 00007FFDF62C169E
??0QFont@@QEAA@AEBV0@@Z.QT5GUI ref: 00007FFDF62C16BD
??0QFont@@QEAA@AEBV0@@Z.QT5GUI ref: 00007FFDF62C16DB
??0QFont@@QEAA@AEBV0@@Z.QT5GUI ref: 00007FFDF62C16FA
??1QFont@@QEAA@XZ.QT5GUI ref: 00007FFDF62C170B
??1QFont@@QEAA@XZ.QT5GUI ref: 00007FFDF62C1716
??1QFont@@QEAA@XZ.QT5GUI ref: 00007FFDF62C1721
??1QFont@@QEAA@XZ.QT5GUI ref: 00007FFDF62C172C
??1QFont@@QEAA@XZ.QT5GUI ref: 00007FFDF62C1737
??1QFont@@QEAA@XZ.QT5GUI ref: 00007FFDF62C1741

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Font@@$?set$String@@$V0@@$Weight@$Style$?from?weightArray@CharDatabase@@FontFromInteger@Out@Overline@PlatformPointSizeStrikeString@@@Style@Style@1@@Underline@$?desktop?family@?pointApplication@@Aware@Category@@Concurrency::cancel_current_taskDebugEnabled@Family@Hint@Hint@1@InfoLatin1LoggingObjectParametersSettingsSize@Strategy@1@@Systemmallocmemset
String ID:
API String ID: 2877009166-0
Opcode ID: 7a339a32c99e6fc5fb08164172b985cb3e08ee42f4703974b16d904209106ea1
Instruction ID: a54a7b8051456899c85a115f9a023584abe8467119d2d0ffb14574774efa2033
Opcode Fuzzy Hash: 7a339a32c99e6fc5fb08164172b985cb3e08ee42f4703974b16d904209106ea1
Instruction Fuzzy Hash: F0615D32B08B4693EB44EBB0E864BE963A4FB85744F845431D69E07AD9DFBCE548C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF629C530 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 111windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF629E380: ?qgetenv@@YA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,00000000,00007FFDF629C54F,?,?,?,?,?,?,?,?,?,00007FFDF629C4DF), ref: 00007FFDF629E3B1
Part of subcall function 00007FFDF629E380: ?fromLocal8Bit@QString@@SA?AV1@AEBVQByteArray@@@Z.QT5CORE(?,?,00000000,00007FFDF629C54F,?,?,?,?,?,?,?,?,?,00007FFDF629C4DF), ref: 00007FFDF629E3CC
Part of subcall function 00007FFDF629E380: ?setFilterRules@QLoggingCategory@@SAXAEBVQString@@@Z.QT5CORE(?,?,00000000,00007FFDF629C54F,?,?,?,?,?,?,?,?,?,00007FFDF629C4DF), ref: 00007FFDF629E3D5
Part of subcall function 00007FFDF629E380: ??1QString@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFDF629C54F,?,?,?,?,?,?,?,?,?,00007FFDF629C4DF), ref: 00007FFDF629E3E0
Part of subcall function 00007FFDF629E380: ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFDF629C54F,?,?,?,?,?,?,?,?,?,00007FFDF629C4DF), ref: 00007FFDF629E3EB

Part of subcall function 00007FFDF62E03A0: ??0QInternalMimeData@@QEAA@XZ.QT5GUI(?,?,?,00007FFDF629C55C,?,?,?,?,?,?,?,?,?,00007FFDF629C4DF), ref: 00007FFDF62E03BB
Part of subcall function 00007FFDF62E03A0: ?qAddPostRoutine@@YAXP6AXXZ@Z.QT5CORE(?,?,?,00007FFDF629C55C,?,?,?,?,?,?,?,?,?,00007FFDF629C4DF), ref: 00007FFDF62E03EB

Part of subcall function 00007FFDF62E1AD0: ??0QPlatformDrag@@QEAA@XZ.QT5GUI(?,?,?,00007FFDF629C565,?,?,?,?,?,?,?,?,?,00007FFDF629C4DF), ref: 00007FFDF62E1ADD
Part of subcall function 00007FFDF62E1AD0: ??0QInternalMimeData@@QEAA@XZ.QT5GUI(?,?,?,00007FFDF629C565,?,?,?,?,?,?,?,?,?,00007FFDF629C4DF), ref: 00007FFDF62E1AF1

??0QMutex@@QEAA@W4RecursionMode@0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF629C4DF), ref: 00007FFDF629C56E

Part of subcall function 00007FFDF62E7000: ??0QPlatformAccessibility@@QEAA@XZ.QT5GUI(?,?,00000000,00007FFDF629C58E,?,?,?,?,?,?,?,?,?,00007FFDF629C4DF), ref: 00007FFDF62E7009

??0QPlatformServices@@QEAA@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,00007FFDF629C4DF), ref: 00007FFDF629C595

Part of subcall function 00007FFDF62F2A70: ?qRegisterResourceData@@YA_NHPEBE00@Z.QT5CORE(?,?,?,?,00007FFDF629C5AE,?,?,?,?,?,?,?,?,?,00007FFDF629C4DF), ref: 00007FFDF62F2A8E

Part of subcall function 00007FFDF629D9D0: ?startsWith@QString@@QEBA_NVQLatin1String@@W4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FFDF629DA62
Part of subcall function 00007FFDF629D9D0: ?endsWith@QString@@QEBA_NVQLatin1String@@W4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FFDF629DAAB

?setAttribute@QCoreApplication@@SAXW4ApplicationAttribute@Qt@@_N@Z.QT5CORE ref: 00007FFDF629C5F3
?testAttribute@QCoreApplication@@SA_NW4ApplicationAttribute@Qt@@@Z.QT5CORE ref: 00007FFDF629C62B
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF629C64E
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF629C67E
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF629C68F
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF629C69F
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF629C6AF
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE ref: 00007FFDF629C6BC
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF629C6CC
??6QDebug@@QEAAAEAV0@J@Z.QT5CORE ref: 00007FFDF629C6D7
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF629C6E5
?setCapability@QPlatformCursor@@SAXW4Capability@1@@Z.QT5GUI ref: 00007FFDF629C702

Strings

QWindowsIntegrationPrivate::QWindowsIntegrationPrivate, xrefs: 00007FFDF629C698
effective process DPI awareness=, xrefs: 00007FFDF629C6C5
DpiAwareness=, xrefs: 00007FFDF629C6A8

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$String@@$Attribute@Platform$?setByteData@@Qt@@@$ApplicationApplication@@Array@@CaseCategory@@CoreInternalLatin1Logger@@LoggingMessageMimeSensitivity@With@$?debug@?ends?from?qgetenv@@?starts?testAccessibility@@Array@@@Bit@Capability@Capability@1@@Cursor@@DebugDrag@@E00@Enabled@FilterH00@Local8Mode@0@@Mutex@@PostQt@@_RecursionRegisterResourceRoutine@@Rules@Services@@String@@@
String ID: DpiAwareness=$QWindowsIntegrationPrivate::QWindowsIntegrationPrivate$effective process DPI awareness=
API String ID: 810104716-2489009734
Opcode ID: 1aaaf8a89bd3a649de80d94fbc0c01564f1bfaaa373417d5d31dabefc8c7a476
Instruction ID: 703d4eac5db09df3ffbfdafdfb18fc3e1c872caed8f20f9a9215c42a7abb3031
Opcode Fuzzy Hash: 1aaaf8a89bd3a649de80d94fbc0c01564f1bfaaa373417d5d31dabefc8c7a476
Instruction Fuzzy Hash: 94514F32B0864293EB14AB70E460AB973A9FF80744F448135D6AE83EDADF7CE509C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66EBFC0 Relevance: 29.8, APIs: 11, Strings: 6, Instructions: 67COMMON

Download Yara Rule

APIs

??0QObject@@QEAA@PEAV0@@Z.QT5CORE(?,?,?,?,?,00007FFDF6683517,?,?,00000000,00007FFDF6683297), ref: 00007FFDF66EBFCD

Part of subcall function 00007FFDF66EC500: ?lock@QMutex@@QEAAXXZ.QT5CORE(?,?,?,?,?,?,00007FFDF66EBFE2,?,?,?,?,?,00007FFDF6683517,?,?,00000000), ref: 00007FFDF66EC564
Part of subcall function 00007FFDF66EC500: ?currentThread@QThread@@SAPEAV1@XZ.QT5CORE ref: 00007FFDF66EC593
Part of subcall function 00007FFDF66EC500: ?mainThread@QCoreApplicationPrivate@@SAPEAVQThread@@XZ.QT5CORE ref: 00007FFDF66EC59C
Part of subcall function 00007FFDF66EC500: ?qAddPreRoutine@@YAXP6AXXZ@Z.QT5CORE ref: 00007FFDF66EC5AE
Part of subcall function 00007FFDF66EC500: ?qAddPostRoutine@@YAXP6AXXZ@Z.QT5CORE ref: 00007FFDF66EC5BB
Part of subcall function 00007FFDF66EC500: ?unlock@QMutexLocker@@QEAAXXZ.QT5CORE ref: 00007FFDF66EC653

?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE(?,?,?,?,?,00007FFDF6683517,?,?,00000000,00007FFDF6683297), ref: 00007FFDF66EC010
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FFDF6683517,?,?,00000000,00007FFDF6683297), ref: 00007FFDF66EC01B
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE(?,?,?,?,?,00007FFDF6683517,?,?,00000000,00007FFDF6683297), ref: 00007FFDF66EC03C
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FFDF6683517,?,?,00000000,00007FFDF6683297), ref: 00007FFDF66EC047
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE(?,?,?,?,?,00007FFDF6683517,?,?,00000000,00007FFDF6683297), ref: 00007FFDF66EC068
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FFDF6683517,?,?,00000000,00007FFDF6683297), ref: 00007FFDF66EC073
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE(?,?,?,?,?,00007FFDF6683517,?,?,00000000,00007FFDF6683297), ref: 00007FFDF66EC094
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FFDF6683517,?,?,00000000,00007FFDF6683297), ref: 00007FFDF66EC09F
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE(?,?,?,?,?,00007FFDF6683517,?,?,00000000,00007FFDF6683297), ref: 00007FFDF66EC0C7
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FFDF6683517,?,?,00000000,00007FFDF6683297), ref: 00007FFDF66EC0D2

Part of subcall function 00007FFDF66EFC40: ?lock@QMutex@@QEAAXXZ.QT5CORE ref: 00007FFDF66EFC65
Part of subcall function 00007FFDF66EFC40: ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66EFC89
Part of subcall function 00007FFDF66EFC40: ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66EFCA0
Part of subcall function 00007FFDF66EFC40: ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66EFCB7
Part of subcall function 00007FFDF66EFC40: ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66EFCCD
Part of subcall function 00007FFDF66EFC40: ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66EFCE3
Part of subcall function 00007FFDF66EFC40: ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66EFCF9
Part of subcall function 00007FFDF66EFC40: ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66EFD0F
Part of subcall function 00007FFDF66EFC40: ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66EFD25
Part of subcall function 00007FFDF66EFC40: ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66EFD3E
Part of subcall function 00007FFDF66EFC40: ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66EFD57
Part of subcall function 00007FFDF66EFC40: ?invokeMethod@QMetaObject@@SA_NPEAVQObject@@PEBDVQGenericArgument@@222222222@Z.QT5CORE ref: 00007FFDF66EFDC0
Part of subcall function 00007FFDF66EFC40: ?unlock@QMutexLocker@@QEAAXXZ.QT5CORE ref: 00007FFDF66EFDCD

Strings

2configurationRemoved(QNetworkConfiguration), xrefs: 00007FFDF66EC021
2configurationAdded(QNetworkConfiguration), xrefs: 00007FFDF66EBFEE
2configurationChanged(QNetworkConfiguration), xrefs: 00007FFDF66EC04D
2onlineStateChanged(bool), xrefs: 00007FFDF66EC079
2updateCompleted(), xrefs: 00007FFDF66EC0A5
2configurationUpdateComplete(), xrefs: 00007FFDF66EC0B8

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Object@@$GenericMeta$Argument@@Connection@Return$?connect@ConnectionQt@@@Type@$?lock@?unlock@Locker@@MutexMutex@@Routine@@Thread@Thread@@$?current?invoke?mainApplicationArgument@@222222222@CoreMethod@PostPrivate@@V0@@
String ID: 2configurationAdded(QNetworkConfiguration)$2configurationChanged(QNetworkConfiguration)$2configurationRemoved(QNetworkConfiguration)$2configurationUpdateComplete()$2onlineStateChanged(bool)$2updateCompleted()
API String ID: 3270969667-3342877338
Opcode ID: ce0c0b5bca2eafb7d167724e60653c25c92909a4ca7c1c4a114ea8042eaf994e
Instruction ID: ae6331bbded37a376dc5c137eb337eee5b04d3467487fe56a97d324ce306399f
Opcode Fuzzy Hash: ce0c0b5bca2eafb7d167724e60653c25c92909a4ca7c1c4a114ea8042eaf994e
Instruction Fuzzy Hash: 5C310F71618B4292DB108F40F8744AA7378FB99B84F540176EA9D43EACEF3DDA49C744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66EC500 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 84threadCOMMON

Download Yara Rule

APIs

?lock@QMutex@@QEAAXXZ.QT5CORE(?,?,?,?,?,?,00007FFDF66EBFE2,?,?,?,?,?,00007FFDF6683517,?,?,00000000), ref: 00007FFDF66EC564
?currentThread@QThread@@SAPEAV1@XZ.QT5CORE ref: 00007FFDF66EC593
?mainThread@QCoreApplicationPrivate@@SAPEAVQThread@@XZ.QT5CORE ref: 00007FFDF66EC59C
?qAddPreRoutine@@YAXP6AXXZ@Z.QT5CORE ref: 00007FFDF66EC5AE
?qAddPostRoutine@@YAXP6AXXZ@Z.QT5CORE ref: 00007FFDF66EC5BB
??0QObject@@QEAA@PEAV0@@Z.QT5CORE ref: 00007FFDF66EC5DD
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66EC613
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66EC61E

Part of subcall function 00007FFDF66EFE40: ??0QDaemonThread@@QEAA@PEAVQObject@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF66EBFE2), ref: 00007FFDF66EFE5F
Part of subcall function 00007FFDF66EFE40: ?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF66EBFE2), ref: 00007FFDF66EFE8F
Part of subcall function 00007FFDF66EFE40: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF66EBFE2), ref: 00007FFDF66EFE9A
Part of subcall function 00007FFDF66EFE40: ?mainThread@QCoreApplicationPrivate@@SAPEAVQThread@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF66EBFE2), ref: 00007FFDF66EFEA0
Part of subcall function 00007FFDF66EFE40: ?moveToThread@QObject@@QEAAXPEAVQThread@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF66EBFE2), ref: 00007FFDF66EFEAD
Part of subcall function 00007FFDF66EFE40: ?moveToThread@QObject@@QEAAXPEAVQThread@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF66EBFE2), ref: 00007FFDF66EFEBA
Part of subcall function 00007FFDF66EFE40: ?start@QThread@@QEAAXW4Priority@1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF66EBFE2), ref: 00007FFDF66EFEC9
Part of subcall function 00007FFDF66EFE40: ?lock@QMutex@@QEAAXXZ.QT5CORE ref: 00007FFDF66F0B45
Part of subcall function 00007FFDF66EFE40: ?sender@QObject@@IEBAPEAV1@XZ.QT5CORE ref: 00007FFDF66F0B78
Part of subcall function 00007FFDF66EFE40: ?cast@QMetaObject@@QEBAPEAVQObject@@PEAV2@@Z.QT5CORE ref: 00007FFDF66F0B88
Part of subcall function 00007FFDF66EFE40: ?qEnvironmentVariableIntValue@@YAHPEBDPEA_N@Z.QT5CORE ref: 00007FFDF66F0BB8
Part of subcall function 00007FFDF66EFE40: ?keyMap@QFactoryLoader@@QEBA?AV?$QMultiMap@HVQString@@@@XZ.QT5CORE ref: 00007FFDF66F0BD4
Part of subcall function 00007FFDF66EFE40: ?QStringList_contains@QtPrivate@@YA_NPEBVQStringList@@AEBVQString@@W4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FFDF66F0C21

?mainThread@QCoreApplicationPrivate@@SAPEAVQThread@@XZ.QT5CORE ref: 00007FFDF66EC62C
?moveToThread@QObject@@QEAAXPEAVQThread@@@Z.QT5CORE ref: 00007FFDF66EC638
?deleteLater@QObject@@QEAAXXZ.QT5CORE ref: 00007FFDF66EC641
?unlock@QMutexLocker@@QEAAXXZ.QT5CORE ref: 00007FFDF66EC653
??0QBasicMutex@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00007FFDF66EBFE2,?,?,?,?,?,00007FFDF6683517,?,?,00000000), ref: 00007FFDF66EC687
_Init_thread_footer.LIBCMT ref: 00007FFDF66EC694

Part of subcall function 00007FFDF6759290: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDF668328F), ref: 00007FFDF67592AA

Strings

1addPreAndPostRoutine(), xrefs: 00007FFDF66EC5FC
2destroyed(), xrefs: 00007FFDF66EC5F5

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Object@@$Thread@$Thread@@$Private@@$?main?moveApplicationCoreMetaMutex@@Thread@@@$?lock@Connection@Map@Qt@@@Routine@@StringString@@$?cast@?connect@?current?delete?key?sender@?set?start@?unlock@BasicCaseConnectionDaemonEnvironmentFactoryInit_thread_footerLater@List@@List_contains@Loader@@Locker@@MultiMutexName@ObjectObject@@@PostPriority@1@@Sensitivity@String@@@String@@@@Type@V0@@V2@@Value@@Variablemalloc
String ID: 1addPreAndPostRoutine()$2destroyed()
API String ID: 3334590629-3033731886
Opcode ID: d0639e72c20dba94b22da7b02865ac3df37fee5c5b3fc8a04fe91b36dadaa902
Instruction ID: 10e9cfa1a507cd274c8589bfba404d49d35d2e6a1786cea0a2dbb80b16db0441
Opcode Fuzzy Hash: d0639e72c20dba94b22da7b02865ac3df37fee5c5b3fc8a04fe91b36dadaa902
Instruction Fuzzy Hash: 4441E921B08A4282EB049B12E8749797369BF94B84F440175D96E43FEDEF3CE986CB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6294310 Relevance: 25.6, APIs: 17, Instructions: 142COMMON

Download Yara Rule

APIs

??4QUrl@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF6292E53), ref: 00007FFDF6294368
??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF6292E53), ref: 00007FFDF6294373
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF6292E53), ref: 00007FFDF629437E
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF6292E53), ref: 00007FFDF6294389
?screen@QWindow@@QEBAPEAVQScreen@@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF6292E53), ref: 00007FFDF62943C3
?primaryScreen@QGuiApplication@@SAPEAVQScreen@@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF6292E53), ref: 00007FFDF62943CB
?name@QScreen@@QEBA?AVQString@@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF6292E53), ref: 00007FFDF62943E4
??8@YA_NAEBVQString@@0@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF6292E53), ref: 00007FFDF62943F9
??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF6292E53), ref: 00007FFDF6294418
?virtualSiblings@QScreen@@QEBA?AV?$QList@PEAVQScreen@@@@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF6292E53), ref: 00007FFDF629443C
?name@QScreen@@QEBA?AVQString@@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF6292E53), ref: 00007FFDF629447E
??8@YA_NAEBVQString@@0@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF6292E53), ref: 00007FFDF629448E
??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF6292E53), ref: 00007FFDF629449F
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF6292E53), ref: 00007FFDF62944E2
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF6292E53), ref: 00007FFDF6294530
??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF6292E53), ref: 00007FFDF629455B
_Init_thread_footer.LIBCMT ref: 00007FFDF6294574

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Screen@@String@@$??8@?dispose@?name@Array@@ByteData@1@@Data@@ListString@@0@$??0?$?primary?screen@?virtualApplication@@F@@@@Init_thread_footerList@PointScreen@Screen@@@@Siblings@Url@@V0@$$V0@@Vector@Window@@
String ID:
API String ID: 2228891076-0
Opcode ID: 6baa4a2d016c6349babd76d74eb9b3f66e8f5f157f69613482467b8b877c0cf7
Instruction ID: 33fae447a06f3dd13c233f24377321b77690d7725120b13e6bbcf02d7ac3439a
Opcode Fuzzy Hash: 6baa4a2d016c6349babd76d74eb9b3f66e8f5f157f69613482467b8b877c0cf7
Instruction Fuzzy Hash: 4B617622B0894282EB60EF60E9605B963A5FFD1764F998131C96E43EEDDF2CE449D710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6298AC0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 101windowCOMMON

Download Yara Rule

APIs

?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF6298AD8
?qt_window_private@@YAPEAVQWindowPrivate@@PEAVQWindow@@@Z.QT5GUI ref: 00007FFDF6298AE1
?moveTopLeft@QRect@@QEAAXAEBVQPoint@@@Z.QT5CORE ref: 00007FFDF6298B17
IsWindowVisible.USER32 ref: 00007FFDF6298B82
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z.QT5CORE ref: 00007FFDF6298B8C
?toLocal8Bit@QString@@QEHAA?AVQByteArray@@XZ.QT5CORE ref: 00007FFDF6298BC3
??BQByteArray@@QEBAPEBDXZ.QT5CORE ref: 00007FFDF6298BCC
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FFDF6298BE1
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF6298BFB
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6298C05
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6298C0F
?setGeometry@QPlatformWindow@@UEAAXAEBVQRect@@@Z.QT5GUI ref: 00007FFDF6298C25

Strings

QWindowsWindow::setGeometry, xrefs: 00007FFDF6298BEA
%s: %s, xrefs: 00007FFDF6298BF4

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Array@@ByteWindow@@$Logger@@MessagePlatformString@@Window$?event?move?qt_window_private@@?set?warning@?window@Bit@Event@@@Filter@Geometry@Left@Local8Object@@Point@@@Private@@Rect@@Rect@@@VisibleWindow@@@
String ID: %s: %s$QWindowsWindow::setGeometry
API String ID: 727306446-1033964765
Opcode ID: 058320bbe16274536a071f36e1ca8c2ae4423131828c8a88502c188a538a8221
Instruction ID: 2a35d26b8b68eebd7ba693d2c9439cccdba30df285e044b4f95a38e7e51345e6
Opcode Fuzzy Hash: 058320bbe16274536a071f36e1ca8c2ae4423131828c8a88502c188a538a8221
Instruction Fuzzy Hash: 4D410A63B046528AEB50DF75E860AE833B4FB58B5CF494135DA1E92A9DEF3CE584C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62987F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 79windowregistryCOMMON

Download Yara Rule

APIs

?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFDF6294233), ref: 00007FFDF629881B
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFDF6294233), ref: 00007FFDF6298844
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFDF6294233), ref: 00007FFDF6298852
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFDF6294233), ref: 00007FFDF6298862
?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI(?,?,?,?,?,?,?,?,00000000,00007FFDF6294233), ref: 00007FFDF6298876
??6@YA?AVQDebug@@V0@PEBVQWindow@@@Z.QT5GUI(?,?,?,?,?,?,?,?,00000000,00007FFDF6294233), ref: 00007FFDF6298889
??6QDebug@@QEAAAEAV0@_N@Z.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFDF6294233), ref: 00007FFDF6298895
??1QDebug@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFDF6294233), ref: 00007FFDF62988A0
??1QDebug@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFDF6294233), ref: 00007FFDF62988AB
?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI(?,?,?,?,?,?,?,?,00000000,00007FFDF6294233), ref: 00007FFDF62988C5
RegisterDragDrop.OLE32 ref: 00007FFDF62988E4

Part of subcall function 00007FFDF62A1450: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,00000000,00000000,00007FFDF6298818,?,?,?,?,?,?,?,?,00000000,00007FFDF6294233), ref: 00007FFDF62A14AC
Part of subcall function 00007FFDF62A1450: _Init_thread_footer.LIBCMT ref: 00007FFDF62A14C5

CoLockObjectExternal.OLE32(?,?,?,?,?,?,?,?,00000000,00007FFDF6294233), ref: 00007FFDF6298917
RevokeDragDrop.OLE32 ref: 00007FFDF629892E

Strings

QWindowsWindow::setDropSiteEnabled, xrefs: 00007FFDF629885B

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$Window@@$?window@Category@@DragDropLogger@@LoggingMessagePlatform$??6@?debug@DebugEnabled@ExternalH00@Init_thread_footerLockObjectRegisterRevokeV0@_Window@@@
String ID: QWindowsWindow::setDropSiteEnabled
API String ID: 1301423406-3096030987
Opcode ID: f0b3dae632206ed1c1c8f17c8d6a5468d54631d93c2d78ca4981b57936fd84de
Instruction ID: 9bb9c40ee40f09ea4ae99555b6ee1f658b6cf1f0f6915673700253816db15329
Opcode Fuzzy Hash: f0b3dae632206ed1c1c8f17c8d6a5468d54631d93c2d78ca4981b57936fd84de
Instruction Fuzzy Hash: 3E314236B08B4583EB04AB65E4647A973A5FFC5B84F488031DA6E47BA9DF3CE414C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6292DF0 Relevance: 24.3, APIs: 16, Instructions: 253COMMON

Download Yara Rule

APIs

?isTopLevel@QWindow@@QEBA_NXZ.QT5GUI ref: 00007FFDF6292E31
?handle@QScreen@@QEBAPEAVQPlatformScreen@@XZ.QT5GUI ref: 00007FFDF6292E84
?contains@QRect@@QEBA_NAEBVQPoint@@_N@Z.QT5CORE ref: 00007FFDF6292EA4
?contains@QRect@@QEBA_NAEBVQPoint@@_N@Z.QT5CORE ref: 00007FFDF6292EBA
?virtualSiblings@QScreen@@QEBA?AV?$QList@PEAVQScreen@@@@XZ.QT5GUI ref: 00007FFDF6292EF1
?handle@QScreen@@QEBAPEAVQPlatformScreen@@XZ.QT5GUI ref: 00007FFDF6292F26
?contains@QRect@@QEBA_NAEBVQPoint@@_N@Z.QT5CORE ref: 00007FFDF6292F45
?center@QRect@@QEBA?AVQPoint@@XZ.QT5CORE ref: 00007FFDF6292F65
?center@QRect@@QEBA?AVQPoint@@XZ.QT5CORE ref: 00007FFDF6292F9A
?handle@QScreen@@QEBAPEAVQPlatformScreen@@XZ.QT5GUI ref: 00007FFDF6292FE3
??0QRect@@QEAA@AEBVQPoint@@AEBVQSize@@@Z.QT5CORE ref: 00007FFDF629301E
??0QRect@@QEAA@AEBVQPoint@@0@Z.QT5CORE ref: 00007FFDF6293054
?center@QRect@@QEBA?AVQPoint@@XZ.QT5CORE ref: 00007FFDF6293062
?center@QRect@@QEBA?AVQPoint@@XZ.QT5CORE ref: 00007FFDF6293073
?contains@QRect@@QEBA_NAEBVQPoint@@_N@Z.QT5CORE ref: 00007FFDF62930F9
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF6293134

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Rect@@$Screen@@$Point@@$?center@?contains@Point@@_$?handle@Platform$?dispose@?virtualData@1@@Data@@Level@ListList@Point@@0@Screen@@@@Siblings@Size@@@Window@@
String ID:
API String ID: 2129943404-0
Opcode ID: 4f00600494a7cdc726688a5b58fdf145887d9e27f95df164264d02ba096ae8ca
Instruction ID: 7da8ef41230fc6ab75129323a3d516398d8af1f9d87022ee95212af6bab09daa
Opcode Fuzzy Hash: 4f00600494a7cdc726688a5b58fdf145887d9e27f95df164264d02ba096ae8ca
Instruction Fuzzy Hash: AAC12973B15A428BEB14CFB8D4909AC37B5F788B88B454125DE5E97B98DF38E449CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62F8B70 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 88windowCOMMON

Download Yara Rule

APIs

??0QString@@QEAA@PEBVQChar@@H@Z.QT5CORE ref: 00007FFDF62F8B9C

Part of subcall function 00007FFDF62FBEF0: ?get@QThreadStorageData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF62FBF4F
Part of subcall function 00007FFDF62FBEF0: SystemParametersInfoW.USER32 ref: 00007FFDF62FBFF0
Part of subcall function 00007FFDF62FBEF0: SystemParametersInfoW.USER32 ref: 00007FFDF62FC05E
Part of subcall function 00007FFDF62FBEF0: pow.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FFDF62FC0C1
Part of subcall function 00007FFDF62FBEF0: GetDC.USER32 ref: 00007FFDF62FC112
Part of subcall function 00007FFDF62FBEF0: CreateCompatibleDC.GDI32 ref: 00007FFDF62FC11E

Part of subcall function 00007FFDF62F7490: GetDC.USER32 ref: 00007FFDF62F74A6
Part of subcall function 00007FFDF62F7490: GetDeviceCaps.GDI32 ref: 00007FFDF62F74BC
Part of subcall function 00007FFDF62F7490: ReleaseDC.USER32 ref: 00007FFDF62F74CD

Part of subcall function 00007FFDF62F6B00: CreateFontIndirectW.GDI32 ref: 00007FFDF62F6BAE
Part of subcall function 00007FFDF62F6B00: ?qErrnoWarning@@YAXPEBDZZ.QT5CORE ref: 00007FFDF62F6BCA
Part of subcall function 00007FFDF62F6B00: SelectObject.GDI32 ref: 00007FFDF62F6BE5
Part of subcall function 00007FFDF62F6B00: GetTextMetricsW.GDI32 ref: 00007FFDF62F6BFC
Part of subcall function 00007FFDF62F6B00: ?qErrnoWarning@@YAXPEBDZZ.QT5CORE ref: 00007FFDF62F6C14
Part of subcall function 00007FFDF62F6B00: SelectObject.GDI32 ref: 00007FFDF62F6C46
Part of subcall function 00007FFDF62F6B00: DeleteObject.GDI32 ref: 00007FFDF62F6C4F
Part of subcall function 00007FFDF62F6B00: ?fromWCharArray@QString@@SA?AV1@PEB_WH@Z.QT5CORE(?), ref: 00007FFDF62F6C7A
Part of subcall function 00007FFDF62F6B00: ??8@YA_NAEBVQString@@0@Z.QT5CORE ref: 00007FFDF62F6C99
Part of subcall function 00007FFDF62F6B00: ?length@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF62F6CAD

?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF62F8C04
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF62F8C2D
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF62F8C3B
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F8C4B
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62F8C5B
??6QDebug@@QEAAAEAV0@PEBX@Z.QT5CORE ref: 00007FFDF62F8C84
??6QDebug@@QEAAAEAV0@PEBX@Z.QT5CORE ref: 00007FFDF62F8C90
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62F8C9B
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62F8CA6
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F8CB4

Strings

FONTDEF, xrefs: 00007FFDF62F8C54
QWindowsFontDatabase::fontEngine, xrefs: 00007FFDF62F8C44

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$String@@$Object$CreateErrnoInfoLogger@@MessageParametersSelectSystemWarning@@$??8@?debug@?from?get@?length@Array@CapsCategory@@CharChar@@CompatibleData@@DebugDeleteDeviceEnabled@FontH00@IndirectLoggingMetricsReleaseStorageString@@0@TextThread
String ID: FONTDEF$QWindowsFontDatabase::fontEngine
API String ID: 3774102356-296183570
Opcode ID: d82a02c77786a22702164648bd4fae6334c41e330de5998d56779980236d77a3
Instruction ID: d27aac17e99d80eabd03323c3d31c56bdc4cb1b9dfdef70277850e7168ac5ba9
Opcode Fuzzy Hash: d82a02c77786a22702164648bd4fae6334c41e330de5998d56779980236d77a3
Instruction Fuzzy Hash: 7E318922708A82C2DB50AF65F824AA973A4FF84B90F098031DE5E87FADDE3CD545C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66F0990 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 83timeCOMMON

Download Yara Rule

APIs

?lock@QMutex@@QEAAXXZ.QT5CORE(?,?,?,?,?,?,?,00007FFDF66F1109), ref: 00007FFDF66F09A4
??0QTimer@@QEAA@PEAVQObject@@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFDF66F1109), ref: 00007FFDF66F09D3
?qEnvironmentVariableIntValue@@YAHPEBDPEA_N@Z.QT5CORE(?,?,?,?,?,?,?,00007FFDF66F1109), ref: 00007FFDF66F09F3
?setInterval@QTimer@@QEAAXH@Z.QT5CORE ref: 00007FFDF66F0A0C
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66F0A41
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66F0A4C
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,00007FFDF66F1109), ref: 00007FFDF66F0A65
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,00007FFDF66F1109), ref: 00007FFDF66F0A72
?start@QTimer@@QEAAXXZ.QT5CORE(?,?,?,?,?,?,?,00007FFDF66F1109), ref: 00007FFDF66F0AC1
?unlock@QMutexLocker@@QEAAXXZ.QT5CORE(?,?,?,?,?,?,?,00007FFDF66F1109), ref: 00007FFDF66F0ADE

Strings

2timeout(), xrefs: 00007FFDF66F0A16
QT_BEARER_POLL_TIMEOUT, xrefs: 00007FFDF66F09E8
1pollEngines(), xrefs: 00007FFDF66F0A31

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Object@@Timer@@$Connection@Data@@ListMeta$?begin@?connect@?end@?lock@?set?start@?unlock@ConnectionEnvironmentInterval@Locker@@MutexMutex@@Object@@@Qt@@@Type@Value@@Variable
String ID: 1pollEngines()$2timeout()$QT_BEARER_POLL_TIMEOUT
API String ID: 728005902-2682786888
Opcode ID: 977a3d22c105ae4efde1d8968d319cdcb010b4bb4d11bc5eebf66312b07ee499
Instruction ID: f9aec01aea4188cb2e0b17d99a2866bfaf9d45231c3220cb82eeb6219283a6c7
Opcode Fuzzy Hash: 977a3d22c105ae4efde1d8968d319cdcb010b4bb4d11bc5eebf66312b07ee499
Instruction Fuzzy Hash: 2D412D36B08B8686EB009F21E4746A977A8FB84B94F040475EA6E07F9DEF3CD485C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66FF090 Relevance: 22.7, APIs: 15, Instructions: 160COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF6700110: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00000000,00007FFDF66FF0C1,?,?,00000000,00000000,00007FFDF66FEE7E), ref: 00007FFDF6700143
Part of subcall function 00007FFDF6700110: ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00000000,00007FFDF66FF0C1,?,?,00000000,00000000,00007FFDF66FEE7E), ref: 00007FFDF6700157
Part of subcall function 00007FFDF6700110: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00000000,00007FFDF66FF0C1,?,?,00000000,00000000,00007FFDF66FEE7E), ref: 00007FFDF6700192
Part of subcall function 00007FFDF6700110: ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00000000,00007FFDF66FF0C1,?,?,00000000,00000000,00007FFDF66FEE7E), ref: 00007FFDF67001A6

?size@QListData@@QEBAHXZ.QT5CORE(?,?,00000000,00000000,00007FFDF66FEE7E), ref: 00007FFDF66FF0D0
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00000000,00007FFDF66FEE7E), ref: 00007FFDF66FF0F6
?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE(?,?,00000000,00000000,00007FFDF66FEE7E), ref: 00007FFDF66FF104
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00000000,00007FFDF66FEE7E), ref: 00007FFDF66FF110
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00000000,00007FFDF66FEE7E), ref: 00007FFDF66FF11C
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,00000000,00000000,00007FFDF66FEE7E), ref: 00007FFDF66FF188
?realloc@QListData@@QEAAXH@Z.QT5CORE(?,?,00000000,00000000,00007FFDF66FEE7E), ref: 00007FFDF66FF192
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00000000,00007FFDF66FEE7E), ref: 00007FFDF66FF19D
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00000000,00007FFDF66FEE7E), ref: 00007FFDF66FF1AB
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00000000,00007FFDF66FEE7E), ref: 00007FFDF66FF1E7
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00000000,00007FFDF66FEE7E), ref: 00007FFDF66FF1FD
??1QString@@QEAA@XZ.QT5CORE(?,?,00000000,00000000,00007FFDF66FEE7E), ref: 00007FFDF66FF274
??1QString@@QEAA@XZ.QT5CORE(?,?,00000000,00000000,00007FFDF66FEE7E), ref: 00007FFDF66FF27E
??1QString@@QEAA@XZ.QT5CORE(?,?,00000000,00000000,00007FFDF66FEE7E), ref: 00007FFDF66FF288
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,00000000,00000000,00007FFDF66FEE7E), ref: 00007FFDF66FF2E6

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Data@@List$?begin@$?end@$String@@$?dispose@Data@1@@$?detach@?realloc@?size@Data@1@
String ID:
API String ID: 3180553871-0
Opcode ID: 8194881865c4502df8e204512dd92fa9f5e6f772e369b032ac0766141efd5709
Instruction ID: ce3d56b9bf05b8331133c1ded66c2c7d1219030649eda3265d9157159f2f3d56
Opcode Fuzzy Hash: 8194881865c4502df8e204512dd92fa9f5e6f772e369b032ac0766141efd5709
Instruction Fuzzy Hash: B9617272B09A4282EB50DB64E46457973A8FB45B90F444571DA2E43FECEF3CD846CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF60D03A310 Relevance: 21.1, APIs: 14, Instructions: 124COMMON

Download Yara Rule

APIs

??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FF60D03A338
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FF60D03A34A
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FF60D03A35C
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FF60D03A36E

Part of subcall function 00007FF60D076824: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF60D07683E

??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60D03A394

Part of subcall function 00007FF60D03A850: ??0QObject@@QEAA@PEAV0@@Z.QT5CORE(?,?,?,00000000,?,00007FF60D03A3AB), ref: 00007FF60D03A873
Part of subcall function 00007FF60D03A850: ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,00000000,?,00007FF60D03A3AB), ref: 00007FF60D03A888
Part of subcall function 00007FF60D03A850: ??0QDate@@QEAA@XZ.QT5CORE(?,?,?,00000000,?,00007FF60D03A3AB), ref: 00007FF60D03A893
Part of subcall function 00007FF60D03A850: ??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,00000000,?,00007FF60D03A3AB), ref: 00007FF60D03A89D
Part of subcall function 00007FF60D03A850: ??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,?,?,00000000,?,00007FF60D03A3AB), ref: 00007FF60D03A8AB
Part of subcall function 00007FF60D03A850: ??0QNetworkAccessManager@@QEAA@PEAVQObject@@@Z.QT5NETWORK(?,?,?,00000000,?,00007FF60D03A3AB), ref: 00007FF60D03A8D1
Part of subcall function 00007FF60D03A850: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,00000000,?,00007FF60D03A3AB), ref: 00007FF60D03A8E8

Part of subcall function 00007FF60D076824: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF60D076854
Part of subcall function 00007FF60D076824: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF60D07685A

?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE(?,?,?,?,?,?,?,00000000,00000001,00007FF60CFE370F), ref: 00007FF60D03A430
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00000000,00000001,00007FF60CFE370F), ref: 00007FF60D03A43E
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE(?,?,?,?,?,?,?,00000000,00000001,00007FF60CFE370F), ref: 00007FF60D03A4A8
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00000000,00000001,00007FF60CFE370F), ref: 00007FF60D03A4B6
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE(?,?,?,?,?,?,?,00000000,00000001,00007FF60CFE370F), ref: 00007FF60D03A520
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00000000,00000001,00007FF60CFE370F), ref: 00007FF60D03A52E
??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00000000,00000001,00007FF60CFE370F), ref: 00007FF60D03A538
??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00000000,00000001,00007FF60CFE370F), ref: 00007FF60D03A547
??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00000000,00000001,00007FF60CFE370F), ref: 00007FF60D03A556

Memory Dump Source

Source File: 0000000F.00000002.3088052427.00007FF60CFC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF60CFC0000, based on PE: true

Associated: 0000000F.00000002.3088035517.00007FF60CFC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088110305.00007FF60D086000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088157309.00007FF60D101000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088175807.00007FF60D104000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088193777.00007FF60D108000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088211068.00007FF60D10B000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff60cfc0000_SRTMiniServer.jbxd

Similarity

API ID: Object@@$String@@$V0@@$Connection@Meta$?connectArray@@Base@ByteConnectionImpl@ObjectPrivate@@Qt@@SlotType@U3@@$Concurrency::cancel_current_task$AccessDate@@Manager@@NetworkObject@@@malloc
String ID:
API String ID: 388013295-0
Opcode ID: ea7904a7f400c4e8fcefc2bce3770add5672887597297de3ee4f919f6d1a9518
Instruction ID: e8364013e0bfa6badb137283fd7c4098cacbf79cc880447ed9da327333ce88c7
Opcode Fuzzy Hash: ea7904a7f400c4e8fcefc2bce3770add5672887597297de3ee4f919f6d1a9518
Instruction Fuzzy Hash: 17513932608BC19AD7609F01F8547AAB7A4FB84784F604235DACE87B68EF7CD159CB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62C12F0 Relevance: 21.1, APIs: 14, Instructions: 103windowCOMMON

Download Yara Rule

APIs

?desktopSettingsAware@QGuiApplication@@SA_NXZ.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFDF62BEA04), ref: 00007FFDF62C1308

Part of subcall function 00007FFDF6380E9C: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDF6291204), ref: 00007FFDF6380EB6

Part of subcall function 00007FFDF62C2650: ?setRgb@QColor@@QEAAXHHHH@Z.QT5GUI ref: 00007FFDF62C26A2
Part of subcall function 00007FFDF62C2650: ?light@QColor@@QEBA?AV1@H@Z.QT5GUI ref: 00007FFDF62C26B6
Part of subcall function 00007FFDF62C2650: ?dark@QColor@@QEBA?AV1@H@Z.QT5GUI ref: 00007FFDF62C26CA
Part of subcall function 00007FFDF62C2650: ??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z.QT5GUI ref: 00007FFDF62C26DE
Part of subcall function 00007FFDF62C2650: ??0QColor@@QEAA@W4GlobalColor@Qt@@@Z.QT5GUI ref: 00007FFDF62C26ED
Part of subcall function 00007FFDF62C2650: ??0QColor@@QEAA@W4GlobalColor@Qt@@@Z.QT5GUI ref: 00007FFDF62C26FC
Part of subcall function 00007FFDF62C2650: ??0QColor@@QEAA@W4GlobalColor@Qt@@@Z.QT5GUI ref: 00007FFDF62C270B
Part of subcall function 00007FFDF62C2650: ??0QColor@@QEAA@W4GlobalColor@Qt@@@Z.QT5GUI ref: 00007FFDF62C271A
Part of subcall function 00007FFDF62C2650: ??0QPalette@@QEAA@AEBVQColor@@000000@Z.QT5GUI ref: 00007FFDF62C2753
Part of subcall function 00007FFDF62C2650: ?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z.QT5GUI ref: 00007FFDF62C2767
Part of subcall function 00007FFDF62C2650: ?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z.QT5GUI ref: 00007FFDF62C277D
Part of subcall function 00007FFDF62C2650: ?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z.QT5GUI ref: 00007FFDF62C2793
Part of subcall function 00007FFDF62C2650: ??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z.QT5GUI ref: 00007FFDF62C27A7
Part of subcall function 00007FFDF62C2650: ?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z.QT5GUI ref: 00007FFDF62C27BC
Part of subcall function 00007FFDF62C2650: ??1QBrush@@QEAA@XZ.QT5GUI ref: 00007FFDF62C27C6
Part of subcall function 00007FFDF62C2650: ??1QBrush@@QEAA@XZ.QT5GUI ref: 00007FFDF62C27D0
Part of subcall function 00007FFDF62C2650: GetSysColor.USER32 ref: 00007FFDF62C27DB
Part of subcall function 00007FFDF62C2650: ?setRgb@QColor@@QEAAXHHHH@Z.QT5GUI ref: 00007FFDF62C2804

Part of subcall function 00007FFDF6380E9C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFDF6380ED2

Part of subcall function 00007FFDF62C37B0: ??0QPalette@@QEAA@AEBV0@@Z.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,?,00000010,?,?,00007FFDF62C1352), ref: 00007FFDF62C37D3
Part of subcall function 00007FFDF62C37B0: GetSysColor.USER32 ref: 00007FFDF62C37DE
Part of subcall function 00007FFDF62C37B0: ?setRgb@QColor@@QEAAXHHHH@Z.QT5GUI ref: 00007FFDF62C3807
Part of subcall function 00007FFDF62C37B0: GetSysColor.USER32 ref: 00007FFDF62C3812
Part of subcall function 00007FFDF62C37B0: ?setRgb@QColor@@QEAAXHHHH@Z.QT5GUI ref: 00007FFDF62C383B
Part of subcall function 00007FFDF62C37B0: ??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z.QT5GUI ref: 00007FFDF62C384F
Part of subcall function 00007FFDF62C37B0: ?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z.QT5GUI ref: 00007FFDF62C3864
Part of subcall function 00007FFDF62C37B0: ??1QBrush@@QEAA@XZ.QT5GUI ref: 00007FFDF62C386E
Part of subcall function 00007FFDF62C37B0: ??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z.QT5GUI ref: 00007FFDF62C3882
Part of subcall function 00007FFDF62C37B0: ?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z.QT5GUI ref: 00007FFDF62C3897
Part of subcall function 00007FFDF62C37B0: ??1QBrush@@QEAA@XZ.QT5GUI ref: 00007FFDF62C38A1
Part of subcall function 00007FFDF62C37B0: ??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z.QT5GUI ref: 00007FFDF62C38B5
Part of subcall function 00007FFDF62C37B0: ?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z.QT5GUI ref: 00007FFDF62C38CA
Part of subcall function 00007FFDF62C37B0: ??1QBrush@@QEAA@XZ.QT5GUI ref: 00007FFDF62C38D4
Part of subcall function 00007FFDF62C37B0: ??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z.QT5GUI ref: 00007FFDF62C38E8
Part of subcall function 00007FFDF62C37B0: ?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z.QT5GUI ref: 00007FFDF62C38FB
Part of subcall function 00007FFDF62C37B0: ??1QBrush@@QEAA@XZ.QT5GUI ref: 00007FFDF62C3905
Part of subcall function 00007FFDF62C37B0: ??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z.QT5GUI ref: 00007FFDF62C3919
Part of subcall function 00007FFDF62C37B0: ?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z.QT5GUI ref: 00007FFDF62C392E
Part of subcall function 00007FFDF62C37B0: ??1QBrush@@QEAA@XZ.QT5GUI ref: 00007FFDF62C3938
Part of subcall function 00007FFDF62C37B0: ??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z.QT5GUI ref: 00007FFDF62C394C
Part of subcall function 00007FFDF62C37B0: ?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z.QT5GUI ref: 00007FFDF62C3961

Part of subcall function 00007FFDF62C09B0: ??0QPalette@@QEAA@AEBV0@@Z.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF62C136C), ref: 00007FFDF62C09D9
Part of subcall function 00007FFDF62C09B0: GetSysColor.USER32 ref: 00007FFDF62C09E4
Part of subcall function 00007FFDF62C09B0: ?setRgb@QColor@@QEAAXHHHH@Z.QT5GUI ref: 00007FFDF62C0A0D
Part of subcall function 00007FFDF62C09B0: GetSysColor.USER32 ref: 00007FFDF62C0A18
Part of subcall function 00007FFDF62C09B0: ?setRgb@QColor@@QEAAXHHHH@Z.QT5GUI ref: 00007FFDF62C0A41
Part of subcall function 00007FFDF62C09B0: GetSysColor.USER32 ref: 00007FFDF62C0A4C
Part of subcall function 00007FFDF62C09B0: ?setRgb@QColor@@QEAAXHHHH@Z.QT5GUI ref: 00007FFDF62C0A75
Part of subcall function 00007FFDF62C09B0: ??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z.QT5GUI ref: 00007FFDF62C0A89
Part of subcall function 00007FFDF62C09B0: ?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z.QT5GUI ref: 00007FFDF62C0A9B
Part of subcall function 00007FFDF62C09B0: ??1QBrush@@QEAA@XZ.QT5GUI ref: 00007FFDF62C0AA5
Part of subcall function 00007FFDF62C09B0: ??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z.QT5GUI ref: 00007FFDF62C0AB9
Part of subcall function 00007FFDF62C09B0: ?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z.QT5GUI ref: 00007FFDF62C0ACB
Part of subcall function 00007FFDF62C09B0: ??1QBrush@@QEAA@XZ.QT5GUI ref: 00007FFDF62C0AD5
Part of subcall function 00007FFDF62C09B0: ??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z.QT5GUI ref: 00007FFDF62C0AE9
Part of subcall function 00007FFDF62C09B0: ?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z.QT5GUI ref: 00007FFDF62C0AFA
Part of subcall function 00007FFDF62C09B0: ??1QBrush@@QEAA@XZ.QT5GUI ref: 00007FFDF62C0B04
Part of subcall function 00007FFDF62C09B0: ??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z.QT5GUI ref: 00007FFDF62C0B18
Part of subcall function 00007FFDF62C09B0: ?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z.QT5GUI ref: 00007FFDF62C0B2A
Part of subcall function 00007FFDF62C09B0: ??1QBrush@@QEAA@XZ.QT5GUI ref: 00007FFDF62C0B34
Part of subcall function 00007FFDF62C09B0: ??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z.QT5GUI ref: 00007FFDF62C0B48
Part of subcall function 00007FFDF62C09B0: ?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z.QT5GUI ref: 00007FFDF62C0B5B

SystemParametersInfoW.USER32 ref: 00007FFDF62C1384
??0QPalette@@QEAA@AEBV0@@Z.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFDF62BEA04), ref: 00007FFDF62C13AF
GetSysColor.USER32 ref: 00007FFDF62C13BD
?setRgb@QColor@@QEAAXHHHH@Z.QT5GUI ref: 00007FFDF62C13E7
??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z.QT5GUI ref: 00007FFDF62C13FD
?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z.QT5GUI ref: 00007FFDF62C140F
??1QBrush@@QEAA@XZ.QT5GUI ref: 00007FFDF62C141A
??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z.QT5GUI ref: 00007FFDF62C1430
?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z.QT5GUI ref: 00007FFDF62C1444
??1QBrush@@QEAA@XZ.QT5GUI ref: 00007FFDF62C144F
??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z.QT5GUI ref: 00007FFDF62C1465
?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z.QT5GUI ref: 00007FFDF62C147A
??1QBrush@@QEAA@XZ.QT5GUI ref: 00007FFDF62C1485

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Color$Brush@@Color@@$?set$Palette@@$Qt@@@$Brush@Brush@@@Group@1@Role@1@$BrushStyle@$Rgb@$Color@Global$V0@@$?dark@?desktop?light@Application@@Aware@Color@@000000@Concurrency::cancel_current_taskInfoParametersSettingsSystemmalloc
String ID:
API String ID: 2365897899-0
Opcode ID: 02663c11d9f668223fc37d7b686f436bcd2ab1e8da3598bbb1a83ca069a3c9df
Instruction ID: b05ccbea5e2ee1d2c1eb57bfde8754fc1cacca5af4641f980f5b2356205f865c
Opcode Fuzzy Hash: 02663c11d9f668223fc37d7b686f436bcd2ab1e8da3598bbb1a83ca069a3c9df
Instruction Fuzzy Hash: 3741A032B08A4283EB50AB61E424AEA63A5FF84B95F444035D99E47FD9DF7CD544C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6681630 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 105COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF6759290: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDF668328F), ref: 00007FFDF67592AA

Part of subcall function 00007FFDF6683490: ??0QObjectPrivate@@QEAA@H@Z.QT5CORE(?,?,00000000,00007FFDF6683297), ref: 00007FFDF66834A3
Part of subcall function 00007FFDF6683490: ??0QMutex@@QEAA@W4RecursionMode@0@@Z.QT5CORE ref: 00007FFDF66835A0

??0QObject@@IEAA@AEAVQObjectPrivate@@PEAV0@@Z.QT5CORE ref: 00007FFDF66832A0
?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF6683362
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF668336D
?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF6683399
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66833A4
_Init_thread_footer.LIBCMT ref: 00007FFDF6683416
_Init_thread_footer.LIBCMT ref: 00007FFDF6683479

Strings

2configurationChanged(QNetworkConfiguration), xrefs: 00007FFDF668337E
2onlineStateChanged(bool), xrefs: 00007FFDF6683343
1_q_onlineStateChanged(bool), xrefs: 00007FFDF668333A
1_q_configurationChanged(QNetworkConfiguration), xrefs: 00007FFDF6683373

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Object@@$Connection@Meta$?connect@ConnectionInit_thread_footerObjectPrivate@@Qt@@@Type@$Mode@0@@Mutex@@RecursionV0@@malloc
String ID: 1_q_configurationChanged(QNetworkConfiguration)$1_q_onlineStateChanged(bool)$2configurationChanged(QNetworkConfiguration)$2onlineStateChanged(bool)
API String ID: 2913475054-1936501521
Opcode ID: 4526b836f7f5a337a2d3f11dd50159e74262cbfecd5ae283704fdf2ff1baf3fb
Instruction ID: 8565979ddd5c1eccea9bcc87b4c24088986eb7c4ae39d4a9e9f3e8754bfa5f80
Opcode Fuzzy Hash: 4526b836f7f5a337a2d3f11dd50159e74262cbfecd5ae283704fdf2ff1baf3fb
Instruction Fuzzy Hash: 25510B21B08A4395E700DB70E9718B93368EF44760F4442B6D57D42EEEEF3CE9868B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62FBE00 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 51windowlibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF62F4740: ??0QString@@QEAA@UQStringDataPtr@@@Z.QT5CORE ref: 00007FFDF62F4776

??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62F6AE5), ref: 00007FFDF62FBE23
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF62F6AE5), ref: 00007FFDF62FBE31
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FBE4A
?utf16@QString@@QEBAPEBGXZ.QT5CORE ref: 00007FFDF62FBE5C
?load@QSystemLibrary@@SAPEAUHINSTANCE__@@PEB_W_N@Z.QT5CORE ref: 00007FFDF62FBE67
GetProcAddress.KERNEL32 ref: 00007FFDF62FBE8D
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FFDF62FBEA8
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF62FBEB8
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FBEC5

Strings

DWriteCreateFactory, xrefs: 00007FFDF62FBE83
Unable to load dwrite.dll, xrefs: 00007FFDF62FBEB1

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Logger@@Message$??0?$?load@?utf16@?warning@AddressDataE__@@F@@@@Library@@PointProcPtr@@@StringSystemV0@@Vector@
String ID: DWriteCreateFactory$Unable to load dwrite.dll
API String ID: 3014551535-536298143
Opcode ID: 89c3ad6135cbdc0cf07aa5337a9c29c8c9fb03bc24a06efb61bffe4376d82d58
Instruction ID: deac1166a7cc27c60cedc9b828a506e183f483c701000c65cfe4ab59d3268e82
Opcode Fuzzy Hash: 89c3ad6135cbdc0cf07aa5337a9c29c8c9fb03bc24a06efb61bffe4376d82d58
Instruction Fuzzy Hash: 1A21A422B0D64292EB10AB74F464AA977E4EF98755F480131DA5E42FADEF2CD148CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62FBEF0 Relevance: 18.2, APIs: 12, Instructions: 206threadCOMMON

Download Yara Rule

APIs

?get@QThreadStorageData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF62FBF4F
SystemParametersInfoW.USER32 ref: 00007FFDF62FBFF0
SystemParametersInfoW.USER32 ref: 00007FFDF62FC05E
pow.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FFDF62FC0C1
GetDC.USER32 ref: 00007FFDF62FC112
CreateCompatibleDC.GDI32 ref: 00007FFDF62FC11E
?set@QThreadStorageData@@QEAAPEAPEAXPEAX@Z.QT5CORE ref: 00007FFDF62FC186
?get@QThreadStorageData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF62FC1FC
ReleaseDC.USER32 ref: 00007FFDF62FC130

Part of subcall function 00007FFDF6380E9C: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDF6291204), ref: 00007FFDF6380EB6

?set@QThreadStorageData@@QEAAPEAPEAXPEAX@Z.QT5CORE ref: 00007FFDF62FC21C

Part of subcall function 00007FFDF63814AC: EnterCriticalSection.KERNEL32(?,?,00000000,00007FFDF62A16D2,?,?,00000000,00007FFDF62914BE), ref: 00007FFDF63814BC

??0QThreadStorageData@@QEAA@P6AXPEAX@Z@Z.QT5CORE ref: 00007FFDF62FC28B
_Init_thread_footer.LIBCMT ref: 00007FFDF62FC2AE

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Data@@StorageThread$?get@?set@InfoParametersSystem$CompatibleCreateCriticalEnterInit_thread_footerReleaseSectionmalloc
String ID:
API String ID: 433356260-0
Opcode ID: 29b06b65a64784af6cce7820a74c72b435fc0c592c6a7865f4f135debf84de15
Instruction ID: fd09b9b23da28a8afbe2fe3978dbff0a6b71ef6c539dc8d60bd6cab732d8f5f9
Opcode Fuzzy Hash: 29b06b65a64784af6cce7820a74c72b435fc0c592c6a7865f4f135debf84de15
Instruction Fuzzy Hash: 37A19436B08BC286E7519B79E4207AA73A8FF55794F048235DA5D53BA8DF3CE445C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62BC120 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 69windowregistryCOMMON

Download Yara Rule

APIs

??0QPlatformInputContext@@QEAA@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,00007FFDF629D915), ref: 00007FFDF62BC12B
RegisterWindowMessageW.USER32(?,?,?,?,?,?,?,?,?,00007FFDF629D915), ref: 00007FFDF62BC142
??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF629D915), ref: 00007FFDF62BC159
GetKeyboardLayout.USER32 ref: 00007FFDF62BC174
?qt_localeFromLCID@@YA?AVQLocale@@K@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF629D915), ref: 00007FFDF62BC184
CreateBitmap.GDI32 ref: 00007FFDF62BC1A8
?inputMethod@QGuiApplication@@SAPEAVQInputMethod@@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,00007FFDF629D915), ref: 00007FFDF62BC1CD

Part of subcall function 00007FFDF6380E9C: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDF6291204), ref: 00007FFDF6380EB6

?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF629D915), ref: 00007FFDF62BC232
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF629D915), ref: 00007FFDF62BC240

Strings

MSIMEMouseOperation, xrefs: 00007FFDF62BC138

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Object@@$Connection@InputMeta$??0?$?connect?input?qt_localeApplication@@Base@BitmapConnectionContext@@CreateF@@@@FromImpl@KeyboardLayoutLocale@@MessageMethod@Method@@ObjectPlatformPointPrivate@@Qt@@RegisterSlotType@U3@@Vector@Windowmalloc
String ID: MSIMEMouseOperation
API String ID: 2834244316-1919246749
Opcode ID: 23ad134479de05867900d0bb13ea568e2936c7e97c9eb8c13325275b2c367f58
Instruction ID: b60f79e28ffe43c9de76b3c1432af416b2409a2611ea608e325e334e4420091a
Opcode Fuzzy Hash: 23ad134479de05867900d0bb13ea568e2936c7e97c9eb8c13325275b2c367f58
Instruction Fuzzy Hash: E7315832608B4297EB509F64F5505A977E8FB88B50F448135DA9D43FA8DF3CE168CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66FEE20 Relevance: 16.7, APIs: 11, Instructions: 155COMMON

Download Yara Rule

APIs

?size@QListData@@QEBAHXZ.QT5CORE ref: 00007FFDF66FEE8D
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66FEEB2
?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE ref: 00007FFDF66FEEC0
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66FEECC
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66FEED8
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF66FEF47
?realloc@QListData@@QEAAXH@Z.QT5CORE ref: 00007FFDF66FEF51
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66FEF5C
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66FEF6A
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF66FF01A

Part of subcall function 00007FFDF67598C4: EnterCriticalSection.KERNEL32(?,?,?,00007FFDF6727CD2,?,?,?,00007FFDF673D0D5), ref: 00007FFDF67598D4

_Init_thread_footer.LIBCMT ref: 00007FFDF66FF077

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Data@@List$?begin@$?dispose@?end@Data@1@@$?detach@?realloc@?size@CriticalData@1@EnterInit_thread_footerSection
String ID:
API String ID: 2334027617-0
Opcode ID: 2e56a49140fd86ff447328b629110f7414199780ebd9379aeba205551dc76af0
Instruction ID: 4c565afdc48fdd6e27d5a2bd676bf6c34bbee13f5e5b5f2e19a7b7f9974aa571
Opcode Fuzzy Hash: 2e56a49140fd86ff447328b629110f7414199780ebd9379aeba205551dc76af0
Instruction Fuzzy Hash: 6E616D32B0AA8292EB509B29E474A793364EB84B64F544171DA2D43FECEF3CD845C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62FB510 Relevance: 15.1, APIs: 10, Instructions: 97registryCOMMON

Download Yara Rule

APIs

??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF62FB536
RegOpenKeyExW.ADVAPI32 ref: 00007FFDF62FB55E
RegQueryValueExW.ADVAPI32 ref: 00007FFDF62FB591
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDF62FB5CB
RegQueryValueExW.ADVAPI32 ref: 00007FFDF62FB63D
?fromWCharArray@QString@@SA?AV1@PEB_WH@Z.QT5CORE ref: 00007FFDF62FB655
??4QUrl@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62FB661
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FB66C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDF62FB681
RegCloseKey.ADVAPI32 ref: 00007FFDF62FB68C

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: QueryString@@Value$??0?$?fromArray@CharCloseF@@@@OpenPointUrl@@V0@$$V0@@Vector@freemalloc
String ID:
API String ID: 4225361595-0
Opcode ID: f45f6baccd3c904712e40c2f865374103fad5525e501e89d317635587510014e
Instruction ID: 9adf7f46ee9df015c42834f44df66dffe707cf90318aa6ff0c772e18fd34b02a
Opcode Fuzzy Hash: f45f6baccd3c904712e40c2f865374103fad5525e501e89d317635587510014e
Instruction Fuzzy Hash: AC417232708A8186EB60DF61E854BAEB7A4FB89B94F044131E99D87F98DF3CD145CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF60D009990 Relevance: 15.1, APIs: 10, Instructions: 87timeCOMMON

Download Yara Rule

APIs

??0QObject@@QEAA@PEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,00000000,?,?,00007FF60CFE323C), ref: 00007FF60D0099A4
??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,?,?,00007FF60CFE323C), ref: 00007FF60D0099B9
??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,?,?,00007FF60CFE323C), ref: 00007FF60D0099C4
??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,?,?,00007FF60CFE323C), ref: 00007FF60D0099CF
??0QTcpSocket@@QEAA@PEAVQObject@@@Z.QT5NETWORK(?,?,?,?,?,?,?,?,00000000,?,?,00007FF60CFE323C), ref: 00007FF60D0099DC
??0QTimer@@QEAA@PEAVQObject@@@Z.QT5CORE(?,?,?,?,?,?,?,?,00000000,?,?,00007FF60CFE323C), ref: 00007FF60D0099F4

Part of subcall function 00007FF60D076824: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF60D07683E

?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE(?,?,?,?,?,?,?,?,00000000,?,?,00007FF60CFE323C), ref: 00007FF60D009A82
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,?,?,00007FF60CFE323C), ref: 00007FF60D009A8D

Part of subcall function 00007FF60D076824: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF60D076854
Part of subcall function 00007FF60D076824: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF60D07685A

?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FF60D009AFF
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FF60D009B0D

Memory Dump Source

Source File: 0000000F.00000002.3088052427.00007FF60CFC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF60CFC0000, based on PE: true

Associated: 0000000F.00000002.3088035517.00007FF60CFC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088110305.00007FF60D086000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088157309.00007FF60D101000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088175807.00007FF60D104000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088193777.00007FF60D108000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088211068.00007FF60D10B000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff60cfc0000_SRTMiniServer.jbxd

Similarity

API ID: Object@@$Connection@Meta$Array@@Byte$?connectBase@Concurrency::cancel_current_taskConnectionImpl@ObjectObject@@@Private@@Qt@@SlotType@U3@@$Socket@@Timer@@V0@@malloc
String ID:
API String ID: 426250642-0
Opcode ID: d506fd7fe21091b0ddd857f80b877d9a87e2c2ab2c4b1130fdbc30869b4510ec
Instruction ID: ff96109a13bec8f920924d93de45f1ae0f8c9adb6c5d272662a1b6357e0f0026
Opcode Fuzzy Hash: d506fd7fe21091b0ddd857f80b877d9a87e2c2ab2c4b1130fdbc30869b4510ec
Instruction Fuzzy Hash: FE411732508F8296D7208F51F8802AAB7B4FB84754F904235D6CE83B69EF7DE599CB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62FA690 Relevance: 15.1, APIs: 10, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF62FBBC0: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,00007FFDF62F48E3), ref: 00007FFDF62FBBDB
Part of subcall function 00007FFDF62FBBC0: ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,00007FFDF62F48E3), ref: 00007FFDF62FBBE8
Part of subcall function 00007FFDF62FBBC0: RemoveFontMemResourceEx.GDI32(?,?,?,?,00007FFDF62F48E3), ref: 00007FFDF62FBC0B
Part of subcall function 00007FFDF62FBBC0: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,00007FFDF62F48E3), ref: 00007FFDF62FBCA1
Part of subcall function 00007FFDF62FBBC0: ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,00007FFDF62F48E3), ref: 00007FFDF62FBCBC
Part of subcall function 00007FFDF62FBBC0: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,00007FFDF62F48E3), ref: 00007FFDF62FBD11
Part of subcall function 00007FFDF62FBBC0: ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,00007FFDF62F48E3), ref: 00007FFDF62FBD2C

GetDC.USER32 ref: 00007FFDF62FA6B9
EnumFontFamiliesExW.GDI32 ref: 00007FFDF62FA6E8
ReleaseDC.USER32 ref: 00007FFDF62FA6F3

Part of subcall function 00007FFDF62FC530: GetObjectW.GDI32 ref: 00007FFDF62FC569
Part of subcall function 00007FFDF62FC530: ?fromWCharArray@QString@@SA?AV1@PEB_WH@Z.QT5CORE ref: 00007FFDF62FC582
Part of subcall function 00007FFDF62FC530: ??0QFont@@QEAA@AEBVQString@@HH_N@Z.QT5GUI ref: 00007FFDF62FC59A
Part of subcall function 00007FFDF62FC530: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FC5A4
Part of subcall function 00007FFDF62FC530: ?setStyle@QFont@@QEAAXW4Style@1@@Z.QT5GUI ref: 00007FFDF62FC5B5
Part of subcall function 00007FFDF62FC530: ?weightFromInteger@QPlatformFontDatabase@@SA?AW4Weight@QFont@@H@Z.QT5GUI ref: 00007FFDF62FC5C2
Part of subcall function 00007FFDF62FC530: ?setWeight@QFont@@QEAAXH@Z.QT5GUI ref: 00007FFDF62FC5CD
Part of subcall function 00007FFDF62FC530: ?setPointSizeF@QFont@@QEAAXN@Z.QT5GUI ref: 00007FFDF62FC5FB
Part of subcall function 00007FFDF62FC530: ?setUnderline@QFont@@QEAAX_N@Z.QT5GUI ref: 00007FFDF62FC60B
Part of subcall function 00007FFDF62FC530: ?setOverline@QFont@@QEAAX_N@Z.QT5GUI ref: 00007FFDF62FC616
Part of subcall function 00007FFDF62FC530: ?setStrikeOut@QFont@@QEAAX_N@Z.QT5GUI ref: 00007FFDF62FC626
Part of subcall function 00007FFDF62FC530: ?family@QFont@@QEBA?AVQString@@XZ.QT5GUI ref: 00007FFDF62FC64E
Part of subcall function 00007FFDF62FC530: ??8QString@@QEBA_NVQLatin1String@@@Z.QT5CORE ref: 00007FFDF62FC65B
Part of subcall function 00007FFDF62FC530: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FC668
Part of subcall function 00007FFDF62FC530: ?setFamily@QFont@@QEAAXAEBVQString@@@Z.QT5GUI ref: 00007FFDF62FC68A
Part of subcall function 00007FFDF62FC530: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FC694
Part of subcall function 00007FFDF62FC530: ?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF62FC6A2

?family@QFont@@QEBA?AVQString@@XZ.QT5GUI ref: 00007FFDF62FA70B
??1QFont@@QEAA@XZ.QT5GUI ref: 00007FFDF62FA716
?resolveFontFamilyAlias@QPlatformFontDatabase@@UEBA?AVQString@@AEBV2@@Z.QT5GUI ref: 00007FFDF62FA729
??8@YA_NAEBVQString@@0@Z.QT5CORE ref: 00007FFDF62FA737
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FA745
?registerFontFamily@QPlatformFontDatabase@@SAXAEBVQString@@@Z.QT5GUI ref: 00007FFDF62FA754
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FA767

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Font@@$?setFont$Data@@List$Database@@PlatformString@@@$?dispose@?family@Data@1@@Family@Weight@$??8@?begin@?end@?from?register?resolve?weightAlias@Array@Category@@CharDebugEnabled@EnumFamiliesFamilyFromInteger@Latin1LoggingObjectOut@Overline@PointReleaseRemoveResourceSizeStrikeString@@0@Style@Style@1@@Underline@V2@@
String ID:
API String ID: 1639580978-0
Opcode ID: c93e2f024df509bfccb002b69b33b9d1612f4c31b38b295fdca208cb6567caa1
Instruction ID: 46c205d449ac64400d3a7f78e695e71d976f71932e13a38aac84802db710dbf7
Opcode Fuzzy Hash: c93e2f024df509bfccb002b69b33b9d1612f4c31b38b295fdca208cb6567caa1
Instruction Fuzzy Hash: 95212162B2C68292DB50AB70F465BEA63A4FF84B84F455036E95E47E9DDF2CD148C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62D29F0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 59libraryloaderCOMMON

Download Yara Rule

APIs

??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF62D2A35
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF62D2A44
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62D2A5A
?utf16@QString@@QEBAPEBGXZ.QT5CORE ref: 00007FFDF62D2A6C
?load@QSystemLibrary@@SAPEAUHINSTANCE__@@PEB_W_N@Z.QT5CORE ref: 00007FFDF62D2A77
GetProcAddress.KERNEL32 ref: 00007FFDF62D2A93
_Init_thread_footer.LIBCMT ref: 00007FFDF62D2B15

Strings

Direct3DCreate9, xrefs: 00007FFDF62D2A8C

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: String@@$??0?$?load@?utf16@AddressE__@@F@@@@Init_thread_footerLibrary@@PointProcSystemV0@@Vector@
String ID: Direct3DCreate9
API String ID: 1136395496-2790205071
Opcode ID: 80d51bb5f0213e570c76c5ffa7d11de39070ff420f9802bd643db01c785f957c
Instruction ID: f427cc5668f423a9b03eb92467b44b5996dfacc8fdb113d72ad8008ab7ce7d95
Opcode Fuzzy Hash: 80d51bb5f0213e570c76c5ffa7d11de39070ff420f9802bd643db01c785f957c
Instruction Fuzzy Hash: 0A312F32F1AB4397EB40AB64E960B6473A8FF65714F084235D66D43AE8DF3CA198C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF60D076FB8 Relevance: 13.6, APIs: 9, Instructions: 94COMMON

Download Yara Rule

APIs

__scrt_initialize_crt.LIBCMT ref: 00007FF60D076FC7
__scrt_acquire_startup_lock.LIBCMT ref: 00007FF60D076FDC
__scrt_release_startup_lock.LIBCMT ref: 00007FF60D07704A
_register_thread_local_exe_atexit_callback.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF60D077098
__scrt_get_show_window_mode.LIBCMT ref: 00007FF60D07709D
_get_narrow_winmain_command_line.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF60D0770A5
__scrt_is_managed_app.LIBCMT ref: 00007FF60D0770C0
_cexit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF60D0770CE
_exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF60D077123

Memory Dump Source

Source File: 0000000F.00000002.3088052427.00007FF60CFC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF60CFC0000, based on PE: true

Associated: 0000000F.00000002.3088035517.00007FF60CFC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088110305.00007FF60D086000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088157309.00007FF60D101000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088175807.00007FF60D104000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088193777.00007FF60D108000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088211068.00007FF60D10B000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff60cfc0000_SRTMiniServer.jbxd

Similarity

API ID: __scrt_acquire_startup_lock__scrt_get_show_window_mode__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock_cexit_exit_get_narrow_winmain_command_line_register_thread_local_exe_atexit_callback
String ID:
API String ID: 4178791639-0
Opcode ID: 3452e99be117c936ee7a3cca370841b8ec829d19776f5a31c5c249e03cf31877
Instruction ID: 318584f6c1b911b79ba7b061d591faa3dcbdf760b76c374359cff7b92597197b
Opcode Fuzzy Hash: 3452e99be117c936ee7a3cca370841b8ec829d19776f5a31c5c249e03cf31877
Instruction Fuzzy Hash: 9F314921E4C243A1FA64AF64A4513F92291AF813C4FB45634EA4FCF2D7FE6DA845C349

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF629A8D0 Relevance: 13.6, APIs: 9, Instructions: 59windowCOMMON

Download Yara Rule

APIs

DestroyIcon.USER32 ref: 00007FFDF629A8FE
DestroyIcon.USER32 ref: 00007FFDF629A917
GetSystemMetrics.USER32 ref: 00007FFDF629A929
GetSystemMetrics.USER32 ref: 00007FFDF629A936
GetSystemMetrics.USER32 ref: 00007FFDF629A955
GetSystemMetrics.USER32 ref: 00007FFDF629A962
SendMessageW.USER32 ref: 00007FFDF629A999
SendMessageW.USER32 ref: 00007FFDF629A9A8
SendMessageW.USER32 ref: 00007FFDF629A9C3

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: MetricsSystem$MessageSend$DestroyIcon
String ID:
API String ID: 716659538-0
Opcode ID: 7fe19fbf9da8fbfc6fdc38b90b6a81077fd5543be0747dad931ed74d307f69ca
Instruction ID: f5db963d9ef9f2c61d451e0998f84792987e5ae1682713f8c58895118af5bd50
Opcode Fuzzy Hash: 7fe19fbf9da8fbfc6fdc38b90b6a81077fd5543be0747dad931ed74d307f69ca
Instruction Fuzzy Hash: F9214426B05B5183FB489BB19464BA873A8FF84B84F548135DA2E43BC9CF3DE4659300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF60CFD0840 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 99COMMON

Download Yara Rule

APIs

??0QObject@@QEAA@PEAV0@@Z.QT5CORE(?,?,00000000,?,?,00007FF60CFE328C), ref: 00007FF60CFD085C
??0QMutex@@QEAA@W4RecursionMode@0@@Z.QT5CORE(?,?,00007FF60CFE328C), ref: 00007FF60CFD0874

Part of subcall function 00007FF60D076824: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF60D07683E

_Mtx_init_in_situ.MSVCP140(?,?,00007FF60CFE328C), ref: 00007FF60CFD0905
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00007FF60CFE328C), ref: 00007FF60CFD091C
memset.VCRUNTIME140(?,?,00007FF60CFE328C), ref: 00007FF60CFD092F

Strings

@)(, xrefs: 00007FF60CFD0910
@)(, xrefs: 00007FF60CFD0917

Memory Dump Source

Source File: 0000000F.00000002.3088052427.00007FF60CFC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF60CFC0000, based on PE: true

Associated: 0000000F.00000002.3088035517.00007FF60CFC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088110305.00007FF60D086000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088157309.00007FF60D101000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088175807.00007FF60D104000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088193777.00007FF60D108000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088211068.00007FF60D10B000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff60cfc0000_SRTMiniServer.jbxd

Similarity

API ID: malloc$Mode@0@@Mtx_init_in_situMutex@@Object@@RecursionV0@@memset
String ID: @)($@)(
API String ID: 499055603-642521220
Opcode ID: 584be7d1875250f0b48c7e166cb546adb6e9a1d2ef3de1187fddeb7953c054ab
Instruction ID: 45d5703b4b6f61a3ac965bc2c37ae989575c6c2ddb358bbda4d8e19ad7e9e463
Opcode Fuzzy Hash: 584be7d1875250f0b48c7e166cb546adb6e9a1d2ef3de1187fddeb7953c054ab
Instruction Fuzzy Hash: FA41283AA00B81DAE310DF20F94429E77A8F74574CF618225DF8D47618EF78D5A9EB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66EE310 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 42COMMON

Download Yara Rule

APIs

??0QObject@@QEAA@PEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF66EBFE2), ref: 00007FFDF66EE31B
??0QMutex@@QEAA@W4RecursionMode@0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF66EBFE2), ref: 00007FFDF66EE33C
??0QString@@QEAA@VQLatin1String@@@Z.QT5CORE ref: 00007FFDF66EE36B
??0QFactoryLoader@@QEAA@PEBDAEBVQString@@W4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FFDF66EE387
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66EE392

Part of subcall function 00007FFDF66EB5F0: ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE ref: 00007FFDF66EB633
Part of subcall function 00007FFDF66EB5F0: ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF66EE3D4), ref: 00007FFDF66EB667
Part of subcall function 00007FFDF66EB5F0: ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF66EE3D4), ref: 00007FFDF66EB674

Part of subcall function 00007FFDF66F06D0: ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE ref: 00007FFDF66F0713
Part of subcall function 00007FFDF66F06D0: ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF66EE3D9), ref: 00007FFDF66F0747
Part of subcall function 00007FFDF66F06D0: ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF66EE3D9), ref: 00007FFDF66F0754

Strings

/bearer, xrefs: 00007FFDF66EE34A
org.qt-project.Qt.QBearerEngineFactoryInterface, xrefs: 00007FFDF66EE380

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Meta$Array@@Byte$Type@$Object@@String@@$?normalized?registerFlag@Flags@NormalizedObject@@@TypeType@@Type@@@@$CaseFactoryLatin1Loader@@Mode@0@@Mutex@@Qt@@@RecursionSensitivity@String@@@V0@@
String ID: /bearer$org.qt-project.Qt.QBearerEngineFactoryInterface
API String ID: 3105894908-2899753972
Opcode ID: cde3ec7a76f0447b6072e042afef386fa0dad04d5a1ffb5325d1990b6dedaa35
Instruction ID: 6c962d31e609a4ecdc06eeea1765a263a11923c3694266312ad45160d1d0d189
Opcode Fuzzy Hash: cde3ec7a76f0447b6072e042afef386fa0dad04d5a1ffb5325d1990b6dedaa35
Instruction Fuzzy Hash: B221F972608B4A86EB109F64E87076977B8FB48B48F500175DA9C43BA8EF7DD585C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6294960 Relevance: 10.6, APIs: 7, Instructions: 108COMMON

Download Yara Rule

APIs

GetWindowPlacement.USER32 ref: 00007FFDF62949BE
??0QRect@@QEAA@AEBVQPoint@@AEBVQSize@@@Z.QT5CORE ref: 00007FFDF62949F2

Part of subcall function 00007FFDF629C140: GetWindowLongPtrW.USER32 ref: 00007FFDF629C15B

?translated@QRect@@QEBA?AV1@AEBVQPoint@@@Z.QT5CORE ref: 00007FFDF6294A1E
GetWindowRect.USER32 ref: 00007FFDF6294A30
GetParent.USER32 ref: 00007FFDF6294A39
ScreenToClient.USER32 ref: 00007FFDF6294A66
??0QRect@@QEAA@AEBVQPoint@@AEBVQSize@@@Z.QT5CORE ref: 00007FFDF6294AB3

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Rect@@Window$Point@@Size@@@$?translated@ClientLongParentPlacementPoint@@@RectScreen
String ID:
API String ID: 3157457706-0
Opcode ID: a14c0c4b07bdae3e7ad5014cdeb743477b427a3d35edb3ea517e97c65fee6739
Instruction ID: f750f70d108da351ac47b7efe74c1c0a349e83c809490e1ba45f7e553ecb3079
Opcode Fuzzy Hash: a14c0c4b07bdae3e7ad5014cdeb743477b427a3d35edb3ea517e97c65fee6739
Instruction Fuzzy Hash: 14511673B146019FE714DFB9D4509EC37B5AB88B88B45813ADE0A63F8CEE389509CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF60D03A850 Relevance: 10.5, APIs: 7, Instructions: 47networkCOMMON

Download Yara Rule

APIs

??0QObject@@QEAA@PEAV0@@Z.QT5CORE(?,?,?,00000000,?,00007FF60D03A3AB), ref: 00007FF60D03A873
??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,00000000,?,00007FF60D03A3AB), ref: 00007FF60D03A888
??0QDate@@QEAA@XZ.QT5CORE(?,?,?,00000000,?,00007FF60D03A3AB), ref: 00007FF60D03A893
??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,00000000,?,00007FF60D03A3AB), ref: 00007FF60D03A89D
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,?,?,00000000,?,00007FF60D03A3AB), ref: 00007FF60D03A8AB

Part of subcall function 00007FF60D076824: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF60D07683E

??0QNetworkAccessManager@@QEAA@PEAVQObject@@@Z.QT5NETWORK(?,?,?,00000000,?,00007FF60D03A3AB), ref: 00007FF60D03A8D1
??1QString@@QEAA@XZ.QT5CORE(?,?,?,00000000,?,00007FF60D03A3AB), ref: 00007FF60D03A8E8

Memory Dump Source

Source File: 0000000F.00000002.3088052427.00007FF60CFC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF60CFC0000, based on PE: true

Associated: 0000000F.00000002.3088035517.00007FF60CFC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088110305.00007FF60D086000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088157309.00007FF60D101000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088175807.00007FF60D104000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088193777.00007FF60D108000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088211068.00007FF60D10B000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff60cfc0000_SRTMiniServer.jbxd

Similarity

API ID: Array@@ByteString@@V0@@$AccessDate@@Manager@@NetworkObject@@Object@@@malloc
String ID:
API String ID: 3495467707-0
Opcode ID: 1497478357ffaab02da242d7c893b404493a47b058a6e4c3d8c7c3c08646b86b
Instruction ID: 4029b394326c31a522c8b6258e5787323117d33c2345cbc3f2b48e9312899062
Opcode Fuzzy Hash: 1497478357ffaab02da242d7c893b404493a47b058a6e4c3d8c7c3c08646b86b
Instruction Fuzzy Hash: 23113A72A08B4192EB10DF11F84896977A9FB88B91F624230DE8E86774EF7CD54AC304

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF629E380 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 28COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF6380E9C: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDF6291204), ref: 00007FFDF6380EB6

Part of subcall function 00007FFDF629E400: OleInitializeWOW.OLE32 ref: 00007FFDF629E4DB
Part of subcall function 00007FFDF629E400: GetDC.USER32 ref: 00007FFDF629E52C
Part of subcall function 00007FFDF629E400: GetDeviceCaps.GDI32 ref: 00007FFDF629E53E
Part of subcall function 00007FFDF629E400: GetKeyboardLayoutList.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00007FFDF629E39B,?,?,00000000,00007FFDF629C54F), ref: 00007FFDF629E54B
Part of subcall function 00007FFDF629E400: GetKeyboardLayoutList.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00007FFDF629E39B,?,?,00000000,00007FFDF629C54F), ref: 00007FFDF629E581

?qgetenv@@YA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,00000000,00007FFDF629C54F,?,?,?,?,?,?,?,?,?,00007FFDF629C4DF), ref: 00007FFDF629E3B1
?fromLocal8Bit@QString@@SA?AV1@AEBVQByteArray@@@Z.QT5CORE(?,?,00000000,00007FFDF629C54F,?,?,?,?,?,?,?,?,?,00007FFDF629C4DF), ref: 00007FFDF629E3CC
?setFilterRules@QLoggingCategory@@SAXAEBVQString@@@Z.QT5CORE(?,?,00000000,00007FFDF629C54F,?,?,?,?,?,?,?,?,?,00007FFDF629C4DF), ref: 00007FFDF629E3D5
??1QString@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFDF629C54F,?,?,?,?,?,?,?,?,?,00007FFDF629C4DF), ref: 00007FFDF629E3E0
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFDF629C54F,?,?,?,?,?,?,?,?,?,00007FFDF629C4DF), ref: 00007FFDF629E3EB

Strings

QT_QPA_VERBOSE, xrefs: 00007FFDF629E39E

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Byte$Array@@KeyboardLayoutListString@@$?from?qgetenv@@?setArray@@@Bit@CapsCategory@@DeviceFilterInitializeLocal8LoggingRules@String@@@malloc
String ID: QT_QPA_VERBOSE
API String ID: 2569953207-688947982
Opcode ID: 90b2fab9819d8738aa6b74186041ecc765a5521450b8a8f60412d76a10b99df7
Instruction ID: 4b0ff1b71f32a2a16355e9075b8d5f75f27c10029f774bfca7957f52c2ab3f21
Opcode Fuzzy Hash: 90b2fab9819d8738aa6b74186041ecc765a5521450b8a8f60412d76a10b99df7
Instruction Fuzzy Hash: 12F06222B18A4383DB00AB60F4649B963A4FF94B45F49A031E56F03BEDDE3CD449C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62A5BC0 Relevance: 9.1, APIs: 6, Instructions: 116COMMON

Download Yara Rule

APIs

??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF62A5C22

Part of subcall function 00007FFDF62A5870: memset.VCRUNTIME140 ref: 00007FFDF62A589E
Part of subcall function 00007FFDF62A5870: GetMonitorInfoW.USER32 ref: 00007FFDF62A58B1
Part of subcall function 00007FFDF62A5870: ?fromWCharArray@QString@@SA?AV1@PEB_WH@Z.QT5CORE ref: 00007FFDF62A592F
Part of subcall function 00007FFDF62A5870: ??4QUrl@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62A593C
Part of subcall function 00007FFDF62A5870: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62A5947
Part of subcall function 00007FFDF62A5870: ??8QString@@QEBA_NVQLatin1String@@@Z.QT5CORE ref: 00007FFDF62A5978

??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF62A5CCA
?prepend@QListData@@QEAAPEAPEAXXZ.QT5CORE ref: 00007FFDF62A5CED
?append@QListData@@QEAAPEAPEAXXZ.QT5CORE ref: 00007FFDF62A5D0C
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF62A5D5B
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62A5D80

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: String@@$V0@@$Array@@ByteData@@List$??0?$?append@?from?prepend@Array@CharF@@@@InfoLatin1MonitorPointString@@@Url@@V0@$$Vector@memset
String ID:
API String ID: 2414927885-0
Opcode ID: 34adda2d028765efee49214cc55f537d7b212ca63e24fad93ce6f1a1f073cb6b
Instruction ID: 62538d264223cd2249f086c8e56e2d6db4066a9ddf67792b155726878dd57050
Opcode Fuzzy Hash: 34adda2d028765efee49214cc55f537d7b212ca63e24fad93ce6f1a1f073cb6b
Instruction Fuzzy Hash: 00518933A04A82CAE7009F38D0506EC73B5FB9974CF05A225EE5D57AA9EF78E584C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6295CC0 Relevance: 9.1, APIs: 6, Instructions: 115COMMON

Download Yara Rule

APIs

?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF6295CD7
?isTopLevel@QWindow@@QEBA_NXZ.QT5GUI ref: 00007FFDF6295CE3
?minimumSize@QWindow@@QEBA?AVQSize@@XZ.QT5GUI ref: 00007FFDF6295D26
?maximumSize@QWindow@@QEBA?AVQSize@@XZ.QT5GUI ref: 00007FFDF6295D57
?scaleAndOrigin@QHighDpiScaling@@SA?AUScaleAndOrigin@1@PEBVQWindow@@PEAVQPoint@@@Z.QT5GUI ref: 00007FFDF6295D95
?mapFromGlobal@QWindow@@QEBA?AVQPoint@@AEBV2@@Z.QT5GUI ref: 00007FFDF6295DC9

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Window@@$Size@Size@@$?map?maximum?minimum?scale?window@FromGlobal@HighLevel@Origin@Origin@1@PlatformPoint@@Point@@@ScaleScaling@@V2@@
String ID:
API String ID: 969568068-0
Opcode ID: f5d65a586ac0dea837f64501c7736b08baf65b6654f0aee4af9230c268983dea
Instruction ID: 064d8429506137e21b9c9f68ed6400e3c3be874eaceaea92ad3c7d4c337f8927
Opcode Fuzzy Hash: f5d65a586ac0dea837f64501c7736b08baf65b6654f0aee4af9230c268983dea
Instruction Fuzzy Hash: 87417E32B04B028AEB54CF66D460AAD3774BB85B98F148035CE6DA7A9CDF39D485D700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF60D0778B0 Relevance: 7.6, APIs: 5, Instructions: 108COMMON

Download Yara Rule

APIs

GetCommandLineW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF60D0770BE), ref: 00007FF60D0778BF
CommandLineToArgvW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF60D0770BE), ref: 00007FF60D0778CD
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF60D0770BE), ref: 00007FF60D077981
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF60D0770BE), ref: 00007FF60D0779B2
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF60D0770BE), ref: 00007FF60D0779F5

Memory Dump Source

Source File: 0000000F.00000002.3088052427.00007FF60CFC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF60CFC0000, based on PE: true

Associated: 0000000F.00000002.3088035517.00007FF60CFC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088110305.00007FF60D086000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088157309.00007FF60D101000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088175807.00007FF60D104000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088193777.00007FF60D108000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088211068.00007FF60D10B000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff60cfc0000_SRTMiniServer.jbxd

Similarity

API ID: ByteCharCommandLineMultiWide$ArgvFreeLocal
String ID:
API String ID: 4060259846-0
Opcode ID: 71ace43b1454cbbedb4b20cbd1568bff122bacc4825fa76463e3a0d5321b0603
Instruction ID: a2aec0aa122b338515e74dec04f48b3be4b34b661c6a6ec5fbea525472a3436c
Opcode Fuzzy Hash: 71ace43b1454cbbedb4b20cbd1568bff122bacc4825fa76463e3a0d5321b0603
Instruction Fuzzy Hash: C4416232A08B8186D750DF15B84016AB7A4FB89BE0F644335EEAE87B95EF3DD454CB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF60D03A1C0 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60D03A1F8
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60D03A20E
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60D03A224
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60D03A23A

Part of subcall function 00007FF60D03C170: ??0QDialog@@QEAA@PEAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D03C1B0
Part of subcall function 00007FF60D03C170: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60D03C1E3
Part of subcall function 00007FF60D03C170: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60D03C1F3
Part of subcall function 00007FF60D03C170: ?setWindowFlag@QWidget@@QEAAXW4WindowType@Qt@@_N@Z.QT5WIDGETS ref: 00007FF60D03C21D
Part of subcall function 00007FF60D03C170: ?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60D03C23B
Part of subcall function 00007FF60D03C170: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60D03C24C
Part of subcall function 00007FF60D03C170: ?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FF60D03C264
Part of subcall function 00007FF60D03C170: ?setWindowTitle@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60D03C270
Part of subcall function 00007FF60D03C170: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D03C27B
Part of subcall function 00007FF60D03C170: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D03C286
Part of subcall function 00007FF60D03C170: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60D03C2A3
Part of subcall function 00007FF60D03C170: ??0QString@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FF60D03C2C2
Part of subcall function 00007FF60D03C170: ??0QString@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FF60D03C2F1

?exec@QDialog@@UEAAHXZ.QT5WIDGETS ref: 00007FF60D03A271

Memory Dump Source

Source File: 0000000F.00000002.3088052427.00007FF60CFC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF60CFC0000, based on PE: true

Associated: 0000000F.00000002.3088035517.00007FF60CFC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088110305.00007FF60D086000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088157309.00007FF60D101000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088175807.00007FF60D104000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088193777.00007FF60D108000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088211068.00007FF60D10B000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff60cfc0000_SRTMiniServer.jbxd

Similarity

API ID: V0@@$Array@@Byte$String@@$Window$Widget@@$?setA@$$Dialog@@Type@$?append@?exec@?fromArrayAscii_helper@Data@Flag@Flags@Qt@@@@@Qt@@_String@@@Title@TypedV1@@
String ID:
API String ID: 3111602105-0
Opcode ID: 02dcfc06fdf7be39d8ff073e597ef7df3c8c0a87df015ca54106d26965da6615
Instruction ID: 47017887b91ad1acac3d76b4acfbb81ee197162dbd9b825c879616c8d6208af0
Opcode Fuzzy Hash: 02dcfc06fdf7be39d8ff073e597ef7df3c8c0a87df015ca54106d26965da6615
Instruction Fuzzy Hash: B8318072B08A8186EB10DF15E85066E6365FF84BC0F644636EA9FC3B99EF3DD8508704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF629FCE0 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF629FD0D

Part of subcall function 00007FFDF62A1C30: GetModuleHandleW.KERNEL32 ref: 00007FFDF62A1C88
Part of subcall function 00007FFDF62A1C30: ?utf16@QString@@QEBAPEBGXZ.QT5CORE ref: 00007FFDF62A1C9F
Part of subcall function 00007FFDF62A1C30: GetClassInfoW.USER32 ref: 00007FFDF62A1CAF
Part of subcall function 00007FFDF62A1C30: ?createUuid@QUuid@@SA?AV1@XZ.QT5CORE ref: 00007FFDF62A1CDF
Part of subcall function 00007FFDF62A1C30: ?toString@QUuid@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FFDF62A1CED
Part of subcall function 00007FFDF62A1C30: ?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FFDF62A1CF9
Part of subcall function 00007FFDF62A1C30: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62A1D04
Part of subcall function 00007FFDF62A1C30: ?qHash@@YAIAEBVQString@@I@Z.QT5CORE ref: 00007FFDF62A1D21
Part of subcall function 00007FFDF62A1C30: LoadImageW.USER32 ref: 00007FFDF62A1D98
Part of subcall function 00007FFDF62A1C30: GetSystemMetrics.USER32 ref: 00007FFDF62A1DAB
Part of subcall function 00007FFDF62A1C30: GetSystemMetrics.USER32 ref: 00007FFDF62A1DB7
Part of subcall function 00007FFDF62A1C30: LoadImageW.USER32 ref: 00007FFDF62A1DD7

GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFDF62D7447), ref: 00007FFDF629FD3B
?utf16@QString@@QEBAPEBGXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFDF62D7447), ref: 00007FFDF629FD4C
CreateWindowExW.USER32 ref: 00007FFDF629FD9A
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF629FDAB

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: String@@$?utf16@HandleImageLoadMetricsModuleSystemUuid@@$?append@?createArray@@ByteClassCreateHash@@InfoString@Uuid@V0@@V1@@Window
String ID:
API String ID: 359114985-0
Opcode ID: 8aa5463ea2137e58ff5abd2332db762b8f3759d08f9094684ccbfa3ff9c6ded1
Instruction ID: 0abf05986f467ac3405301e2e14f6467defad62c6e091f1620ec59454fc0cfcb
Opcode Fuzzy Hash: 8aa5463ea2137e58ff5abd2332db762b8f3759d08f9094684ccbfa3ff9c6ded1
Instruction Fuzzy Hash: 0521503260878686D7209F61F45469AB7A4F789BE4F584239EEAD43F99CF3CD1448B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66FF9A0 Relevance: 6.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66FFA07
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66FFA15
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF66FFA9A
_Init_thread_footer.LIBCMT ref: 00007FFDF66FFB34

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Data@@List$?begin@?dispose@?end@Data@1@@Init_thread_footer
String ID:
API String ID: 4115183119-0
Opcode ID: 0d9a1dc72535c92f52e2cad76d236c7dfaeb5771b71948feb16e2bf1e9c9f201
Instruction ID: a31c95a8dccbbf792c4a5929e01c87a614ad2148fb10307d44e4b147b0907eea
Opcode Fuzzy Hash: 0d9a1dc72535c92f52e2cad76d236c7dfaeb5771b71948feb16e2bf1e9c9f201
Instruction Fuzzy Hash: 98411C32B09A8286EB109F29E47096973A8EB84B50B544235D67D43FEDEF3DD9468B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62A0EA0 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50163e0c4f2069167ca1fd90d21a807d5babe4cbbf714c05aed28f1f3fecb0dd
Instruction ID: ac4c137e1827ccebb177e95304339f76820412e97d7fab9f40ca06ef725a590d
Opcode Fuzzy Hash: 50163e0c4f2069167ca1fd90d21a807d5babe4cbbf714c05aed28f1f3fecb0dd
Instruction Fuzzy Hash: 8931BB22F0864292FB549B16E550B7963A4EF48BD8F085030EE6E9BBCDDE7CE8508744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6305850 Relevance: 6.1, APIs: 4, Instructions: 51COMMON

Download Yara Rule

APIs

?utf16@QString@@QEBAPEBGXZ.QT5CORE ref: 00007FFDF63058E8

Part of subcall function 00007FFDF62FB510: ??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE ref: 00007FFDF62FB536
Part of subcall function 00007FFDF62FB510: RegOpenKeyExW.ADVAPI32 ref: 00007FFDF62FB55E
Part of subcall function 00007FFDF62FB510: RegQueryValueExW.ADVAPI32 ref: 00007FFDF62FB591
Part of subcall function 00007FFDF62FB510: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDF62FB5CB
Part of subcall function 00007FFDF62FB510: RegQueryValueExW.ADVAPI32 ref: 00007FFDF62FB63D
Part of subcall function 00007FFDF62FB510: ?fromWCharArray@QString@@SA?AV1@PEB_WH@Z.QT5CORE ref: 00007FFDF62FB655
Part of subcall function 00007FFDF62FB510: ??4QUrl@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62FB661
Part of subcall function 00007FFDF62FB510: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62FB66C
Part of subcall function 00007FFDF62FB510: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDF62FB681
Part of subcall function 00007FFDF62FB510: RegCloseKey.ADVAPI32 ref: 00007FFDF62FB68C

?isEmpty@QString@@QEBA_NXZ.QT5CORE ref: 00007FFDF630590C
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF6305920
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF630592B

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: String@@$QueryV0@@Value$??0?$?from?utf16@Array@Array@@ByteCharCloseEmpty@F@@@@OpenPointUrl@@V0@$$Vector@freemalloc
String ID:
API String ID: 1635077169-0
Opcode ID: 5fdbff7383ef78e8c0f49ea5cd42e0c193aef33654bc0cbc0a31566acb867196
Instruction ID: 63ef418ac6232bd47e7d5cbf6b7c7c166a4bc7310a64a90915fb5b1291cbc7d8
Opcode Fuzzy Hash: 5fdbff7383ef78e8c0f49ea5cd42e0c193aef33654bc0cbc0a31566acb867196
Instruction Fuzzy Hash: 03218615618AC582F7115B28E426AF5A3F5FF987D9F085230DE9803AB9EF3DE186C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF629C090 Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

GetWindowLongPtrW.USER32 ref: 00007FFDF629C0C2

Part of subcall function 00007FFDF6299D70: ?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF6299D84
Part of subcall function 00007FFDF6299D70: ??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF6299DAA
Part of subcall function 00007FFDF6299D70: ?number@QByteArray@@SA?AV1@_KH@Z.QT5CORE ref: 00007FFDF6299DC0
Part of subcall function 00007FFDF6299D70: ?append@QByteArray@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FFDF6299DD1
Part of subcall function 00007FFDF6299D70: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6299DDF
Part of subcall function 00007FFDF6299D70: ?append@QByteArray@@QEAAAEAV1@PEBD@Z.QT5CORE ref: 00007FFDF6299DF8
Part of subcall function 00007FFDF6299D70: ?append@QByteArray@@QEAAAEAV1@PEBD@Z.QT5CORE ref: 00007FFDF6299E13
Part of subcall function 00007FFDF6299D70: ?append@QByteArray@@QEAAAEAV1@PEBD@Z.QT5CORE ref: 00007FFDF6299E2E
Part of subcall function 00007FFDF6299D70: ?append@QByteArray@@QEAAAEAV1@PEBD@Z.QT5CORE ref: 00007FFDF6299E49
Part of subcall function 00007FFDF6299D70: ?append@QByteArray@@QEAAAEAV1@PEBD@Z.QT5CORE ref: 00007FFDF6299E64
Part of subcall function 00007FFDF6299D70: ?append@QByteArray@@QEAAAEAV1@PEBD@Z.QT5CORE ref: 00007FFDF6299E7F
Part of subcall function 00007FFDF6299D70: ?append@QByteArray@@QEAAAEAV1@PEBD@Z.QT5CORE ref: 00007FFDF6299E9A
Part of subcall function 00007FFDF6299D70: ?append@QByteArray@@QEAAAEAV1@PEBD@Z.QT5CORE ref: 00007FFDF6299EB5
Part of subcall function 00007FFDF6299D70: ?append@QByteArray@@QEAAAEAV1@PEBD@Z.QT5CORE ref: 00007FFDF6299ED0
Part of subcall function 00007FFDF6299D70: ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF6299EF1
Part of subcall function 00007FFDF6299D70: ?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF6299EFF
Part of subcall function 00007FFDF6299D70: ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF6299F0F
Part of subcall function 00007FFDF6299D70: ?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF6299F26
Part of subcall function 00007FFDF6299D70: ??6@YA?AVQDebug@@V0@PEBVQPlatformSurface@@@Z.QT5GUI ref: 00007FFDF6299F3F
Part of subcall function 00007FFDF6299D70: ??6@YA?AVQDebug@@V0@PEBVQWindow@@@Z.QT5GUI ref: 00007FFDF6299F50
Part of subcall function 00007FFDF6299D70: ??6QDebug@@QEAAAEAV0@AEBVQByteArray@@@Z.QT5CORE ref: 00007FFDF6299F61

GetWindowLongPtrW.USER32 ref: 00007FFDF629C0F7
GetCapture.USER32 ref: 00007FFDF629C116
ReleaseCapture.USER32 ref: 00007FFDF629C122

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Byte$Array@@$?append@$Debug@@$??6@CaptureLogger@@LongMessagePlatformWindowWindow@@$?debug@?number@?window@Array@@@Category@@DebugEnabled@H00@LoggingReleaseSurface@@@V1@@V1@_Window@@@
String ID:
API String ID: 1168251963-0
Opcode ID: 99a4eb74e3e70c6f1aaedb7d6bbb54e07b842470f1b1723bfefb1967d4cf6c7a
Instruction ID: 5e226e260de4f4139375b4919419547644299568946cc5d9de435ffc513d46a2
Opcode Fuzzy Hash: 99a4eb74e3e70c6f1aaedb7d6bbb54e07b842470f1b1723bfefb1967d4cf6c7a
Instruction Fuzzy Hash: CA117362F0890283EB546B79D86447C22B9EFCAFA5F188131C92E46BEDCE3CD4859310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF629D8DB Relevance: 6.0, APIs: 4, Instructions: 40COMMON

Download Yara Rule

APIs

?requested@QPlatformInputContextFactory@@SA?AVQString@@XZ.QT5GUI ref: 00007FFDF629D8EE
?isNull@QString@@QEBA_NXZ.QT5CORE ref: 00007FFDF629D8F9
?create@QPlatformInputContextFactory@@SAPEAVQPlatformInputContext@@AEBVQString@@@Z.QT5GUI ref: 00007FFDF629D937
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF629D965

Part of subcall function 00007FFDF6380E9C: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDF6291204), ref: 00007FFDF6380EB6

Part of subcall function 00007FFDF62BC120: ??0QPlatformInputContext@@QEAA@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,00007FFDF629D915), ref: 00007FFDF62BC12B
Part of subcall function 00007FFDF62BC120: RegisterWindowMessageW.USER32(?,?,?,?,?,?,?,?,?,00007FFDF629D915), ref: 00007FFDF62BC142
Part of subcall function 00007FFDF62BC120: ??0?$QVector@VQPointF@@@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF629D915), ref: 00007FFDF62BC159
Part of subcall function 00007FFDF62BC120: GetKeyboardLayout.USER32 ref: 00007FFDF62BC174
Part of subcall function 00007FFDF62BC120: ?qt_localeFromLCID@@YA?AVQLocale@@K@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF629D915), ref: 00007FFDF62BC184
Part of subcall function 00007FFDF62BC120: CreateBitmap.GDI32 ref: 00007FFDF62BC1A8
Part of subcall function 00007FFDF62BC120: ?inputMethod@QGuiApplication@@SAPEAVQInputMethod@@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,00007FFDF629D915), ref: 00007FFDF62BC1CD
Part of subcall function 00007FFDF62BC120: ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF629D915), ref: 00007FFDF62BC232
Part of subcall function 00007FFDF62BC120: ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF629D915), ref: 00007FFDF62BC240

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Input$Platform$Object@@String@@$Connection@ContextContext@@Factory@@Meta$??0?$?connect?create@?input?qt_locale?requested@Application@@Base@BitmapConnectionCreateF@@@@FromImpl@KeyboardLayoutLocale@@MessageMethod@Method@@Null@ObjectPointPrivate@@Qt@@RegisterSlotString@@@Type@U3@@Vector@Windowmalloc
String ID:
API String ID: 2591607139-0
Opcode ID: 7f4979beb38131c5a12365d380cf8952f26fc387d51bd56cfcad7536920aee67
Instruction ID: aa5b2ebd742ea887fc3abc25f995703108afe1c45d2bbcb6cbad5adc890e85c7
Opcode Fuzzy Hash: 7f4979beb38131c5a12365d380cf8952f26fc387d51bd56cfcad7536920aee67
Instruction Fuzzy Hash: 34018026709D4681EF44AB61E4706B963A4EF84B48F484530EA9F4BEEDDF2CD889D310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF629C970 Relevance: 6.0, APIs: 4, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF6380E9C: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDF6291204), ref: 00007FFDF6380EB6

??0QEventDispatcherWin32@@QEAA@PEAVQObject@@@Z.QT5CORE ref: 00007FFDF62F33D9
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FFDF62F340B
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62F3416
?createInternalHwnd@QEventDispatcherWin32@@IEAAXXZ.QT5CORE ref: 00007FFDF62F341F

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: DispatcherEventWin32@@$?create?setHwnd@InternalName@ObjectObject@@Object@@@String@@String@@@malloc
String ID:
API String ID: 4121027395-0
Opcode ID: 429b9cf696380ab6c15960212ae059710ee90605bd24be306e4afc1ccdd6b6fc
Instruction ID: a0d96e871d75a25a58b2745013ddc7546caa45153e2801a9cbe39ff57abe7bbf
Opcode Fuzzy Hash: 429b9cf696380ab6c15960212ae059710ee90605bd24be306e4afc1ccdd6b6fc
Instruction Fuzzy Hash: 86F06221B19742D7EB04ABB1F8649A923E4EF89B44F485030D96E47B9DEF3CD1898740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62F14F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

?compare@QString@@QEBAHVQLatin1String@@W4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FFDF62F1526

Part of subcall function 00007FFDF6380E9C: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDF6291204), ref: 00007FFDF6380EB6

Part of subcall function 00007FFDF6380E9C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFDF6380ED2

??0QObject@@QEAA@PEAV0@@Z.QT5CORE ref: 00007FFDF62F27DE

Strings

windows, xrefs: 00007FFDF62F1501

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: String@@$?compare@CaseConcurrency::cancel_current_taskLatin1Object@@Qt@@@Sensitivity@V0@@malloc
String ID: windows
API String ID: 2245036053-3823601051
Opcode ID: dad501411b0e62721227bfd5fcf9d6eda6d5d5c78e115cbc3192afaf9e396538
Instruction ID: 98f94a234f31014a6883aa914d8bd200aa4ff699061036f4af33c11707b0a7fc
Opcode Fuzzy Hash: dad501411b0e62721227bfd5fcf9d6eda6d5d5c78e115cbc3192afaf9e396538
Instruction Fuzzy Hash: 1E11C622B19B4682EB10AB61E9615B963E8FF8C784F484134DE9C47B9CEF3CD1958B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62F6A30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

?qErrnoWarning@@YAXPEBDZZ.QT5CORE ref: 00007FFDF62F6AB1
_Init_thread_footer.LIBCMT ref: 00007FFDF62F6AF3

Strings

DWriteCreateFactory failed, xrefs: 00007FFDF62F6AAA

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: ErrnoInit_thread_footerWarning@@
String ID: DWriteCreateFactory failed
API String ID: 1977386182-439803201
Opcode ID: aa8cf9cc25beba3794105967942bd94a050176681d39862ef65213899370a390
Instruction ID: 8eb6a8cd712ceb30c1038a315153106223f2dc69b801ebc944d7b8b314a6bb73
Opcode Fuzzy Hash: aa8cf9cc25beba3794105967942bd94a050176681d39862ef65213899370a390
Instruction Fuzzy Hash: 39215E25B19A4682EB40AB64E8A0BAA23E9FF54745F484035D92D82BE8DF3CE558D710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62FA100 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMON

Download Yara Rule

APIs

?qErrnoWarning@@YAXPEBDZZ.QT5CORE(?,?,00007FFDF62F6C5D,?), ref: 00007FFDF62FA159

Part of subcall function 00007FFDF62F6A30: ?qErrnoWarning@@YAXPEBDZZ.QT5CORE ref: 00007FFDF62F6AB1

Strings

initDirectWrite, xrefs: 00007FFDF62FA14B
%s: GetGdiInterop failed, xrefs: 00007FFDF62FA152

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: ErrnoWarning@@
String ID: %s: GetGdiInterop failed$initDirectWrite
API String ID: 3819680178-3227400310
Opcode ID: f0c88bf885b556876e7a2203bb8fb55b995acab1564d7b78a15bed15ed062289
Instruction ID: 986f0e3b5e852c4d39b6f4ce1d3ac769e1b40eee9d058edce3760e1d99771f5b
Opcode Fuzzy Hash: f0c88bf885b556876e7a2203bb8fb55b995acab1564d7b78a15bed15ed062289
Instruction Fuzzy Hash: 57018162B08581D2EF44CF25E4A0BBA23A4FF44B84F899031D72D87A99DF28D4A5D704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62A1690 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON

Download Yara Rule

APIs

??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,00000000,00007FFDF62914BE), ref: 00007FFDF62A16EC
_Init_thread_footer.LIBCMT ref: 00007FFDF62A1705

Strings

qt.qpa.windows, xrefs: 00007FFDF62A16E5

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Category@@Init_thread_footerLogging
String ID: qt.qpa.windows
API String ID: 189896515-1025278669
Opcode ID: 21a5c4d8f0b606bd0ab67f06c00f2ed27481a3d067ae290976b8b823a84b18c7
Instruction ID: 5ce1fd557a227e36abae19d173159c18c224c3a034120e82ec9cbdfd8bbf8fa4
Opcode Fuzzy Hash: 21a5c4d8f0b606bd0ab67f06c00f2ed27481a3d067ae290976b8b823a84b18c7
Instruction Fuzzy Hash: 64012C71F1890BC3EB00AB65E8608B833E9AFA5760F4C4131C53D43AE9DF2CA599D710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF60D010BD0 Relevance: 4.7, APIs: 3, Instructions: 157COMMON

Download Yara Rule

APIs

_stat64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 00007FF60D010C47
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF60D010C96
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF60D010DDC

Memory Dump Source

Source File: 0000000F.00000002.3088052427.00007FF60CFC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF60CFC0000, based on PE: true

Associated: 0000000F.00000002.3088035517.00007FF60CFC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088110305.00007FF60D086000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088157309.00007FF60D101000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088175807.00007FF60D104000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088193777.00007FF60D108000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088211068.00007FF60D10B000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff60cfc0000_SRTMiniServer.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$_stat64i32
String ID:
API String ID: 1866921897-0
Opcode ID: 76c9ad0c803706fc416fb83ee43f31a6602fe4745476cb125df6d3f0ea558acf
Instruction ID: 8d19741b1c61286fa2539e4ce355d3f3d3d79f60e96ad9b9475ffa1db7a63786
Opcode Fuzzy Hash: 76c9ad0c803706fc416fb83ee43f31a6602fe4745476cb125df6d3f0ea558acf
Instruction Fuzzy Hash: 4651B466F0468294FB109FA5D4443AC2762BB017ACFA04335DEAE976C5EF78A4C5C304

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF670EFF0 Relevance: 4.5, APIs: 3, Instructions: 43COMMON

Download Yara Rule

APIs

??0QIODevicePrivate@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFDF67307A7,?,?,?,00007FFDF6746CBE,?,?,00000000,00007FFDF6730752), ref: 00007FFDF670EFFD
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF670F02F

Part of subcall function 00007FFDF66F7970: ??0QSharedData@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00000000,00007FFDF67307A7,?,?,?,00007FFDF6746CBE,?,?,00000000,00007FFDF6730752), ref: 00007FFDF66F798D
Part of subcall function 00007FFDF66F7970: ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00000000,00007FFDF67307A7,?,?,?,00007FFDF6746CBE,?,?,00000000,00007FFDF6730752), ref: 00007FFDF66F7997

??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF670F07B

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Data@@DevicePrivate@@Shared
String ID:
API String ID: 4099607318-0
Opcode ID: ffabd04c902eeb293ae6ccd46fbae0910f63006960b0155d49e9212a00516368
Instruction ID: 1bb6945d1ab5def7475166da0f09bd265f836fad894e430b4fdd95bd8be7a16a
Opcode Fuzzy Hash: ffabd04c902eeb293ae6ccd46fbae0910f63006960b0155d49e9212a00516368
Instruction Fuzzy Hash: F321EA32614B8690D7409F34E8647ED3368FB54B78F584335CABD4AAE9EF789085C760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF60D00D780 Relevance: 4.5, APIs: 3, Instructions: 31threadCOMMON

Download Yara Rule

APIs

??0QThread@@QEAA@PEAVQObject@@@Z.QT5CORE(?,?,00000000,00007FF60CFE3198), ref: 00007FF60D00D798
??0QByteArray@@QEAA@XZ.QT5CORE(?,?,00000000,00007FF60CFE3198), ref: 00007FF60D00D7AD
??0QByteArray@@QEAA@XZ.QT5CORE(?,?,00000000,00007FF60CFE3198), ref: 00007FF60D00D7B8

Part of subcall function 00007FF60D0104C0: ??0QByteArray@@QEAA@XZ.QT5CORE ref: 00007FF60D0104DC
Part of subcall function 00007FF60D0104C0: ?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ.QT5CORE ref: 00007FF60D0104ED
Part of subcall function 00007FF60D0104C0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60D0104FB
Part of subcall function 00007FF60D0104C0: ?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D010519
Part of subcall function 00007FF60D0104C0: ?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FF60D010527
Part of subcall function 00007FF60D0104C0: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D010532
Part of subcall function 00007FF60D0104C0: ??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FF60D010540
Part of subcall function 00007FF60D0104C0: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D010551
Part of subcall function 00007FF60D0104C0: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D01055C
Part of subcall function 00007FF60D0104C0: ??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FF60D01056E
Part of subcall function 00007FF60D0104C0: ?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FF60D01057B
Part of subcall function 00007FF60D0104C0: ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60D01058C
Part of subcall function 00007FF60D0104C0: ??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FF60D010599
Part of subcall function 00007FF60D0104C0: ??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FF60D0105A4
Part of subcall function 00007FF60D0104C0: ?toLocal8Bit@QString@@QEHAA?AVQByteArray@@XZ.QT5CORE ref: 00007FF60D0105B2
Part of subcall function 00007FF60D0104C0: ?data@QByteArray@@QEAAPEADXZ.QT5CORE ref: 00007FF60D0105BC
Part of subcall function 00007FF60D0104C0: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FF60D0105D5
Part of subcall function 00007FF60D0104C0: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D0105E0

Memory Dump Source

Source File: 0000000F.00000002.3088052427.00007FF60CFC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF60CFC0000, based on PE: true

Associated: 0000000F.00000002.3088035517.00007FF60CFC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088110305.00007FF60D086000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088157309.00007FF60D101000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088175807.00007FF60D104000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088193777.00007FF60D108000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088211068.00007FF60D10B000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff60cfc0000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Array@@Byte$Debug@@$Logger@@MessageV0@@$?append@?application?data@?debug@?fromApplication@@Bit@CoreLocal8Object@@@Path@String@@@Thread@@Utf8@V1@@
String ID:
API String ID: 2604805318-0
Opcode ID: a4e09ceff794e9bc11d3b7451f91c54ffb0e88dc9e874a1eea322535104677fb
Instruction ID: 9bba152f70b5316541748b1e3065caf7a92ba1ff686551a49d3993276a487ff8
Opcode Fuzzy Hash: a4e09ceff794e9bc11d3b7451f91c54ffb0e88dc9e874a1eea322535104677fb
Instruction Fuzzy Hash: DFF04F31609B41A3D7049F61EA842697360FB99794F541230D78E83B65EF7CE5B8C304

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF629B460 Relevance: 4.5, APIs: 3, Instructions: 25COMMON

Download Yara Rule

APIs

?formatWindowTitle@QPlatformWindow@@KA?AVQString@@AEBV2@0@Z.QT5GUI ref: 00007FFDF629B490
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF629B49B

Part of subcall function 00007FFDF629B4D0: ?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF629B4E6
Part of subcall function 00007FFDF629B4D0: ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF629B50F
Part of subcall function 00007FFDF629B4D0: ?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF629B520
Part of subcall function 00007FFDF629B4D0: ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF629B530
Part of subcall function 00007FFDF629B4D0: ?window@QPlatformWindow@@QEBAPEAVQWindow@@XZ.QT5GUI ref: 00007FFDF629B547
Part of subcall function 00007FFDF629B4D0: ??6@YA?AVQDebug@@V0@PEBVQPlatformSurface@@@Z.QT5GUI ref: 00007FFDF629B560
Part of subcall function 00007FFDF629B4D0: ??6@YA?AVQDebug@@V0@PEBVQWindow@@@Z.QT5GUI ref: 00007FFDF629B574
Part of subcall function 00007FFDF629B4D0: ??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FFDF629B580
Part of subcall function 00007FFDF629B4D0: ??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF629B58E
Part of subcall function 00007FFDF629B4D0: ??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF629B59C
Part of subcall function 00007FFDF629B4D0: ?utf16@QString@@QEBAPEBGXZ.QT5CORE ref: 00007FFDF629B5A5

??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF629B4B3

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$String@@$PlatformWindow@@$??6@Logger@@Message$?debug@?format?utf16@?window@Category@@DebugEnabled@H00@LoggingString@@@Surface@@@Title@V2@0@WindowWindow@@@
String ID:
API String ID: 1920353416-0
Opcode ID: f4cc330307f71af70a8a042c9bf2a2769811d395a3910f3748ef3479760af183
Instruction ID: 59038ea82562f02ade5157525d7f623f08433c9bec52debe28a0e0341411d32b
Opcode Fuzzy Hash: f4cc330307f71af70a8a042c9bf2a2769811d395a3910f3748ef3479760af183
Instruction Fuzzy Hash: ACF0302671CA8692DF00DBA0F5604AAF765FBD47E4F448031EA9D47EAEDE6CD149CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6683490 Relevance: 3.1, APIs: 2, Instructions: 111COMMON

Download Yara Rule

APIs

??0QObjectPrivate@@QEAA@H@Z.QT5CORE(?,?,00000000,00007FFDF6683297), ref: 00007FFDF66834A3

Part of subcall function 00007FFDF66EBFC0: ??0QObject@@QEAA@PEAV0@@Z.QT5CORE(?,?,?,?,?,00007FFDF6683517,?,?,00000000,00007FFDF6683297), ref: 00007FFDF66EBFCD
Part of subcall function 00007FFDF66EBFC0: ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE(?,?,?,?,?,00007FFDF6683517,?,?,00000000,00007FFDF6683297), ref: 00007FFDF66EC010
Part of subcall function 00007FFDF66EBFC0: ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FFDF6683517,?,?,00000000,00007FFDF6683297), ref: 00007FFDF66EC01B
Part of subcall function 00007FFDF66EBFC0: ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE(?,?,?,?,?,00007FFDF6683517,?,?,00000000,00007FFDF6683297), ref: 00007FFDF66EC03C
Part of subcall function 00007FFDF66EBFC0: ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FFDF6683517,?,?,00000000,00007FFDF6683297), ref: 00007FFDF66EC047
Part of subcall function 00007FFDF66EBFC0: ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE(?,?,?,?,?,00007FFDF6683517,?,?,00000000,00007FFDF6683297), ref: 00007FFDF66EC068
Part of subcall function 00007FFDF66EBFC0: ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FFDF6683517,?,?,00000000,00007FFDF6683297), ref: 00007FFDF66EC073
Part of subcall function 00007FFDF66EBFC0: ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE(?,?,?,?,?,00007FFDF6683517,?,?,00000000,00007FFDF6683297), ref: 00007FFDF66EC094
Part of subcall function 00007FFDF66EBFC0: ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FFDF6683517,?,?,00000000,00007FFDF6683297), ref: 00007FFDF66EC09F
Part of subcall function 00007FFDF66EBFC0: ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE(?,?,?,?,?,00007FFDF6683517,?,?,00000000,00007FFDF6683297), ref: 00007FFDF66EC0C7
Part of subcall function 00007FFDF66EBFC0: ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FFDF6683517,?,?,00000000,00007FFDF6683297), ref: 00007FFDF66EC0D2

Part of subcall function 00007FFDF6759290: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDF668328F), ref: 00007FFDF67592AA

Part of subcall function 00007FFDF668A420: ??0QObject@@QEAA@PEAV0@@Z.QT5CORE(?,?,?,?,?,?,00000000,00007FFDF6683297), ref: 00007FFDF668A42B

??0QMutex@@QEAA@W4RecursionMode@0@@Z.QT5CORE ref: 00007FFDF66835A0

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Object@@$Connection@Meta$?connect@ConnectionQt@@@Type@$V0@@$Mode@0@@Mutex@@ObjectPrivate@@Recursionmalloc
String ID:
API String ID: 3516141922-0
Opcode ID: ba8c1ef2d4084a1d2eee432ea7bfc38843f828a25f61a5d7e6aee22268078f1a
Instruction ID: 9567173050f63ffbbd9bc9e11cc721e1efe2c050f7c4565262ee4987a505c35f
Opcode Fuzzy Hash: ba8c1ef2d4084a1d2eee432ea7bfc38843f828a25f61a5d7e6aee22268078f1a
Instruction Fuzzy Hash: EC514732604B8186E759DF75E4A07EAB7A8FB84350F408065CBAE17B95DF3CE59AC700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF629CCE0 Relevance: 3.1, APIs: 2, Instructions: 72COMMON

Download Yara Rule

APIs

??8QString@@QEBA_NVQLatin1String@@@Z.QT5CORE ref: 00007FFDF629CD30
??0QPlatformTheme@@QEAA@XZ.QT5GUI ref: 00007FFDF62BE99D

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Latin1PlatformString@@String@@@Theme@@
String ID:
API String ID: 3635375232-0
Opcode ID: 41194762d77498fb8ae2bdceaebecbd6223c637822d5f805ff08f211b9c91624
Instruction ID: 6a745bf926f4721700505b14adb73c00778db6a9b499b6168fc5622ad16096e9
Opcode Fuzzy Hash: 41194762d77498fb8ae2bdceaebecbd6223c637822d5f805ff08f211b9c91624
Instruction Fuzzy Hash: 9121D422B08B8582E7549F25E8206A963A4FB4CBD8F484230DAAD47BDDDF3CD5548740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62A1730 Relevance: 3.0, APIs: 2, Instructions: 37COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,?,?,?,00000246C821BF60,00007FFDF62C150F), ref: 00007FFDF62A1747
SystemParametersInfoW.USER32 ref: 00007FFDF62A1797

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: InfoParametersSystemmemset
String ID:
API String ID: 1986754214-0
Opcode ID: 2c875b41a6b0f485fa9a342d2074e944999f39015c9d04ba360f1d294cf0fe3e
Instruction ID: 43e2d67f048a4f348c3be64822ce6174c1a65fe61d289e1227a144c1c02a9471
Opcode Fuzzy Hash: 2c875b41a6b0f485fa9a342d2074e944999f39015c9d04ba360f1d294cf0fe3e
Instruction Fuzzy Hash: C3F0A437B1469242E7909B55FA51AE967A0BB987D0F5C4434DE2C87BE8CE3CCA828600

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6759290 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDF668328F), ref: 00007FFDF67592AA
Concurrency::cancel_current_task.LIBCPMT ref: 00007FFDF67592C6

Part of subcall function 00007FFDF6759FDC: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFDF6759FE5
Part of subcall function 00007FFDF6759FDC: _CxxThrowException.VCRUNTIME140 ref: 00007FFDF6759FF6

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Concurrency::cancel_current_taskExceptionThrowmallocstd::bad_alloc::bad_alloc
String ID:
API String ID: 514126270-0
Opcode ID: 2898d4732711519da945847ba148994d0bc43ae7f296a5d68232197b99e7e2c3
Instruction ID: 20636a966a0784fa2ee4e392774ebd4e48f59f749a922c495cf8d5ea2ec45011
Opcode Fuzzy Hash: 2898d4732711519da945847ba148994d0bc43ae7f296a5d68232197b99e7e2c3
Instruction Fuzzy Hash: 61F01710F1964B41FF1466A624729B431498F59370E1806B0ED3C09FCFFF1CAC978610

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66F7970 Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF6759290: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDF668328F), ref: 00007FFDF67592AA

??0QSharedData@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00000000,00007FFDF67307A7,?,?,?,00007FFDF6746CBE,?,?,00000000,00007FFDF6730752), ref: 00007FFDF66F798D
??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00000000,00007FFDF67307A7,?,?,?,00007FFDF6746CBE,?,?,00000000,00007FFDF6730752), ref: 00007FFDF66F7997

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Data@@SharedString@@malloc
String ID:
API String ID: 3873550563-0
Opcode ID: e3fdd7aa2b3ab64b4c857d5b85a483bc96ff1d0605d9bca9127454416848d90b
Instruction ID: abb0cda982112a9fd9a4f60620b5e64b0477a6ac5d4d456b7455be438d6d21b9
Opcode Fuzzy Hash: e3fdd7aa2b3ab64b4c857d5b85a483bc96ff1d0605d9bca9127454416848d90b
Instruction Fuzzy Hash: EAF05E32605B4586D7449F25E95432833A4E748B98F144238DA6D47BC9EF38C8A1C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6296AF0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 00007FFDF6296AF9
IsChild.USER32 ref: 00007FFDF6296B10

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: ChildForegroundWindow
String ID:
API String ID: 2801720684-0
Opcode ID: 47ce3806748b34f8f27605e527586fd7d17946c2021d6bad7527dc35fad37e66
Instruction ID: bc16cbe87e510483ffc691d04a56a4e1e1c859baf70197cfab62050a9de9cf0b
Opcode Fuzzy Hash: 47ce3806748b34f8f27605e527586fd7d17946c2021d6bad7527dc35fad37e66
Instruction Fuzzy Hash: B8E08C81F0620242FF241FA2646497803E8BF59B84B4C6034C82C8A7CCFE2CE8D5B310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6293430 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF6294E40: ?property@QObject@@QEBA?AVQVariant@@PEBD@Z.QT5CORE(?,?,?,?,?,00007FFDF6293476), ref: 00007FFDF6294E71
Part of subcall function 00007FFDF6294E40: ?userType@QVariant@@QEBAHXZ.QT5CORE ref: 00007FFDF6294E8A
Part of subcall function 00007FFDF6294E40: ?constData@QVariant@@QEBAPEBXXZ.QT5CORE ref: 00007FFDF6294E9A

??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF629347E

Part of subcall function 00007FFDF6293500: GetModuleHandleW.KERNEL32 ref: 00007FFDF6293564
Part of subcall function 00007FFDF6293500: ?initialGeometry@QPlatformWindow@@SA?AVQRect@@PEBVQWindow@@AEBV2@HH@Z.QT5GUI ref: 00007FFDF62935A1
Part of subcall function 00007FFDF6293500: ?qAppName@@YA?AVQString@@XZ.QT5CORE ref: 00007FFDF62935CC
Part of subcall function 00007FFDF6293500: ??4QUrl@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF62935EC
Part of subcall function 00007FFDF6293500: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF62935FB
Part of subcall function 00007FFDF6293500: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF629360A
Part of subcall function 00007FFDF6293500: ?utf16@QString@@QEBAPEBGXZ.QT5CORE ref: 00007FFDF6293613
Part of subcall function 00007FFDF6293500: ?utf16@QString@@QEBAPEBGXZ.QT5CORE ref: 00007FFDF6293624

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Variant@@$?utf16@V0@@Window@@$?const?initial?property@?userArray@@ByteData@Geometry@HandleModuleName@@Object@@PlatformRect@@Type@Url@@V0@$$
String ID:
API String ID: 3932469724-0
Opcode ID: 40480abfe07e19b6e8910ea886de98d0aa8137713583ce621f8a91129d760f9e
Instruction ID: ee83183aa26b4cd62b719d6ac6f3f0b05949afccf1be68b8969a5bcda174a831
Opcode Fuzzy Hash: 40480abfe07e19b6e8910ea886de98d0aa8137713583ce621f8a91129d760f9e
Instruction Fuzzy Hash: BD217F36B18B4486DB60CB12E454AAD73A9F758B84F155239DF6C83F88DF39E554CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62E17C0 Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

DefWindowProcW.USER32 ref: 00007FFDF62E1823

Part of subcall function 00007FFDF62E0C70: ?isDebugEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF62E0CB2
Part of subcall function 00007FFDF62E0C70: ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF62E0CEB
Part of subcall function 00007FFDF62E0C70: ?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF62E0CFC
Part of subcall function 00007FFDF62E0C70: ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62E0D0C
Part of subcall function 00007FFDF62E0C70: ??6QDebug@@QEAAAEAV0@PEBX@Z.QT5CORE ref: 00007FFDF62E0D18
Part of subcall function 00007FFDF62E0C70: ??6QDebug@@QEAAAEAV0@K@Z.QT5CORE ref: 00007FFDF62E0D24
Part of subcall function 00007FFDF62E0C70: ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF62E0D30
Part of subcall function 00007FFDF62E0C70: ??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF62E0D3E

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$Logger@@Message$?debug@Category@@DebugEnabled@H00@LoggingProcWindow
String ID:
API String ID: 4190882994-0
Opcode ID: 6604f262cd56e605bba0fe1006e68aa5257a69ffb87b43c7368d2d54994edc2b
Instruction ID: a79c46c93f5351652616bc13f3eada177269fdbcc413e7b72e2e33b0c29458e0
Opcode Fuzzy Hash: 6604f262cd56e605bba0fe1006e68aa5257a69ffb87b43c7368d2d54994edc2b
Instruction Fuzzy Hash: 53016D32B08B5185EB00CF42A458AA973A8EB59FD0F694031EE6D57B89CF39D8518780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66F16B0 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

?activate@QMetaObject@@SAXPEAVQObject@@PEBU1@HPEAPEAX@Z.QT5CORE ref: 00007FFDF66F16D6

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Object@@$?activate@Meta
String ID:
API String ID: 1938966063-0
Opcode ID: b84765f7ad1992f5e84454d8811872f62633ec9dd7c87442e1f5c51b8f348ed0
Instruction ID: 5e9de7119a26868f828e07442683b63214dd531795c71b92cb68b5dfbe17de2f
Opcode Fuzzy Hash: b84765f7ad1992f5e84454d8811872f62633ec9dd7c87442e1f5c51b8f348ed0
Instruction Fuzzy Hash: 48F08235B19A4486EB108B38D064B69B3A4FF88B95F584631C96D47AE8DF7DD441CA40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62F3540 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

?processEvents@QEventDispatcherWin32@@UEAA_NV?$QFlags@W4ProcessEventsFlag@QEventLoop@@@@@Z.QT5CORE ref: 00007FFDF62F3553

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: Event$?processDispatcherEventsEvents@Flag@Flags@Loop@@@@@ProcessWin32@@
String ID:
API String ID: 2620541275-0
Opcode ID: 531b54c90e3c3842c49030f1733a7c5b5fc37438fa29cf56c64aaa36d6b40b03
Instruction ID: 1a55f801add4400e02fc79a8acf3f1332dfa97de12165a2a63565a28c36a6c41
Opcode Fuzzy Hash: 531b54c90e3c3842c49030f1733a7c5b5fc37438fa29cf56c64aaa36d6b40b03
Instruction Fuzzy Hash: 3ED05272A0838087CB088FAAF18046872B0F74CB94B288525EB2807B19CB38C4A28B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF62F3570 Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

?sendPostedEvents@QEventDispatcherWin32@@MEAAXXZ.QT5CORE ref: 00007FFDF62F3579

Memory Dump Source

Source File: 0000000F.00000002.3088501566.00007FFDF6291000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDF6290000, based on PE: true

Associated: 0000000F.00000002.3088483684.00007FFDF6290000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088573460.00007FFDF6383000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088614367.00007FFDF63E4000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088631576.00007FFDF63E5000.00000008.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63E6000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088648192.00007FFDF63EA000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000F.00000002.3088681077.00007FFDF63EC000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6290000_SRTMiniServer.jbxd

Similarity

API ID: ?sendDispatcherEventEvents@PostedWin32@@
String ID:
API String ID: 1915275062-0
Opcode ID: 83bd28f6fa2fe8ff9a623e2e097d9edfd71d24fe22b91ddb530925818d15e8d7
Instruction ID: 6dc68a92aad062d4b29f3fb74d697166a1bc17ecc363b48cc46b64d7a950e55d
Opcode Fuzzy Hash: 83bd28f6fa2fe8ff9a623e2e097d9edfd71d24fe22b91ddb530925818d15e8d7
Instruction Fuzzy Hash: EFC08C22B15705C3E7186BF1B4608682364EB08B04B090030CA2405E8AAD3890E08700

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FFDF66E57D0 Relevance: 128.3, APIs: 63, Strings: 10, Instructions: 565windowtimeCOMMON

Download Yara Rule

APIs

??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FFDF66E580C
?debug@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF66E581C
?setParent@QObject@@QEAAXPEAV1@@Z.QT5CORE ref: 00007FFDF66E589D
??0QVariant@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66E5917
??0QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF66E5923
?toInt@QVariant@@QEBAHPEA_N@Z.QT5CORE ref: 00007FFDF66E592F
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF66E593F
??0QVariant@@QEAA@H@Z.QT5CORE ref: 00007FFDF66E5966
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF66E597E
??0QVariant@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66E59F2
??0QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF66E59FE
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF66E5A19
??0QVariant@@QEAA@_N@Z.QT5CORE ref: 00007FFDF66E5A25
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF66E5A40
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66E5A58
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66E5A66
??0QBasicMutex@@QEAA@XZ.QT5CORE ref: 00007FFDF66E5A74
?compare@QByteArray@@QEBAHPEBDW4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FFDF66E5AAD
?fromEncoded@QUrl@@SA?AV1@AEBVQByteArray@@W4ParsingMode@1@@Z.QT5CORE ref: 00007FFDF66E5AC5
??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF66E5AD3
??1QUrl@@QEAA@XZ.QT5CORE ref: 00007FFDF66E5ADD
?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66E5B5D
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66E5B67
?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66E5B8C
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66E5B96
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5BA8
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5BC1
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5BDA
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5BF3
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5C0C
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5C25
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5C3E
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5C57
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5C70
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5C89
?invokeMethod@QMetaObject@@SA_NPEAVQObject@@PEBDW4ConnectionType@Qt@@VQGenericArgument@@333333333@Z.QT5CORE ref: 00007FFDF66E5CFB
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5D0D
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5D29
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5D45
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5D61
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5D7D
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5D99
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5DB5
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5DD1
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5DED
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5E09
?invokeMethod@QMetaObject@@SA_NPEAVQObject@@PEBDW4ConnectionType@Qt@@VQGenericArgument@@333333333@Z.QT5CORE ref: 00007FFDF66E5E9C
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5F0B
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5F2E
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5F4E
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5F67
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5F83
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5F9F
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5FBB
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5FD7
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E5FF3
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66E600F
?invokeMethod@QMetaObject@@SA_NPEAVQObject@@PEBDW4ConnectionType@Qt@@VQGenericArgument@@333333333@Z.QT5CORE ref: 00007FFDF66E60BB
??1QUrl@@QEAA@XZ.QT5CORE ref: 00007FFDF66E60E6
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66E6144
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66E614D
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF66E6168
?free_helper@QHashData@@QEAAXP6AXPEAUNode@1@@Z@Z.QT5CORE ref: 00007FFDF66E61A3

Strings

int, xrefs: 00007FFDF66E5EF7, 00007FFDF66E5F20
_q_metaDataChanged, xrefs: 00007FFDF66E5CB2
2readChannelFinished(), xrefs: 00007FFDF66E5B74
1_q_cacheLoadReadyRead(), xrefs: 00007FFDF66E5B34
QNetworkReplyImpl: setCachingEnabled(true) called after setCachingEnabled(false), xrefs: 00007FFDF66E5815
_q_cacheLoadReadyRead, xrefs: 00007FFDF66E5E3E
2readyRead(), xrefs: 00007FFDF66E5B40
QUrl, xrefs: 00007FFDF66E5F40
location, xrefs: 00007FFDF66E5AA3
onRedirected, xrefs: 00007FFDF66E60AF

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Generic$Argument@@Return$Object@@$Variant@@$Meta$ConnectionType@$Array@@ByteConnection@Data@@$?invokeArgument@@333333333@ListMethod@Qt@@Qt@@@Url@@V0@@$?connect@Logger@@Message$?begin@?compare@?debug@?dispose@?end@?free_helper@?from?setBasicCaseData@1@@DateEncoded@HashInt@Mode@1@@Mutex@@Node@1@@Parent@ParsingSensitivity@Time@@V0@$$V1@@
String ID: 1_q_cacheLoadReadyRead()$2readChannelFinished()$2readyRead()$QNetworkReplyImpl: setCachingEnabled(true) called after setCachingEnabled(false)$QUrl$_q_cacheLoadReadyRead$_q_metaDataChanged$int$location$onRedirected
API String ID: 2802102830-794269202
Opcode ID: b0e751978ccf85949aa371367b05ecbda3f6c31bf9aeaa8bb7dced8b68791a49
Instruction ID: 8dced85503ac10a30fd7468df56e85296b6d47b850922d7a0d4cce1f1bc58d37
Opcode Fuzzy Hash: b0e751978ccf85949aa371367b05ecbda3f6c31bf9aeaa8bb7dced8b68791a49
Instruction Fuzzy Hash: 6D528432B08EC695E7218F28D864AE973B5FF98748F844131DA5D17E68EF38D686C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF60D02EE40 Relevance: 80.7, APIs: 39, Strings: 7, Instructions: 189COMMON

Download Yara Rule

APIs

?objectName@QObject@@QEBA?AVQString@@XZ.QT5CORE(?,?,?,?,?,?,?,00007FF60D02E83F,?,?,?,?,FFFFFFFF,00000001,?,00007FF60D01721D), ref: 00007FF60D02EE64
??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FF60D02E83F,?,?,?,?,FFFFFFFF,00000001,?,00007FF60D01721D), ref: 00007FF60D02EE75
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE(?,?,?,?,?,?,?,00007FF60D02E83F,?,?,?,?,FFFFFFFF,00000001,?,00007FF60D01721D), ref: 00007FF60D02EE8E
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE(?,?,?,?,?,?,?,00007FF60D02E83F,?,?,?,?,FFFFFFFF,00000001,?,00007FF60D01721D), ref: 00007FF60D02EE9B
??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FF60D02E83F,?,?,?,?,FFFFFFFF,00000001,?,00007FF60D01721D), ref: 00007FF60D02EEA6
?resize@QWidget@@QEAAXHH@Z.QT5WIDGETS(?,?,?,?,?,?,?,00007FF60D02E83F,?,?,?,?,FFFFFFFF,00000001,?,00007FF60D01721D), ref: 00007FF60D02EEBA
??0QSize@@QEAA@HH@Z.QT5CORE(?,?,?,?,?,?,?,00007FF60D02E83F,?,?,?,?,FFFFFFFF,00000001,?,00007FF60D01721D), ref: 00007FF60D02EEC9
?setMinimumSize@QWidget@@QEAAXAEBVQSize@@@Z.QT5WIDGETS(?,?,?,?,?,?,?,00007FF60D02E83F,?,?,?,?,FFFFFFFF,00000001,?,00007FF60D01721D), ref: 00007FF60D02EED5
??0QHBoxLayout@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS(?,?,?,?,?,?,?,00007FF60D02E83F,?,?,?,?,FFFFFFFF,00000001,?,00007FF60D01721D), ref: 00007FF60D02EEF2
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE(?,?,?,?,?,?,?,00007FF60D02E83F,?,?,?,?,FFFFFFFF,00000001,?,00007FF60D01721D), ref: 00007FF60D02EF21
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE(?,?,?,?,?,?,?,00007FF60D02E83F,?,?,?,?,FFFFFFFF,00000001,?,00007FF60D01721D), ref: 00007FF60D02EF2E
??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FF60D02E83F,?,?,?,?,FFFFFFFF,00000001,?,00007FF60D01721D), ref: 00007FF60D02EF39
?setContentsMargins@QLayout@@QEAAXHHHH@Z.QT5WIDGETS ref: 00007FF60D02EF56
??0QLabel@@QEAA@PEAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D02EF76
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D02EFA6
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D02EFB4
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D02EFBF
??0QFont@@QEAA@XZ.QT5GUI ref: 00007FF60D02EFC9
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D02EFE1
?setFamily@QFont@@QEAAXAEBVQString@@@Z.QT5GUI ref: 00007FF60D02EFEF
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D02EFFA
?setPointSize@QFont@@QEAAXH@Z.QT5GUI ref: 00007FF60D02F009
?setFont@QWidget@@QEAAXAEBVQFont@@@Z.QT5WIDGETS ref: 00007FF60D02F017
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D02F02A
??0QComboBox@@QEAA@PEAVQWidget@@@Z.QT5WIDGETS ref: 00007FF60D02F047
?fromUtf8@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FF60D02F077
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FF60D02F085
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D02F090
??0QSize@@QEAA@HH@Z.QT5CORE ref: 00007FF60D02F09F
?setMinimumSize@QWidget@@QEAAXAEBVQSize@@@Z.QT5WIDGETS ref: 00007FF60D02F0AC
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS ref: 00007FF60D02F0BF
?translate@QCoreApplication@@SA?AVQString@@PEBD00H@Z.QT5CORE ref: 00007FF60D02F0E2
?setWindowTitle@QWidget@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60D02F0EF
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D02F0FA
?translate@QCoreApplication@@SA?AVQString@@PEBD00H@Z.QT5CORE ref: 00007FF60D02F11D
?setText@QLabel@@QEAAXAEBVQString@@@Z.QT5WIDGETS ref: 00007FF60D02F12B
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60D02F136
?connectSlotsByName@QMetaObject@@SAXPEAVQObject@@@Z.QT5CORE ref: 00007FF60D02F13F
??1QFont@@QEAA@XZ.QT5GUI ref: 00007FF60D02F14A

Strings

Verdana, xrefs: 00007FF60D02EFD6
comboBox, xrefs: 00007FF60D02F06C
Form, xrefs: 00007FF60D02F0D0
Input FPS, xrefs: 00007FF60D02F10B
label, xrefs: 00007FF60D02EF9B
WDGInputFPS, xrefs: 00007FF60D02EE83, 00007FF60D02F0D7, 00007FF60D02F112
horizontalLayout, xrefs: 00007FF60D02EF16

Memory Dump Source

Source File: 0000000F.00000002.3088052427.00007FF60CFC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF60CFC0000, based on PE: true

Associated: 0000000F.00000002.3088035517.00007FF60CFC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088110305.00007FF60D086000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088157309.00007FF60D101000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088175807.00007FF60D104000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088193777.00007FF60D108000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088211068.00007FF60D10B000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff60cfc0000_SRTMiniServer.jbxd

Similarity

API ID: String@@$?set$Widget@@$String@@@$Name@Object@@$?fromUtf8@$Font@@Layout@@Object$Flags@Qt@@@@@Size@$?add?translate@AlignmentApplication@@CoreFlag@Label@@MinimumSize@@Size@@@Widget@Widget@@@Window$?connect?object?resize@Box@@ComboContentsFamily@Font@Font@@@Margins@MetaObject@@@PointSlotsText@Title@Type@
String ID: Form$Input FPS$Verdana$WDGInputFPS$comboBox$horizontalLayout$label
API String ID: 154868210-3845346711
Opcode ID: 3857e566b6bb0cba4a324dff5496d0fd0d4ec7090085ff39e083cc5c67e12479
Instruction ID: 700d9f20a32973af22d5293a23269be9ad99b7fbf3586b7e0b013898e9563885
Opcode Fuzzy Hash: 3857e566b6bb0cba4a324dff5496d0fd0d4ec7090085ff39e083cc5c67e12479
Instruction Fuzzy Hash: 69916231A14F4296EB109F21EC541AD7360FF85B85BA05635DAAF83BA8EF7CD509C708

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66AF770 Relevance: 64.9, APIs: 36, Strings: 1, Instructions: 149COMMON

Download Yara Rule

APIs

??0QUrl@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66AD5FE), ref: 00007FFDF66AF78A
??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66AD5FE), ref: 00007FFDF66AF794
?setPassword@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66AD5FE), ref: 00007FFDF66AF7A7
??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66AD5FE), ref: 00007FFDF66AF7B1
??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66AD5FE), ref: 00007FFDF66AF7BB
?setFragment@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66AD5FE), ref: 00007FFDF66AF7CB
??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66AD5FE), ref: 00007FFDF66AF7D5
??0QCryptographicHash@@QEAA@W4Algorithm@0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66AD5FE), ref: 00007FFDF66AF7E4
?toEncoded@QUrl@@QEBA?AVQByteArray@@V?$QUrlTwoFlags@W4UrlFormattingOption@QUrl@@W4ComponentFormattingOption@2@@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66AD5FE), ref: 00007FFDF66AF7F8
?addData@QCryptographicHash@@QEAAXAEBVQByteArray@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66AD5FE), ref: 00007FFDF66AF805
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66AD5FE), ref: 00007FFDF66AF80F
?result@QCryptographicHash@@QEBA?AVQByteArray@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66AD5FE), ref: 00007FFDF66AF81D
?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66AD5FE), ref: 00007FFDF66AF826
?number@QByteArray@@SA?AV1@_JH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66AD5FE), ref: 00007FFDF66AF839
?left@QByteArray@@QEBA?AV1@H@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66AD5FE), ref: 00007FFDF66AF84C
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66AD5FE), ref: 00007FFDF66AF856
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66AD5FE), ref: 00007FFDF66AF860
?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66AD5FE), ref: 00007FFDF66AF86A
?at@QByteArray@@QEBADH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66AD5FE), ref: 00007FFDF66AF877
?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66AD5FE), ref: 00007FFDF66AF887
?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66AD5FE), ref: 00007FFDF66AF893
?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66AD5FE), ref: 00007FFDF66AF8BC
?number@QString@@SA?AV1@IH@Z.QT5CORE ref: 00007FFDF66AF8D6
?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF66AF8E6
??0QString@@QEAA@HW4Initialization@Qt@@@Z.QT5CORE ref: 00007FFDF66AF8FB
?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFDF66AF904
?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF66AF910
?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFDF66AF91F
memcpy.VCRUNTIME140 ref: 00007FFDF66AF92E
??0QChar@@QEAA@UQLatin1Char@@@Z.QT5CORE ref: 00007FFDF66AF93E
?appendLatin1To@QAbstractConcatenable@@KAXPEBDHPEAVQChar@@@Z.QT5CORE ref: 00007FFDF66AF968
?appendLatin1To@QAbstractConcatenable@@KAXPEBDHPEAVQChar@@@Z.QT5CORE ref: 00007FFDF66AF985
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66AF98F
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66AF999
??1QCryptographicHash@@QEAA@XZ.QT5CORE ref: 00007FFDF66AF9A3
??1QUrl@@QEAA@XZ.QT5CORE ref: 00007FFDF66AF9AD

Strings

/, xrefs: 00007FFDF66AF8C8

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Byte$Array@@$Char@@Data@Url@@$?const$?size@CryptographicHash@@$Char@@@Latin1$?append?number@?setAbstractConcatenable@@FormattingMode@1@@Parsing$?add?at@?left@?result@Algorithm@0@@Array@@@ComponentEncoded@Flags@Fragment@Initialization@Option@Option@2@@@@Password@Qt@@@V0@@V1@_memcpy
String ID: /
API String ID: 53486078-2043925204
Opcode ID: 21a94f0a73d3f20c978b328ebb531eee3d970b3de50ac8eb2947183529699348
Instruction ID: 2793080f12df022ff5a611a2a6a694876b0470d3f6db512bfdcf00d1e2f02ca7
Opcode Fuzzy Hash: 21a94f0a73d3f20c978b328ebb531eee3d970b3de50ac8eb2947183529699348
Instruction Fuzzy Hash: 57613B22B18A5696EB009F24E8749B83375FF54B89B404175E91E53EACFF3DD98AC340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF60CFCCE40 Relevance: 59.8, APIs: 33, Strings: 1, Instructions: 260windowCOMMON

Download Yara Rule

APIs

srt_getsockstate.SRT ref: 00007FF60CFCCE7F
srt_recv.SRT ref: 00007FF60CFCCE9E
_Mtx_lock.MSVCP140(?), ref: 00007FF60CFCCEC4
_Mtx_unlock.MSVCP140(?), ref: 00007FF60CFCCEE4

Part of subcall function 00007FF60CFD0C10: ??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE(?,?,?,?,?,?,?,?,00007FF60CFCCF1E,?), ref: 00007FF60CFD0C8A
Part of subcall function 00007FF60CFD0C10: ?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE(?,?,?,?,?,?,?,?,00007FF60CFCCF1E,?), ref: 00007FF60CFD0C98
Part of subcall function 00007FF60CFD0C10: ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,00007FF60CFCCF1E,?), ref: 00007FF60CFD0CA9
Part of subcall function 00007FF60CFD0C10: ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,00007FF60CFCCF1E,?), ref: 00007FF60CFD0CB9
Part of subcall function 00007FF60CFD0C10: ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,00007FF60CFCCF1E,?), ref: 00007FF60CFD0CC9
Part of subcall function 00007FF60CFD0C10: ??6QDebug@@QEAAAEAV0@H@Z.QT5CORE(?,?,?,?,?,?,?,?,00007FF60CFCCF1E,?), ref: 00007FF60CFD0CD7
Part of subcall function 00007FF60CFD0C10: ??1QDebug@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00007FF60CFCCF1E,?), ref: 00007FF60CFD0CE3

_Mtx_unlock.MSVCP140 ref: 00007FF60CFCCF24
srt_getsockstate.SRT ref: 00007FF60CFCCF2C
srt_getlasterror_str.SRT ref: 00007FF60CFCCF3C
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFCCF5E
_Mtx_lock.MSVCP140 ref: 00007FF60CFCCF7D
_Mtx_unlock.MSVCP140 ref: 00007FF60CFCCF91
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFCCF9C
?_Throw_C_error@std@@YAXH@Z.MSVCP140 ref: 00007FF60CFCCFD9
?_Throw_C_error@std@@YAXH@Z.MSVCP140 ref: 00007FF60CFCCFE1
srt_getsockstate.SRT ref: 00007FF60CFCD023
srt_recv.SRT ref: 00007FF60CFCD03F
_Mtx_lock.MSVCP140(?), ref: 00007FF60CFCD064
_Mtx_unlock.MSVCP140(?), ref: 00007FF60CFCD084

Part of subcall function 00007FF60CFCAE20: memmove.VCRUNTIME140(?,?,00000000,?,?,?,?,00007FF60CFCACDC), ref: 00007FF60CFCAE73
Part of subcall function 00007FF60CFCAE20: ??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE(?,?,00000000,?,?,?,?,00007FF60CFCACDC), ref: 00007FF60CFCAE8F
Part of subcall function 00007FF60CFCAE20: ?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE(?,?,00000000,?,?,?,?,00007FF60CFCACDC), ref: 00007FF60CFCAE9D
Part of subcall function 00007FF60CFCAE20: ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,00000000,?,?,?,?,00007FF60CFCACDC), ref: 00007FF60CFCAEAE
Part of subcall function 00007FF60CFCAE20: ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,00000000,?,?,?,?,00007FF60CFCACDC), ref: 00007FF60CFCAEBE
Part of subcall function 00007FF60CFCAE20: ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,00000000,?,?,?,?,00007FF60CFCACDC), ref: 00007FF60CFCAECE
Part of subcall function 00007FF60CFCAE20: ??6QDebug@@QEAAAEAV0@H@Z.QT5CORE(?,?,00000000,?,?,?,?,00007FF60CFCACDC), ref: 00007FF60CFCAEDC
Part of subcall function 00007FF60CFCAE20: ??1QDebug@@QEAA@XZ.QT5CORE(?,?,00000000,?,?,?,?,00007FF60CFCACDC), ref: 00007FF60CFCAEE8
Part of subcall function 00007FF60CFCAE20: _Mtx_lock.MSVCP140(?,?,00000000,?,?,?,?,00007FF60CFCACDC), ref: 00007FF60CFCAEF2
Part of subcall function 00007FF60CFCAE20: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,?,?,?,?,00007FF60CFCACDC), ref: 00007FF60CFCAF11
Part of subcall function 00007FF60CFCAE20: memmove.VCRUNTIME140(?,?,00000000,?,?,?,?,00007FF60CFCACDC), ref: 00007FF60CFCAF24
Part of subcall function 00007FF60CFCAE20: memmove.VCRUNTIME140(?,?,00000000,?,?,?,?,00007FF60CFCACDC), ref: 00007FF60CFCAF37
Part of subcall function 00007FF60CFCAE20: _Mtx_unlock.MSVCP140(?,?,00000000,?,?,?,?,00007FF60CFCACDC), ref: 00007FF60CFCAF47
Part of subcall function 00007FF60CFCAE20: _Mtx_lock.MSVCP140(?,?,00000000,?,?,?,?,00007FF60CFCACDC), ref: 00007FF60CFCAF77
Part of subcall function 00007FF60CFCAE20: ??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE(?,?,00000000,?,?,?,?,00007FF60CFCACDC), ref: 00007FF60CFCAFA1
Part of subcall function 00007FF60CFCAE20: ?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE(?,?,00000000,?,?,?,?,00007FF60CFCACDC), ref: 00007FF60CFCAFAF
Part of subcall function 00007FF60CFCAE20: ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,00000000,?,?,?,?,00007FF60CFCACDC), ref: 00007FF60CFCAFC6

_Mtx_unlock.MSVCP140 ref: 00007FF60CFCD0DF
srt_getsockstate.SRT ref: 00007FF60CFCD0E7
srt_getlasterror_str.SRT ref: 00007FF60CFCD0FA
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFCD11E
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FF60CFCD136
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FF60CFCD144
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FF60CFCD153
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60CFCD163
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60CFCD173
??6QDebug@@QEAAAEAV0@H@Z.QT5CORE ref: 00007FF60CFCD181
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FF60CFCD18D
_Mtx_lock.MSVCP140 ref: 00007FF60CFCD197
_Mtx_unlock.MSVCP140 ref: 00007FF60CFCD1AB
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFCD1B6
?_Throw_C_error@std@@YAXH@Z.MSVCP140 ref: 00007FF60CFCD1EB
?_Throw_C_error@std@@YAXH@Z.MSVCP140 ref: 00007FF60CFCD1F3

Strings

..\srtminiserver\cafeedbackmanager.cpp, xrefs: 00007FF60CFCD16C

Memory Dump Source

Source File: 0000000F.00000002.3088052427.00007FF60CFC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF60CFC0000, based on PE: true

Associated: 0000000F.00000002.3088035517.00007FF60CFC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088110305.00007FF60D086000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088157309.00007FF60D101000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088175807.00007FF60D104000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088193777.00007FF60D108000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088211068.00007FF60D10B000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff60cfc0000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$Logger@@Message$Mtx_unlock$Mtx_lock$?debug@C_error@std@@String@@Throw_srt_getsockstate$memmove$?fromArrayAscii_helper@Data@Typedsrt_getlasterror_strsrt_recv$String@@@malloc
String ID: ..\srtminiserver\cafeedbackmanager.cpp
API String ID: 942850615-751187993
Opcode ID: 4fa32c3d309b164c96fc40ea77840c9f83794beeb1759eaafce885b6f365ca9c
Instruction ID: 0599fd629a58f591bcff2e8001e831794a3328eabd55d02e2233c9a86910d285
Opcode Fuzzy Hash: 4fa32c3d309b164c96fc40ea77840c9f83794beeb1759eaafce885b6f365ca9c
Instruction Fuzzy Hash: 46B18C32B08A4196EB54DF21E9805AD33A0FF84754F601635EA4FC3B95EF39E866CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66B3490 Relevance: 56.2, APIs: 19, Strings: 13, Instructions: 192windowCOMMON

Download Yara Rule

APIs

?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF66B33E1), ref: 00007FFDF66B351A
?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF66B33E1), ref: 00007FFDF66B3532
?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF66B33E1), ref: 00007FFDF66B35BF
?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF66B33E1), ref: 00007FFDF66B35E0
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF66B33E1), ref: 00007FFDF66B366B

Part of subcall function 00007FFDF66B5610: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF66B3182), ref: 00007FFDF66B5641
Part of subcall function 00007FFDF66B5610: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF66B3182), ref: 00007FFDF66B564F
Part of subcall function 00007FFDF66B5610: ?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF66B3182), ref: 00007FFDF66B5673
Part of subcall function 00007FFDF66B5610: ?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF66B3182), ref: 00007FFDF66B5689
Part of subcall function 00007FFDF66B5610: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66B5749
Part of subcall function 00007FFDF66B5610: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66B5754

??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FFDF66B368A
?critical@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF66B3698
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF66B36A8
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF66B36B4
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF66B36C4
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF66B36CF
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FFDF66B36E7
?critical@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FFDF66B36F5
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF66B3705
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF66B3713
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF66B33E1), ref: 00007FFDF66B372F
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF66B33E1), ref: 00007FFDF66B374B
?critical@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDF66B33E1), ref: 00007FFDF66B375B

Strings

mandatory, xrefs: 00007FFDF66B36FE
invalid pseudo-header (:status) in a request, xrefs: 00007FFDF66B3735
:authority, xrefs: 00007FFDF66B34B9
:scheme, xrefs: 00007FFDF66B34CF
:status, xrefs: 00007FFDF66B3510
only one :method pseudo-header is allowed, xrefs: 00007FFDF66B3671
cookie, xrefs: 00007FFDF66B35B5
mandatory :method pseudo-header not found, xrefs: 00007FFDF66B3751
pseudo-header is allowed, xrefs: 00007FFDF66B36BA
:path, xrefs: 00007FFDF66B34DE
:method, xrefs: 00007FFDF66B3528
only one, xrefs: 00007FFDF66B36A1
pseudo-header not found, xrefs: 00007FFDF66B3719

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Array@@Byte$Debug@@Logger@@Message$?qstrcmp@@$?critical@$V0@@
String ID: :authority$:method$:path$:scheme$:status$cookie$invalid pseudo-header (:status) in a request$mandatory$mandatory :method pseudo-header not found$only one$only one :method pseudo-header is allowed$pseudo-header is allowed$pseudo-header not found
API String ID: 750759551-1120256471
Opcode ID: d04e347481f7c2d9f7006834e69026cf8f3a8f3414b7f4f47f52ccf10ab05dd4
Instruction ID: 33783531b5ab31fad2840b2c6200fbfe03b86983ab561e73f124ffc766b3c286
Opcode Fuzzy Hash: d04e347481f7c2d9f7006834e69026cf8f3a8f3414b7f4f47f52ccf10ab05dd4
Instruction Fuzzy Hash: E9819222B0C642D1FB509B15A974E7677A9EF45B84F445075DE2D12EDCEE3CE44ACB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6697820 Relevance: 52.7, APIs: 25, Strings: 5, Instructions: 220COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF6696910: ??0QIODevicePrivate@@QEAA@XZ.QT5CORE ref: 00007FFDF6696932
Part of subcall function 00007FFDF6696910: ??0QBasicMutex@@QEAA@XZ.QT5CORE ref: 00007FFDF6696981
Part of subcall function 00007FFDF6696910: ??1QUrl@@QEAA@XZ.QT5CORE ref: 00007FFDF669699B
Part of subcall function 00007FFDF6696910: ??0QBasicMutex@@QEAA@XZ.QT5CORE ref: 00007FFDF66969A6
Part of subcall function 00007FFDF6696910: ??1QUrl@@QEAA@XZ.QT5CORE ref: 00007FFDF66969C0
Part of subcall function 00007FFDF6696910: ??0QBasicMutex@@QEAA@XZ.QT5CORE ref: 00007FFDF66969CD
Part of subcall function 00007FFDF6696910: ??0QVariant@@QEAA@_N@Z.QT5CORE ref: 00007FFDF6696A2A
Part of subcall function 00007FFDF6696910: ??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF6696A58
Part of subcall function 00007FFDF6696910: ??0QIODevice@@IEAA@AEAVQIODevicePrivate@@PEAVQObject@@@Z.QT5CORE ref: 00007FFDF6696A67

Part of subcall function 00007FFDF6696840: ??0QUrl@@QEAA@AEBV0@@Z.QT5CORE(?,?,00000000,00007FFDF6685F0E), ref: 00007FFDF6696853

??1QUrl@@QEAA@XZ.QT5CORE ref: 00007FFDF6697886

Part of subcall function 00007FFDF6688A60: ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,?,?,00007FFDF668330E), ref: 00007FFDF6688AA2
Part of subcall function 00007FFDF6688A60: ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFDF6688ADD
Part of subcall function 00007FFDF6688A60: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6688AEA

?translate@QCoreApplication@@SA?AVQString@@PEBD00H@Z.QT5CORE ref: 00007FFDF66978C3
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66978F7
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF669790A
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF6697920
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF6697936
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF669794C
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF6697962
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF669797B
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF6697994
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66979AD
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66979C6
?invokeMethod@QMetaObject@@SA_NPEAVQObject@@PEBDW4ConnectionType@Qt@@VQGenericArgument@@333333333@Z.QT5CORE ref: 00007FFDF6697A3D
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF6697A4F
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF6697A68
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF6697A81
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF6697A9A
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF6697AB0
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF6697AC6
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF6697ADC
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF6697AF2
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF6697B08
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF6697B1E
?invokeMethod@QMetaObject@@SA_NPEAVQObject@@PEBDW4ConnectionType@Qt@@VQGenericArgument@@333333333@Z.QT5CORE ref: 00007FFDF6697B90
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6697B9B

Strings

QNetworkReply::NetworkError, xrefs: 00007FFDF66978EC
QNetworkAccessManager, xrefs: 00007FFDF66978B7
finished, xrefs: 00007FFDF6697B2E
Network access is disabled., xrefs: 00007FFDF66978B0
error, xrefs: 00007FFDF66979DB

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Generic$Argument@@Return$Meta$Object@@$Type@Url@@$Array@@BasicByteMutex@@$?invokeArgument@@333333333@ConnectionDeviceMethod@Object@@@Private@@Qt@@String@@Variant@@$?normalized?register?translate@Application@@CoreDevice@@Flag@Flags@NormalizedTypeType@@Type@@@@V0@@
String ID: Network access is disabled.$QNetworkAccessManager$QNetworkReply::NetworkError$error$finished
API String ID: 252426309-3281323554
Opcode ID: 960c91c48fe8de7d6b3ae41de72b6e9978954ce882dca4805aca83cfb73f95e8
Instruction ID: f0b1384cb5299e81b18b0448c40684581aac67c52e99d9af2c3e7f0cb66cc35a
Opcode Fuzzy Hash: 960c91c48fe8de7d6b3ae41de72b6e9978954ce882dca4805aca83cfb73f95e8
Instruction Fuzzy Hash: BFB1C222A18F9595F7118F38D825AE973B5FF88748F849221DA4D12E68FF38D686C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66DB840 Relevance: 47.4, APIs: 25, Strings: 2, Instructions: 190timeCOMMON

Download Yara Rule

APIs

??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF66DB876

Part of subcall function 00007FFDF66D4900: ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66D4923
Part of subcall function 00007FFDF66D4900: ?resize@QByteArray@@QEAAXH@Z.QT5CORE ref: 00007FFDF66D492E
Part of subcall function 00007FFDF66D4900: ?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF66D4937
Part of subcall function 00007FFDF66D4900: ?begin@QByteArray@@QEAAPEADXZ.QT5CORE ref: 00007FFDF66D4943

??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF66DB899
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66DB8A6
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66DB8B5
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66DB8CC
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66DB8E2
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66DB8F8
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66DB90E
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66DB924
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66DB93A
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66DB953
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66DB96C
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66DB985
?invokeMethod@QMetaObject@@SA_NPEAVQObject@@PEBDW4ConnectionType@Qt@@VQGenericArgument@@333333333@Z.QT5CORE ref: 00007FFDF66DB9FC
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66DBA0E
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66DBA27
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66DBA40
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66DBA56
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66DBA6C
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66DBA82
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66DBA98
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66DBAAE
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66DBAC4
??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFDF66DBADA
?invokeMethod@QMetaObject@@SA_NPEAVQObject@@PEBDW4ConnectionType@Qt@@VQGenericArgument@@333333333@Z.QT5CORE ref: 00007FFDF66DBB52

Strings

quit, xrefs: 00007FFDF66DBB18
deleteLater, xrefs: 00007FFDF66DB9CB

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Generic$Argument@@Return$Object@@$Array@@ByteString@@$?invokeArgument@@333333333@ConnectionMetaMethod@Qt@@Type@V0@@$?begin@?resize@?size@DateTime@@V0@$$
String ID: deleteLater$quit
API String ID: 4087042418-3976603107
Opcode ID: 0f6c4388cfabc6fb0f63f91d7c23536014216eb25d84678676d9ecd81992c21e
Instruction ID: 2974897543d1ce68747aa24f9c0825f1dc3c8d86ceb03e4031c6de169f67ab03
Opcode Fuzzy Hash: 0f6c4388cfabc6fb0f63f91d7c23536014216eb25d84678676d9ecd81992c21e
Instruction Fuzzy Hash: C5A18322A18E95D5F7129F38D855BEA73B5FF88308F849221DA4D16E28FF38D685C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF60D01FE50 Relevance: 42.2, APIs: 15, Strings: 9, Instructions: 195COMMON

Download Yara Rule

APIs

avfilter_get_by_name.AVFILTER-7 ref: 00007FF60D01FE9E
avfilter_inout_alloc.AVFILTER-7 ref: 00007FF60D01FEB0
av_log.AVUTIL-56 ref: 00007FF60D01FF88
avfilter_graph_create_filter.AVFILTER-7 ref: 00007FF60D01FFB7
av_log.AVUTIL-56 ref: 00007FF60D01FFD0
avfilter_inout_free.AVFILTER-7 ref: 00007FF60D020160
avfilter_inout_free.AVFILTER-7 ref: 00007FF60D02016A

Part of subcall function 00007FF60D009930: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF60D009973

Strings

Cannot create buffer sink, xrefs: 00007FF60D01FFC2
buffersink, xrefs: 00007FF60D01FE97
buffer, xrefs: 00007FF60D01FE88
video_size=%dx%d:pix_fmt=%d:time_base=%d/%d:pixel_aspect=%d/%d, xrefs: 00007FF60D01FF32
out, xrefs: 00007FF60D01FFA6, 00007FF60D020089
pix_fmts, xrefs: 00007FF60D020022
FILTER GRAPH:, xrefs: 00007FF60D02012C
Cannot create buffer source, xrefs: 00007FF60D01FF7B
Cannot set output pixel format, xrefs: 00007FF60D02003B

Memory Dump Source

Source File: 0000000F.00000002.3088052427.00007FF60CFC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF60CFC0000, based on PE: true

Associated: 0000000F.00000002.3088035517.00007FF60CFC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088110305.00007FF60D086000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088157309.00007FF60D101000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088175807.00007FF60D104000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088193777.00007FF60D108000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088211068.00007FF60D10B000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff60cfc0000_SRTMiniServer.jbxd

Similarity

API ID: av_logavfilter_inout_free$__stdio_common_vsprintfavfilter_get_by_nameavfilter_graph_create_filteravfilter_inout_alloc
String ID: Cannot create buffer sink$Cannot create buffer source$Cannot set output pixel format$FILTER GRAPH:$buffer$buffersink$out$pix_fmts$video_size=%dx%d:pix_fmt=%d:time_base=%d/%d:pixel_aspect=%d/%d
API String ID: 2801208006-1812606733
Opcode ID: c525aec98e39951a68db6ffcf86ca5bbbb250aae882ebd8a533d59d1f820f9f3
Instruction ID: db942e6ea8bc520e6a180832dfc614ea66bac6a25c16b261fcfc416a2fda1208
Opcode Fuzzy Hash: c525aec98e39951a68db6ffcf86ca5bbbb250aae882ebd8a533d59d1f820f9f3
Instruction Fuzzy Hash: E191B272A09B4286E710DF25E8406A97764FB84794F600336DD5EC77A5EFBCD845CB08

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66CD6F0 Relevance: 38.8, APIs: 21, Strings: 1, Instructions: 336COMMON

Download Yara Rule

APIs

?errorString@QIODevice@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FFDF66CDE2B
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66CDE53
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF66CDEE8
?isEmpty@QListData@@QEBA_NXZ.QT5CORE ref: 00007FFDF66CDF3F
?isEmpty@QListData@@QEBA_NXZ.QT5CORE ref: 00007FFDF66CDF77

Strings

_q_startNextRequest, xrefs: 00007FFDF66CE219

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Data@@Empty@List$?errorDevice@@String@V0@@
String ID: _q_startNextRequest
API String ID: 214426747-1109240398
Opcode ID: f3f3bca9783a23f74355ca01e5d1f5225666d6a9a56f125579996aa6c4a48467
Instruction ID: c220b6155ee67a62643eccd1f4e25675876b981dd7e8a71b8ad5bf05673d5830
Opcode Fuzzy Hash: f3f3bca9783a23f74355ca01e5d1f5225666d6a9a56f125579996aa6c4a48467
Instruction Fuzzy Hash: 66F16F22708EC685EB619F25D860BF973A8FF88B49F444172DA2D57E98EF38D545CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66CD750 Relevance: 38.8, APIs: 21, Strings: 1, Instructions: 295COMMON

Download Yara Rule

APIs

?errorString@QIODevice@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FFDF66CDE2B
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66CDE53
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF66CDEE8
?isEmpty@QListData@@QEBA_NXZ.QT5CORE ref: 00007FFDF66CDF3F
?isEmpty@QListData@@QEBA_NXZ.QT5CORE ref: 00007FFDF66CDF77

Strings

_q_startNextRequest, xrefs: 00007FFDF66CE219

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Data@@Empty@List$?errorDevice@@String@V0@@
String ID: _q_startNextRequest
API String ID: 214426747-1109240398
Opcode ID: 245df5d88ef0060f89e49119ee65b60ca519a8d6390327c50b10415e51de5116
Instruction ID: 09d260c24682d08e8bbe10971a9ee4a4e3b163054b353e0b28a9b1137136114a
Opcode Fuzzy Hash: 245df5d88ef0060f89e49119ee65b60ca519a8d6390327c50b10415e51de5116
Instruction Fuzzy Hash: 11E16122708EC685EB619F25D460BF973A8FF88B49F444172DA2D57E98EF38D545C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66CD745 Relevance: 38.8, APIs: 21, Strings: 1, Instructions: 295COMMON

Download Yara Rule

APIs

?errorString@QIODevice@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FFDF66CDE2B
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66CDE53
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF66CDEE8
?isEmpty@QListData@@QEBA_NXZ.QT5CORE ref: 00007FFDF66CDF3F
?isEmpty@QListData@@QEBA_NXZ.QT5CORE ref: 00007FFDF66CDF77

Strings

_q_startNextRequest, xrefs: 00007FFDF66CE219

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Data@@Empty@List$?errorDevice@@String@V0@@
String ID: _q_startNextRequest
API String ID: 214426747-1109240398
Opcode ID: 3d76772eca1b2bbd084644d5290d4b88f1c3a46694c077c544d75899c90871f9
Instruction ID: 4e29d8afef4ddb2c2cd569dfc7a707c9f2e45a2ff8a3856eedaa7450ce0f379d
Opcode Fuzzy Hash: 3d76772eca1b2bbd084644d5290d4b88f1c3a46694c077c544d75899c90871f9
Instruction Fuzzy Hash: 08E16122708EC685EB619F25D860BF973A8FF88B49F444172DA2D57E98EF38D545CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66B9810 Relevance: 35.3, APIs: 15, Strings: 5, Instructions: 253windowCOMMON

Download Yara Rule

APIs

??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF66B984E
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF66B985E
?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF66B99C3
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF66B99EC
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF66B99FC
?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF66B9A91
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF66B9ABA
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF66B9ACA
?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF66B9829

Part of subcall function 00007FFDF66B8D60: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE ref: 00007FFDF66B8DBC
Part of subcall function 00007FFDF66B8D60: _Init_thread_footer.LIBCMT ref: 00007FFDF66B8DD5

?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF66B98FA
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF66B9923
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF66B9933
?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF66B9B5D
??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF66B9B86
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF66B9B96

Strings

SETTINGS_ENABLE_PUSH can be only 0 or 1, xrefs: 00007FFDF66B992C
MAX_FRAME_SIZE must be in the range [2^14, 2^24-1], xrefs: 00007FFDF66B9B8F
INITIAL_WINDOW_SIZE must be in the range (0, 2^31-1], xrefs: 00007FFDF66B9AC3
Session receive window must be at least 65535 bytes, xrefs: 00007FFDF66B9857
MAX_CONCURRENT_STREAMS must be a positive number, xrefs: 00007FFDF66B99F5

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Logger@@Message$Category@@Logging$?warning@Enabled@H00@Warning$Init_thread_footer
String ID: INITIAL_WINDOW_SIZE must be in the range (0, 2^31-1]$MAX_CONCURRENT_STREAMS must be a positive number$MAX_FRAME_SIZE must be in the range [2^14, 2^24-1]$SETTINGS_ENABLE_PUSH can be only 0 or 1$Session receive window must be at least 65535 bytes
API String ID: 263034975-2894994997
Opcode ID: b07f98f49a022928d26bac5d496de667d13d09f51f66bfa574122003c06e7a4d
Instruction ID: e7912869ba0e745a51453422430a0ed69f66540ea69f0c41cf8fee8143ce6884
Opcode Fuzzy Hash: b07f98f49a022928d26bac5d496de667d13d09f51f66bfa574122003c06e7a4d
Instruction Fuzzy Hash: 5EA18461F09602C1EF589B55D474A3973A9EF96F80F0546B6C92D07FDAEE2CE881CA40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF671F7C0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 95windowCOMMON

Download Yara Rule

APIs

??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FFDF671F7F0
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF671F800
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FFDF671F82E
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF671F83E

Strings

QAbstractSocket: cannot bind to QHostAddress::Any (or an IPv6 address) and join an IPv4 multicast group; bind to QHostAddress::AnyIPv4 instead if you want to do this, xrefs: 00007FFDF671F8C3
QNativeSocketEngine::joinMulticastGroup() was called on an uninitialized socket device, xrefs: 00007FFDF671F7F9
QNativeSocketEngine::joinMulticastGroup() was called by a socket other than QAbstractSocket::UdpSocket, xrefs: 00007FFDF671F875
QNativeSocketEngine::joinMulticastGroup() was not called in QAbstractSocket::BoundState, xrefs: 00007FFDF671F837

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Logger@@Message$?warning@
String ID: QAbstractSocket: cannot bind to QHostAddress::Any (or an IPv6 address) and join an IPv4 multicast group; bind to QHostAddress::AnyIPv4 instead if you want to do this$QNativeSocketEngine::joinMulticastGroup() was called by a socket other than QAbstractSocket::UdpSocket$QNativeSocketEngine::joinMulticastGroup() was called on an uninitialized socket device$QNativeSocketEngine::joinMulticastGroup() was not called in QAbstractSocket::BoundState
API String ID: 3543197520-1723322543
Opcode ID: 3626d1cf69d141686f15e127af6750281c7068380bcd4c7d08d136ac1a276848
Instruction ID: b8542705f56250271f9a9539f4482a611344802e6dba4cc5610a9a2ed17b6895
Opcode Fuzzy Hash: 3626d1cf69d141686f15e127af6750281c7068380bcd4c7d08d136ac1a276848
Instruction Fuzzy Hash: D131BF66B0868182EB109B26F470A6A7365FF9ABC4F844171DF5D07F9CEE2CD54ACB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D6D400 Relevance: 16.8, APIs: 13, Instructions: 541COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FFDF5D6D483
memcpy.VCRUNTIME140 ref: 00007FFDF5D6D98C
memcpy.VCRUNTIME140 ref: 00007FFDF5D6D9A0
memset.VCRUNTIME140 ref: 00007FFDF5D6D9C4
memset.VCRUNTIME140 ref: 00007FFDF5D6D9D8
memcpy.VCRUNTIME140 ref: 00007FFDF5D6DAEC
memcpy.VCRUNTIME140 ref: 00007FFDF5D6DB00
memset.VCRUNTIME140 ref: 00007FFDF5D6DB14
memset.VCRUNTIME140 ref: 00007FFDF5D6DB28
memcpy.VCRUNTIME140 ref: 00007FFDF5D6DC38
memcpy.VCRUNTIME140 ref: 00007FFDF5D6DC51
memcpy.VCRUNTIME140 ref: 00007FFDF5D6DCB3
memcpy.VCRUNTIME140 ref: 00007FFDF5D6DCCA

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID: memcpy$memset
String ID:
API String ID: 438689982-0
Opcode ID: 198831e604cbbc03f004634e1c13eb14f333fd01fa66e7b42a4fc3cb9e4cd9b9
Instruction ID: 02ad3adee2e0a947504b6cda6c464246804233d32c9a18e5eaf73d62700df379
Opcode Fuzzy Hash: 198831e604cbbc03f004634e1c13eb14f333fd01fa66e7b42a4fc3cb9e4cd9b9
Instruction Fuzzy Hash: A7222E27E19FC641F3168739A8527B96710AFE77D4F01D327FE9872A96EB28D2419300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D6DD30 Relevance: 16.8, APIs: 13, Instructions: 538COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FFDF5D6DDAC
memcpy.VCRUNTIME140 ref: 00007FFDF5D6E2AA
memcpy.VCRUNTIME140 ref: 00007FFDF5D6E2BE
memset.VCRUNTIME140 ref: 00007FFDF5D6E2E2
memset.VCRUNTIME140 ref: 00007FFDF5D6E2F6
memcpy.VCRUNTIME140 ref: 00007FFDF5D6E40A
memcpy.VCRUNTIME140 ref: 00007FFDF5D6E41E
memset.VCRUNTIME140 ref: 00007FFDF5D6E432
memset.VCRUNTIME140 ref: 00007FFDF5D6E446
memcpy.VCRUNTIME140 ref: 00007FFDF5D6E559
memcpy.VCRUNTIME140 ref: 00007FFDF5D6E574
memcpy.VCRUNTIME140 ref: 00007FFDF5D6E5D8
memcpy.VCRUNTIME140 ref: 00007FFDF5D6E5EC

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID: memcpy$memset
String ID:
API String ID: 438689982-0
Opcode ID: 1e020c2bfe5b584dc2d7bb2ed75164fc78c81c13858f334fe70c39ab5110ab33
Instruction ID: ca2a54ff538e602a5182bfd7250851f01d1c77bd20deab093593dd4e037a5e94
Opcode Fuzzy Hash: 1e020c2bfe5b584dc2d7bb2ed75164fc78c81c13858f334fe70c39ab5110ab33
Instruction Fuzzy Hash: 8E221B23E14FD641F3168738A8526B9A714AFE77D4F01D327FE9972A96EB28D3419300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D6F7F0 Relevance: 16.8, APIs: 13, Instructions: 535COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FFDF5D6F873
memcpy.VCRUNTIME140 ref: 00007FFDF5D6FD5C
memcpy.VCRUNTIME140 ref: 00007FFDF5D6FD70
memset.VCRUNTIME140 ref: 00007FFDF5D6FD94
memset.VCRUNTIME140 ref: 00007FFDF5D6FDA8
memcpy.VCRUNTIME140 ref: 00007FFDF5D6FEBC
memcpy.VCRUNTIME140 ref: 00007FFDF5D6FED0
memset.VCRUNTIME140 ref: 00007FFDF5D6FEE4
memset.VCRUNTIME140 ref: 00007FFDF5D6FEF8
memcpy.VCRUNTIME140 ref: 00007FFDF5D70008
memcpy.VCRUNTIME140 ref: 00007FFDF5D70021
memcpy.VCRUNTIME140 ref: 00007FFDF5D70086
memcpy.VCRUNTIME140 ref: 00007FFDF5D7009D

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID: memcpy$memset
String ID:
API String ID: 438689982-0
Opcode ID: 8635fe6f830d58557a60b945d8bcf1f87ec1b6ef0a04d64e0ec8446c82dd0193
Instruction ID: acdaeb948fe345218aa79ac387d9dc16fce949e5671cab056010ace6698b15df
Opcode Fuzzy Hash: 8635fe6f830d58557a60b945d8bcf1f87ec1b6ef0a04d64e0ec8446c82dd0193
Instruction Fuzzy Hash: 69221F27E18FC641F3168739A8527B9A714AFE77D4F01D327FE9472A96EB28D2419300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6721710 Relevance: 16.7, APIs: 11, Instructions: 169networkCOMMON

Download Yara Rule

APIs

htons.WS2_32 ref: 00007FFDF67217C7
htonl.WS2_32 ref: 00007FFDF67217DC
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6721821
htons.WS2_32 ref: 00007FFDF672182A

Part of subcall function 00007FFDF66F78F0: ??0QSharedData@@QEAA@XZ.QT5CORE ref: 00007FFDF66F7914
Part of subcall function 00007FFDF66F78F0: ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66F791E

Part of subcall function 00007FFDF66F79D0: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66F79F9

setsockopt.WS2_32 ref: 00007FFDF6721891
bind.WS2_32 ref: 00007FFDF67218A5
WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,?,00007FFDF671EC35), ref: 00007FFDF67218B4
htons.WS2_32 ref: 00007FFDF67218D7
htonl.WS2_32 ref: 00007FFDF67218EC
bind.WS2_32 ref: 00007FFDF6721906
WSAGetLastError.WS2_32 ref: 00007FFDF6721911

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@htons$ErrorLastbindhtonl$Data@@Sharedsetsockopt
String ID:
API String ID: 3825734897-0
Opcode ID: 732953664e9af77f634efa61945c1554cea57fedc6a7ea943af0dce4a2d7820f
Instruction ID: 62159772eed2828564b781887e05af8b599ad55734ce6609b01d4857ce779044
Opcode Fuzzy Hash: 732953664e9af77f634efa61945c1554cea57fedc6a7ea943af0dce4a2d7820f
Instruction Fuzzy Hash: B5712822F0865299FB509BB4D870ABC3379BB40318F540236DE6D97EDDEE38A9458B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF60CFFDE60 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 320COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF60CFFE11E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF60CFFE28B
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z.MSVCP140 ref: 00007FF60CFFE2E2

Strings

bytes=(\d*-\d*(?:,\s*\d*-\d*)*), xrefs: 00007FF60CFFE32C

Memory Dump Source

Source File: 0000000F.00000002.3088052427.00007FF60CFC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF60CFC0000, based on PE: true

Associated: 0000000F.00000002.3088035517.00007FF60CFC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088110305.00007FF60D086000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088157309.00007FF60D101000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088175807.00007FF60D104000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088193777.00007FF60D108000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088211068.00007FF60D10B000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff60cfc0000_SRTMiniServer.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Init@locale@std@@Locimp@12@_
String ID: bytes=(\d*-\d*(?:,\s*\d*-\d*)*)
API String ID: 23434050-4191776997
Opcode ID: c2f909bc7363895c76d7e2fe2f0250f65245d0ecd325f805df0625069a6c0906
Instruction ID: 4b566c4ca416bac6b5453bb08045f585d9a16f3867052ff777feae204a05f000
Opcode Fuzzy Hash: c2f909bc7363895c76d7e2fe2f0250f65245d0ecd325f805df0625069a6c0906
Instruction Fuzzy Hash: 48E1A372E14B8289EB10CF65D8442AD2761EF957A4F204336EA9D97AD9DF7CE181C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D8D2E0 Relevance: 2.8, APIs: 2, Instructions: 319COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FFDF5D8D36B
memset.VCRUNTIME140 ref: 00007FFDF5D8D37F

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: c174cb0284ea2954889247d25a374f4b060926c6d1d824f463143b0538244698
Instruction ID: 58a58e8df1aec181aff16296ed64eaa88e35ab9dc655fba8cd99c8f84c69be02
Opcode Fuzzy Hash: c174cb0284ea2954889247d25a374f4b060926c6d1d824f463143b0538244698
Instruction Fuzzy Hash: FDD1D333B156948EE710CFA5E8406AE7BB1F788B88F148129EF4A53F98DB78D515CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D8B6E0 Relevance: 1.6, APIs: 1, Instructions: 326COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FFDF5D8B7B4

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 8ec90958a33035b8c3a2333d01e3496d79ce93d839a37f01003fda73f41b24fb
Instruction ID: 15b05aa1a013f28fa5245db73404e9d6d94d017f121b51636150e280117d0177
Opcode Fuzzy Hash: 8ec90958a33035b8c3a2333d01e3496d79ce93d839a37f01003fda73f41b24fb
Instruction Fuzzy Hash: 56D1B232719A8A86E7348F15E850BBEB761FB84B85F188135DA9D43B8DDF3DE4408B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D97210 Relevance: 1.4, APIs: 1, Instructions: 171COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FFDF5D97253

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: bd74064e56dea1f1d7ef9470d5a3f1964448904587220ae4d0306f0437b775a9
Instruction ID: a6bfdda938e797bdaab38f744a6626d9d966c9dd5ec6bf7cc68d05d42bd3914b
Opcode Fuzzy Hash: bd74064e56dea1f1d7ef9470d5a3f1964448904587220ae4d0306f0437b775a9
Instruction Fuzzy Hash: 99613D32B2D68586D7258B39E8157D9B750EFD6788F048336EB9D63F94EB39E0418700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D7B830 Relevance: 1.4, APIs: 1, Instructions: 151COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,00000000,00000000,?,00007FFDF5D7B060), ref: 00007FFDF5D7BA47

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 7f32ac18983dd8e3564947396fa59db4d44e3b44078201540149927801372f90
Instruction ID: 151c9e4d51a045b306623bc177aebb2cc887d0e4c28758db6dd91591390003b0
Opcode Fuzzy Hash: 7f32ac18983dd8e3564947396fa59db4d44e3b44078201540149927801372f90
Instruction Fuzzy Hash: 3D51D23372AA898BD720CF18F844A69B7A0F759B49F562125CA6D53749DB3DD402CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D910C0 Relevance: .7, Instructions: 661COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a99f0cfc22f3370cdea37e5f78af0848b403ac3476b1640608527408cb07702
Instruction ID: b915537788713c680790f36a55b6df54efd88e4998dafdbfda5f25e59e52c511
Opcode Fuzzy Hash: 0a99f0cfc22f3370cdea37e5f78af0848b403ac3476b1640608527408cb07702
Instruction Fuzzy Hash: 61528C73A15A4A86E7248F64D861B6833A5FB65F58F050131DA6E833DDEF3CD892C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D69340 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6fe96a16a7ce5ef83c53ee06c64ef818c4683e2d209910c084b2512d81f2572
Instruction ID: 2bce4191c66248f4c7f60c34bd5678e05b6e05e43ca08fc8e8bd31cf77ffba17
Opcode Fuzzy Hash: d6fe96a16a7ce5ef83c53ee06c64ef818c4683e2d209910c084b2512d81f2572
Instruction Fuzzy Hash: C0127BB3A1999A46E32D8A3CDC31B397900EB62716F0D433DEB6747BD9D61DE2018710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D67090 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: def153f7c8edcefe08ab79682192c8670ac686ce948fef1fb8aae0bf3735752f
Instruction ID: df10da3546245089f8fcdd8016765cfc81b39de166f1d5f159ea38e779ad7925
Opcode Fuzzy Hash: def153f7c8edcefe08ab79682192c8670ac686ce948fef1fb8aae0bf3735752f
Instruction Fuzzy Hash: 35126AB3A1999E46E32D8A3CDC31B796A04EB61711F09433DEB6787FD9DA1CE2018710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D577C0 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c237c9e6a3863ea215359ce58544240fabacc9300a40c27e7ffc6fcce60c9609
Instruction ID: 956cb3504d863ac3a8438ddf95f6dcc35d440fe2b2dae8a17300dfaeeb2d482d
Opcode Fuzzy Hash: c237c9e6a3863ea215359ce58544240fabacc9300a40c27e7ffc6fcce60c9609
Instruction Fuzzy Hash: 182260E311D1E88EC312CB689455E9E7F7AE36264DF0E439ADBC187243D52AD239C721

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D533C0 Relevance: .4, Instructions: 379COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a6dfe6344e8504487b25704417e2a1798e6ba19cfb5c7696290d43f0ba20951
Instruction ID: ddf3755b1e171df9e03fd21e55b148de00b9dfadf268201781b2cdc776b80d06
Opcode Fuzzy Hash: 0a6dfe6344e8504487b25704417e2a1798e6ba19cfb5c7696290d43f0ba20951
Instruction Fuzzy Hash: E9F1F666E39F9645E3039A3990025A4AB64AFF77C0B42D317FE5432E57E726E3868304

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D834A0 Relevance: .4, Instructions: 378COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60b2e5ed820d629f45fc6c260afb1c20eba209c835a15c6350902dbfac8bf639
Instruction ID: 134b1cef69e1a1381328ffdf003752e39d5cc087923f288054e5bc03f253d10a
Opcode Fuzzy Hash: 60b2e5ed820d629f45fc6c260afb1c20eba209c835a15c6350902dbfac8bf639
Instruction Fuzzy Hash: 2BF1A622E36F8988E313C63548215EAE3989FB7BC5B1DD373E91E366A5EF15A4D34100

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D77190 Relevance: .4, Instructions: 377COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8650f8caf90b363a18062986412e2212fb0d312d88800073c5a7c2cad70125e
Instruction ID: a68b87c08407182f6ee228763d4a8a9c6561557d4443a92a44aace9b81ac029d
Opcode Fuzzy Hash: d8650f8caf90b363a18062986412e2212fb0d312d88800073c5a7c2cad70125e
Instruction Fuzzy Hash: 1DF1CF2AE35BC740F343433DA813565A618AFB72C1F45D327FEA076957FB1AA3928214

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D79DE0 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a02cfd67172f175fd8c1b69b35b3f6983933762297fc90631752ab9be1bd3c9
Instruction ID: 9f5338296812389e5d17b99d651df8906f9d5fd52ab5a450b567dbccab505ce3
Opcode Fuzzy Hash: 4a02cfd67172f175fd8c1b69b35b3f6983933762297fc90631752ab9be1bd3c9
Instruction Fuzzy Hash: AEE1D92BE29BCA40F303477C6813675A714BFA76C1F059336FEA47695BFB1A62858300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D79800 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95de573dc31c0a257e444cba30faa3cd72b45e5b1a28fe7149578d967faecb0d
Instruction ID: bb916f6dd4114fc7218b15ddc5074476e6ec84e134223a4c5d2c2a3c535cf07a
Opcode Fuzzy Hash: 95de573dc31c0a257e444cba30faa3cd72b45e5b1a28fe7149578d967faecb0d
Instruction Fuzzy Hash: A9E1962BE29BCA41F303477C6813675A714BFA76C1F059326FEA476557FB2A63828300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D751D0 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 771c496e040631eb5fb52144d2303884810ece4a69a631633d5406c313f1e6ed
Instruction ID: 254d7b3ea5040f3be5e7a4658ead34465466e27313932596985de390addaf099
Opcode Fuzzy Hash: 771c496e040631eb5fb52144d2303884810ece4a69a631633d5406c313f1e6ed
Instruction Fuzzy Hash: 9AC17A2BD35FD780F383563D64030A5E714AFFB5D1A54E327BEE075813BB5A62928228

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D7B0B0 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c92dffa16166d381f9fc7ea7c4cf62e8abebfe9ae4b201fecacb47106d821f34
Instruction ID: 550b36c982a0a802dc354ef8e3e1a181e61e489ac7ce5b2b81a771dfb516cf4b
Opcode Fuzzy Hash: c92dffa16166d381f9fc7ea7c4cf62e8abebfe9ae4b201fecacb47106d821f34
Instruction Fuzzy Hash: 7CB1C63270A68686E724DB15F86076E73A1FB84B94F505135DA6E43BDAEF3CE446C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D8DE10 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 003b7e9d3a947673a8b4916ec09cfe7f2636f82eda65933d32d6b107754d9aa8
Instruction ID: 786525414d3f7f23d6dee29aa4c1828e86dbcf041ab298e37994e4aed20413ed
Opcode Fuzzy Hash: 003b7e9d3a947673a8b4916ec09cfe7f2636f82eda65933d32d6b107754d9aa8
Instruction Fuzzy Hash: 50A18362B16B9982EB50CB28D855B7D77A4FB98B48F069235DF5C47395EF38E1818300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D55800 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13a231e4f623b5607e7be7b0529116ed453af7a32aba6d2fbf4618d76eb05776
Instruction ID: 59f29a0026d3195fb84471d59abc1d894959bbe91050ace768a3ef94faf64583
Opcode Fuzzy Hash: 13a231e4f623b5607e7be7b0529116ed453af7a32aba6d2fbf4618d76eb05776
Instruction Fuzzy Hash: D1A1B326D39BC740F2030B3D6513665EB246FF76C5B15E317BEA471A62FB2663D28204

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D79320 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf91b26fc0883c0cbb96fcbb7618f7770f7cadea2d5e59dd139fee4ae17142c9
Instruction ID: be6f949f69714c7c52b9325d16ecd79f5ec554a441e8d484688cb6925f42bea7
Opcode Fuzzy Hash: cf91b26fc0883c0cbb96fcbb7618f7770f7cadea2d5e59dd139fee4ae17142c9
Instruction Fuzzy Hash: 4EB17E2BD39BCA81F343573D6413575A324BFEB2C1F549326BEA471867BB2A63818204

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D5D5A0 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0b194e39cc6da081e013d6d9db2775be4cedf03b2f574f32b1ea0367903e561
Instruction ID: a4e61a07c536a9c310c4a29897838b69403b71706d21f1dc4d4dc4357da8c8f1
Opcode Fuzzy Hash: c0b194e39cc6da081e013d6d9db2775be4cedf03b2f574f32b1ea0367903e561
Instruction Fuzzy Hash: 8B11A3B1730572029F288F3EAE18D696DC2E6C9741389A739F695C3EC9C52CD801E7A0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D5D750 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17e837ff84a994432eb76af5224bf2b941519170938f3887742bcb1a55670ad9
Instruction ID: 12e23ba01796de4c910fad0e2eb9d61e1af58c26f116d765c0390410d5d859e6
Opcode Fuzzy Hash: 17e837ff84a994432eb76af5224bf2b941519170938f3887742bcb1a55670ad9
Instruction Fuzzy Hash: 8111B2B333552707E3184D3CAD49B5D6A4283D4702BC86728F995CBBCACAACFA55C790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D5D680 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 306b839035eb99f56001e18e8d9299db432a4a2f5dfbb8aa89e158be053b6984
Instruction ID: 5f70f61494b2fd63ed2f02dd7405740fa24d365edfc59bba270d73ed1202131a
Opcode Fuzzy Hash: 306b839035eb99f56001e18e8d9299db432a4a2f5dfbb8aa89e158be053b6984
Instruction Fuzzy Hash: 401184A573503907F71D452E9C58A381982D3D9742FC0923CF8CADBACAC87DD58597A0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6681770 Relevance: 94.8, APIs: 53, Strings: 1, Instructions: 289memoryCOMMON

Download Yara Rule

APIs

?fromLatin1@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FFDF66817B3

Part of subcall function 00007FFDF66FF7E0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66FF806
Part of subcall function 00007FFDF66FF7E0: ??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FFDF66FF829
Part of subcall function 00007FFDF66FF7E0: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66FF83A
Part of subcall function 00007FFDF66FF7E0: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66FF84B

?lock@QMutex@@QEAAXXZ.QT5CORE ref: 00007FFDF66817D2
??0QUrl@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66817E4
?setUserName@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE ref: 00007FFDF6681803
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF668180D
??0QUrl@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF668184D
?setFragment@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE ref: 00007FFDF668185E
?toEncoded@QUrl@@QEBA?AVQByteArray@@V?$QUrlTwoFlags@W4UrlFormattingOption@QUrl@@W4ComponentFormattingOption@2@@@@Z.QT5CORE ref: 00007FFDF6681872
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF668188D
??1QUrl@@QEAA@XZ.QT5CORE ref: 00007FFDF6681897
??8@YA_NAEBVQString@@0@Z.QT5CORE ref: 00007FFDF66818F9
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF668190A
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF6681917
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6681926
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6681930
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF668193A
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF6681948
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF6681955
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF6681962
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6681996
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66819A0
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66819AA
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66819B4
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66819BE
?sharedNull@QArrayData@@SAPEAU1@XZ.QT5CORE ref: 00007FFDF66819E2
Concurrency::details::stl_critical_section_win7::stl_critical_section_win7.LIBCPMT ref: 00007FFDF66819EF
?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z.QT5CORE ref: 00007FFDF6681A4E
??8@YA_NAEBVQString@@0@Z.QT5CORE ref: 00007FFDF6681A9D
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF6681AAE
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF6681ABB
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6681ACA
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6681AD4
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6681ADE
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF6681AEC
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF6681AF9
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF6681B06
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6681B3A
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6681B44
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6681B4E
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6681B58
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6681B62
?userName@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z.QT5CORE ref: 00007FFDF6681B85
?isEmpty@QString@@QEBA_NXZ.QT5CORE ref: 00007FFDF6681B8E
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6681B9B
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6681BAA
?setUserName@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE ref: 00007FFDF6681BBD
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6681BC7
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6681BD1
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6681BE0
??1QUrl@@QEAA@XZ.QT5CORE ref: 00007FFDF6681BEA
?unlock@QMutexLocker@@QEAAXXZ.QT5CORE ref: 00007FFDF6681BF4
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6681BFE
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6681C08

Strings

auth:, xrefs: 00007FFDF668181B

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$V0@@$Url@@$Array@@Byte$?setArrayFlags@FormattingMode@1@@Name@Option@Parsing$??8@ComponentData@@String@@0@User$?allocate@?from?lock@?shared?unlock@?userA@$$AllocationConcurrency::details::stl_critical_section_win7::stl_critical_section_win7Data@@@@@Empty@Encoded@Fragment@Latin1@Locker@@MutexMutex@@Null@Option@2@@@@U1@_Url@@@@@
String ID: auth:
API String ID: 2027866523-104923615
Opcode ID: c44e107942be7dcd736d753c68fa18cdfdbb766ea192bae722249f55be891922
Instruction ID: 332595c528e034d4ddd9bfb9a9faee7cc0e3559468c85f5cc22fc1cb93656d3f
Opcode Fuzzy Hash: c44e107942be7dcd736d753c68fa18cdfdbb766ea192bae722249f55be891922
Instruction Fuzzy Hash: BAE11B26B089479AEB10DB75D4749AC7339FF54748B804271C92E17EACEF78E94AC780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66A3830 Relevance: 75.4, APIs: 27, Strings: 16, Instructions: 148COMMON

Download Yara Rule

APIs

??0QObject@@QEAA@PEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFDF66A360A), ref: 00007FFDF66A3848
??0QObject@@QEAA@PEAV0@@Z.QT5CORE ref: 00007FFDF66A3864

Part of subcall function 00007FFDF6715100: ??0QObject@@IEAA@AEAVQObjectPrivate@@PEAV0@@Z.QT5CORE ref: 00007FFDF671512B

??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66A3891
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66A389F
??0QString@@QEAA@VQLatin1String@@@Z.QT5CORE ref: 00007FFDF66A38D0
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FFDF66A38DE
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66A38E8
?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66A3912
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66A391C
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66A393A
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66A395C
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66A3971
??0QString@@QEAA@VQLatin1String@@@Z.QT5CORE ref: 00007FFDF66A399A
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FFDF66A39A7
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66A39B1
?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66A39D9
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66A39E3
?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66A3A0B
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66A3A15
?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66A3A3D
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66A3A47
?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66A3A6F
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66A3A79
?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66A3AA1
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66A3AAB
?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66A3AD4
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66A3ADE

Strings

QFtpDTP active state server, xrefs: 00007FFDF66A38AC
2connectState(int), xrefs: 00007FFDF66A3ABD
1error(QAbstractSocket::SocketError), xrefs: 00007FFDF66A3A7F
2hostFound(), xrefs: 00007FFDF66A39C3
QFtpPI_socket, xrefs: 00007FFDF66A397E
1readyRead(), xrefs: 00007FFDF66A3A4D
1setupSocket(), xrefs: 00007FFDF66A38EE
1connected(), xrefs: 00007FFDF66A39E9
2readyRead(), xrefs: 00007FFDF66A3A59
1connectionClosed(), xrefs: 00007FFDF66A3A1B
2error(QAbstractSocket::SocketError), xrefs: 00007FFDF66A3A8B
2newConnection(), xrefs: 00007FFDF66A38FA
1hostFound(), xrefs: 00007FFDF66A39B7
2connected(), xrefs: 00007FFDF66A39F5
1dtpConnectState(int), xrefs: 00007FFDF66A3AB1
2disconnected(), xrefs: 00007FFDF66A3A27

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Object@@$Connection@Meta$String@@$?connect@ConnectionQt@@@Type@$String@@@$ObjectV0@@$?setLatin1Name@$Private@@
String ID: 1connected()$1connectionClosed()$1dtpConnectState(int)$1error(QAbstractSocket::SocketError)$1hostFound()$1readyRead()$1setupSocket()$2connectState(int)$2connected()$2disconnected()$2error(QAbstractSocket::SocketError)$2hostFound()$2newConnection()$2readyRead()$QFtpDTP active state server$QFtpPI_socket
API String ID: 1287429056-2602667496
Opcode ID: f06bf243582f526bec42ffb9ec50d5808d4a861e13b29192c42f8b76b52ff29c
Instruction ID: 0ea7b93fb2302413eba5ff419d1a652e5071557176251c2f51bf06348710d9d2
Opcode Fuzzy Hash: f06bf243582f526bec42ffb9ec50d5808d4a861e13b29192c42f8b76b52ff29c
Instruction Fuzzy Hash: D8812372708B4696EB10CF65E8644E97378FB48748B400236DB9E52E78EF7CD68AC744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF60CFF2E60 Relevance: 66.7, APIs: 33, Strings: 5, Instructions: 170threadwindowCOMMON

Download Yara Rule

APIs

?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFF2E9F
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FF60CFF2EC3
?question@QMessageBox@@SA?AW4StandardButton@1@PEAVQWidget@@AEBVQString@@1V?$QFlags@W4StandardButton@QMessageBox@@@@W421@@Z.QT5WIDGETS ref: 00007FF60CFF2EE3
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFF2EEF
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFF2EFA
?isRunning@QThread@@QEBA_NXZ.QT5CORE ref: 00007FF60CFF2F22
?isRunning@QThread@@QEBA_NXZ.QT5CORE ref: 00007FF60CFF2F3C
?close@QWidget@@QEAA_NXZ.QT5WIDGETS ref: 00007FF60CFF2F59
?hide@QWidget@@QEAAXXZ.QT5WIDGETS ref: 00007FF60CFF2F6B
?hide@QWidget@@QEAAXXZ.QT5WIDGETS ref: 00007FF60CFF2F7D
?hide@QWidget@@QEAAXXZ.QT5WIDGETS ref: 00007FF60CFF2F9B
?hide@QWidget@@QEAAXXZ.QT5WIDGETS ref: 00007FF60CFF2FAD
?close@QSqlDatabase@@QEAAXXZ.QT5SQL ref: 00007FF60CFF2FD6
?currentText@QComboBox@@QEBA?AVQString@@XZ.QT5WIDGETS ref: 00007FF60CFF2FFA
??0QVariant@@QEAA@AEBVQString@@@Z.QT5CORE ref: 00007FF60CFF3008
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFF301B
?setValue@QSettings@@QEAAXAEBVQString@@AEBVQVariant@@@Z.QT5CORE ref: 00007FF60CFF3031
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFF303C
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFF3047
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFF3052
?isChecked@QAbstractButton@@QEBA_NXZ.QT5WIDGETS ref: 00007FF60CFF3066
??0QVariant@@QEAA@_N@Z.QT5CORE ref: 00007FF60CFF3073
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFF3086
?setValue@QSettings@@QEAAXAEBVQString@@AEBVQVariant@@@Z.QT5CORE ref: 00007FF60CFF309C
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFF30A7
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFF30B2
?currentIndex@QTabWidget@@QEBAHXZ.QT5WIDGETS ref: 00007FF60CFF30C3
??0QVariant@@QEAA@H@Z.QT5CORE ref: 00007FF60CFF30CF
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFF30E2
?setValue@QSettings@@QEAAXAEBVQString@@AEBVQVariant@@@Z.QT5CORE ref: 00007FF60CFF30F8
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFF3103
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFF310E
?isChecked@QAbstractButton@@QEBA_NXZ.QT5WIDGETS ref: 00007FF60CFF3122

Strings

tab_index, xrefs: 00007FF60CFF30DB
selectedProxyServer, xrefs: 00007FF60CFF3014
autoconnect_proxy, xrefs: 00007FF60CFF307F
Are you sure?, xrefs: 00007FF60CFF2E8D
Quit, xrefs: 00007FF60CFF2EB1

Memory Dump Source

Source File: 0000000F.00000002.3088052427.00007FF60CFC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF60CFC0000, based on PE: true

Associated: 0000000F.00000002.3088035517.00007FF60CFC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088110305.00007FF60D086000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088157309.00007FF60D101000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088175807.00007FF60D104000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088193777.00007FF60D108000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088211068.00007FF60D10B000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff60cfc0000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Widget@@$Variant@@$?hide@$?from?setArrayAscii_helper@Data@Settings@@TypedValue@Variant@@@$?close@?current?tr@AbstractBox@@Button@@Checked@MessageMetaObject@@Running@StandardThread@@$?question@Box@@@@Button@Button@1@ComboDatabase@@Flags@Index@String@@1String@@@Text@W421@@
String ID: Are you sure?$Quit$autoconnect_proxy$selectedProxyServer$tab_index
API String ID: 2651110133-1171995914
Opcode ID: 48c760900252c9a2d18a90f3b55bdf4bcd8f96fd5b9ffe911a8ce629e7de49d1
Instruction ID: ead5cf36204d568edd1f15bebede96ee4f19844871bd3908ef6996e576a9bd0b
Opcode Fuzzy Hash: 48c760900252c9a2d18a90f3b55bdf4bcd8f96fd5b9ffe911a8ce629e7de49d1
Instruction Fuzzy Hash: 35814032A05A4296EB14DF21E8542FC2330FF85B59F611231DA9F936A4EF7CE559C344

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6687800 Relevance: 64.9, APIs: 27, Strings: 10, Instructions: 180windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF6693F40: ??0QVariant@@QEAA@AEBV0@@Z.QT5CORE(?,?,00000000,00007FFDF6686364), ref: 00007FFDF6693FAA

?isValid@QVariant@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF668783B
??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF6687848
??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF668786C
?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF668787A
?reserve@QByteArray@@QEAAXH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF6687887
??YQByteArray@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF6687898
??YQByteArray@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF66878E1
?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF66878F2
?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF6687900
?reserve@QByteArray@@QEAAXH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF6687911
?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF668791B
?begin@QByteArray@@QEAAPEADXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF6687928
?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF6687950
?cend@QByteArray@@QEBAPEBDXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF668795C
?resize@QByteArray@@QEAAXH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF668799F
??0QVariant@@QEAA@AEBVQByteArray@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF66879AD
??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF66879C4
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF66879CE
??0QByteArray@@QEAA@PEBDH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF66879F0
??0QByteArray@@QEAA@PEBDH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF6687A1A
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF6687A33
?isReadable@QIODevice@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF6687A47
?isOpen@QIODevice@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF6687A59
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF6687A81
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF6687A9C
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF6687AAC
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF66875E4), ref: 00007FFDF6687AB6

Strings

alternative, xrefs: 00007FFDF66878C4
mixed, xrefs: 00007FFDF66878BB
; boundary=", xrefs: 00007FFDF6687931
1.0, xrefs: 00007FFDF6687A0F
could not open device for reading, xrefs: 00007FFDF6687A87
related, xrefs: 00007FFDF66878D6
multipart/, xrefs: 00007FFDF668788D
form-data, xrefs: 00007FFDF66878CD
MIME-Version, xrefs: 00007FFDF66879E5
device is not readable, xrefs: 00007FFDF6687AA2

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Byte$Array@@$String@@$Variant@@$?size@$Logger@@Message$?reserve@Device@@$?begin@?cend@?const?resize@?warning@Array@@@Char@@Data@Open@Readable@V0@@Valid@
String ID: 1.0$; boundary="$MIME-Version$alternative$could not open device for reading$device is not readable$form-data$mixed$multipart/$related
API String ID: 2288370592-1383949304
Opcode ID: c62fdd8d719d8a98891568727c068f6179c777c8b1e49003ebe5d797a25005cb
Instruction ID: ba3595aaa05d26046b77fc0a8063749fe029e3ad486703393ecb86c8119e58c2
Opcode Fuzzy Hash: c62fdd8d719d8a98891568727c068f6179c777c8b1e49003ebe5d797a25005cb
Instruction Fuzzy Hash: 3F816222B08A4695EB10DF34D8749B83B64FF45B98B4452B1D92E43E9CEF3CD94AC740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66A7790 Relevance: 59.8, APIs: 30, Strings: 4, Instructions: 302COMMON

Download Yara Rule

APIs

?isNull@QByteArray@@QEBA_NXZ.QT5CORE ref: 00007FFDF66A77D3
?compare@QString@@QEBAHVQLatin1String@@W4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FFDF66A780F
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66A78A3
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66A78B7
?append@QListData@@QEAAPEAPEAXXZ.QT5CORE ref: 00007FFDF66A78C4
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66A78D9
?isNull@QByteArray@@QEBA_NXZ.QT5CORE ref: 00007FFDF66A78E2
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66A7982
?append@QListData@@QEAAPEAPEAXXZ.QT5CORE ref: 00007FFDF66A798F
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66A7968

Part of subcall function 00007FFDF66A6DF0: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66A6E10
Part of subcall function 00007FFDF66A6DF0: ?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE ref: 00007FFDF66A6E24
Part of subcall function 00007FFDF66A6DF0: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66A6E30
Part of subcall function 00007FFDF66A6DF0: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66A6E42
Part of subcall function 00007FFDF66A6DF0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66A6E67
Part of subcall function 00007FFDF66A6DF0: ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66A6E82
Part of subcall function 00007FFDF66A6DF0: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66A6E8E
Part of subcall function 00007FFDF66A6DF0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66A6EB6
Part of subcall function 00007FFDF66A6DF0: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66A6F07
Part of subcall function 00007FFDF66A6DF0: ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF66A6F15
Part of subcall function 00007FFDF66A6DF0: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66A6F1E

?isNull@QByteArray@@QEBA_NXZ.QT5CORE ref: 00007FFDF66A79AA
??0QString@@QEAA@VQLatin1String@@@Z.QT5CORE ref: 00007FFDF66A79E0
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66A79F4
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66A7A76
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66A7A87
?append@QListData@@QEAAPEAPEAXXZ.QT5CORE ref: 00007FFDF66A7A94
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66A7AA6
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66A7AB9
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66A7ACB
?isNull@QByteArray@@QEBA_NXZ.QT5CORE ref: 00007FFDF66A7AD4
??0QString@@QEAA@VQLatin1String@@@Z.QT5CORE ref: 00007FFDF66A7B07
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66A7B1B
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66A7BA9
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66A7BBA
?append@QListData@@QEAAPEAPEAXXZ.QT5CORE ref: 00007FFDF66A7BC7
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66A7BD9
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66A7BEB
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66A7BFB
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66A7CB7
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF66A7CC5

Part of subcall function 00007FFDF66A3D90: ?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF66A3DCC
Part of subcall function 00007FFDF66A3D90: ??0QString@@QEAA@HW4Initialization@Qt@@@Z.QT5CORE ref: 00007FFDF66A3DE2
Part of subcall function 00007FFDF66A3D90: ?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFDF66A3DEB
Part of subcall function 00007FFDF66A3D90: ?appendLatin1To@QAbstractConcatenable@@KAXPEBDHPEAVQChar@@@Z.QT5CORE ref: 00007FFDF66A3E10
Part of subcall function 00007FFDF66A3D90: ?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF66A3E24
Part of subcall function 00007FFDF66A3D90: ?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFDF66A3E34
Part of subcall function 00007FFDF66A3D90: memcpy.VCRUNTIME140 ref: 00007FFDF66A3E43
Part of subcall function 00007FFDF66A3D90: ?appendLatin1To@QAbstractConcatenable@@KAXPEBDHPEAVQChar@@@Z.QT5CORE ref: 00007FFDF66A3E61

Strings

USER , xrefs: 00007FFDF66A782C, 00007FFDF66A79FE
anonymous, xrefs: 00007FFDF66A77D9
anonymous@, xrefs: 00007FFDF66A7AE6
PASS , xrefs: 00007FFDF66A78FF, 00007FFDF66A7B2A

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Array@@Byte$Data@@List$V0@@$?begin@Latin1$?append@Null@$?append?const?dispose@?size@AbstractChar@@Char@@@Concatenable@@Data@Data@1@@Qt@@@String@@@$?compare@?detach_grow@?end@CaseData@1@Initialization@Sensitivity@memcpy
String ID: PASS $USER $anonymous$anonymous@
API String ID: 38148645-4189793654
Opcode ID: 5b173e4a530d8b213f033df47d33988da5fdd27c021bc82ab8ce30158badd24a
Instruction ID: a28af2ac5fdae146fc6fc1d74c3be5df0b8601109c67d15ec183c22219701530
Opcode Fuzzy Hash: 5b173e4a530d8b213f033df47d33988da5fdd27c021bc82ab8ce30158badd24a
Instruction Fuzzy Hash: 35F15D36B08B8299EB20CF24E8606ED3768FB44758F504275DA5E4BED8EF38D549C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF67277F0 Relevance: 56.2, APIs: 31, Strings: 1, Instructions: 195COMMON

Download Yara Rule

APIs

??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6727801
?isEmpty@QString@@QEBA_NXZ.QT5CORE ref: 00007FFDF6727818
?at@QByteArray@@QEBADH@Z.QT5CORE ref: 00007FFDF672784E
?number@QByteArray@@SA?AV1@HH@Z.QT5CORE ref: 00007FFDF6727874
?number@QByteArray@@SA?AV1@HH@Z.QT5CORE ref: 00007FFDF672788A
?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF6727896
?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF67278A3
?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF67278AF
?reserve@QByteArray@@QEAAXH@Z.QT5CORE ref: 00007FFDF67278BE
?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF67278C7
?begin@QByteArray@@QEAAPEADXZ.QT5CORE ref: 00007FFDF67278D3
?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFDF67278DF
?cend@QByteArray@@QEBAPEBDXZ.QT5CORE ref: 00007FFDF67278EB
?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFDF6727931
?cend@QByteArray@@QEBAPEBDXZ.QT5CORE ref: 00007FFDF672793D
?resize@QByteArray@@QEAAXH@Z.QT5CORE ref: 00007FFDF672797B
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6727986
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6727991
?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF67279A3
?at@QByteArray@@QEBADH@Z.QT5CORE ref: 00007FFDF67279B8
?number@QByteArray@@SA?AV1@IH@Z.QT5CORE ref: 00007FFDF67279E2
?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF67279EE
?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF67279FB
?reserve@QByteArray@@QEAAXH@Z.QT5CORE ref: 00007FFDF6727A0A
?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF6727A13
?begin@QByteArray@@QEAAPEADXZ.QT5CORE ref: 00007FFDF6727A1F
?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFDF6727A31
?cend@QByteArray@@QEBAPEBDXZ.QT5CORE ref: 00007FFDF6727A3D
?resize@QByteArray@@QEAAXH@Z.QT5CORE ref: 00007FFDF6727A7B
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6727A86
?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF6727A95

Strings

., xrefs: 00007FFDF6727849

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Array@@Byte$String@@$?size@$?cend@?const?number@Char@@Data@$?at@?begin@?reserve@?resize@$Empty@
String ID: .
API String ID: 3525849219-248832578
Opcode ID: 94a8118facfa0cd032cb76fafd43ce0091dd01613cf08f42040975f000bfc8d1
Instruction ID: a380f4a92a8ce6d6bb290e402b97579a652aef92ea7c979f87aa7fd5abb4e418
Opcode Fuzzy Hash: 94a8118facfa0cd032cb76fafd43ce0091dd01613cf08f42040975f000bfc8d1
Instruction Fuzzy Hash: 97717F21B0C7868AEB049F25A83853977A5BB86BC5F444270CE5F03F98EF7CD94A8704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66D56C0 Relevance: 50.9, APIs: 27, Strings: 2, Instructions: 175COMMON

Download Yara Rule

APIs

?isEmpty@QString@@QEBA_NXZ.QT5CORE ref: 00007FFDF66D56E0
?reserve@QByteArray@@QEAAXH@Z.QT5CORE ref: 00007FFDF66D56F2
?read@QIODevice@@QEAA_JPEAD_J@Z.QT5CORE ref: 00007FFDF66D571E
?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF66D5743
?append@QByteArray@@QEAAAEAV1@D@Z.QT5CORE ref: 00007FFDF66D576F
?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF66D5778
?startsWith@QByteArray@@QEBA_NPEBD@Z.QT5CORE ref: 00007FFDF66D578D
?clear@QByteArray@@QEAAXXZ.QT5CORE ref: 00007FFDF66D57B8

Strings

HTTP/, xrefs: 00007FFDF66D5806
HTTP/, xrefs: 00007FFDF66D5783

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Array@@Byte$String@@$?size@$?append@?clear@?read@?reserve@?startsDevice@@Empty@With@
String ID: HTTP/$HTTP/
API String ID: 378662063-1049685889
Opcode ID: b9a08e5c9eac85c8446db2f5a7ad2771d4ec4da3678440d996bb36ba7e239436
Instruction ID: 6f36fa08af97c2b4ece7356c836684eca8cfaf016975e85904970519c5a1a1d0
Opcode Fuzzy Hash: b9a08e5c9eac85c8446db2f5a7ad2771d4ec4da3678440d996bb36ba7e239436
Instruction Fuzzy Hash: 8461B722B0864286FB209F25E874B793365EF41BA5F545175CD6E06ED8EF3CE88AC700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6735700 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 130COMMON

Download Yara Rule

APIs

??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF6735720
??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF6735734
??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF6735748
??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF673575C
??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF6735770
??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF6735784
??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF6735798
??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF67357AC
??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF67357C0

Part of subcall function 00007FFDF6730E20: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF6730E5F
Part of subcall function 00007FFDF6730E20: ?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE ref: 00007FFDF6730E76
Part of subcall function 00007FFDF6730E20: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF6730E82
Part of subcall function 00007FFDF6730E20: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF6730E94
Part of subcall function 00007FFDF6730E20: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF6730EB7
Part of subcall function 00007FFDF6730E20: ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF6730ED2
Part of subcall function 00007FFDF6730E20: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF6730EDE
Part of subcall function 00007FFDF6730E20: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF6730F06
Part of subcall function 00007FFDF6730E20: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6730F59
Part of subcall function 00007FFDF6730E20: ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF6730F67
Part of subcall function 00007FFDF6730E20: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF6730F70
Part of subcall function 00007FFDF6730E20: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF6730F82

Part of subcall function 00007FFDF6730E20: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF6730FA8
Part of subcall function 00007FFDF6730E20: ?append@QListData@@QEAAPEAPEAXXZ.QT5CORE ref: 00007FFDF6730FB1

??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6735897
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF67358A5
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF67358B9
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF67358C3
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF67358CD
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF67358D7
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF67358E1
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF67358EB
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF67358F5
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF67358FF
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6735909

Strings

/etc/ssl/, xrefs: 00007FFDF673570F
/etc/ssl/certs/, xrefs: 00007FFDF67357B5
/usr/local/ssl/, xrefs: 00007FFDF6735779
/opt/openssl/certs/, xrefs: 00007FFDF6735729
/etc/openssl/certs/, xrefs: 00007FFDF673573D
/usr/share/ssl/, xrefs: 00007FFDF673578D
/var/ssl/certs/, xrefs: 00007FFDF6735765
/usr/lib/ssl/certs/, xrefs: 00007FFDF67357A1
/usr/local/ssl/certs/, xrefs: 00007FFDF6735751

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Array@@Byte$Data@@List$?begin@$V0@@$?dispose@Data@1@@$?append@?detach_grow@?end@Data@1@
String ID: /etc/openssl/certs/$/etc/ssl/$/etc/ssl/certs/$/opt/openssl/certs/$/usr/lib/ssl/certs/$/usr/local/ssl/$/usr/local/ssl/certs/$/usr/share/ssl/$/var/ssl/certs/
API String ID: 343098008-1513479150
Opcode ID: 3c8d9e43ba82f16890952a124e7e40704255db64f5ef72055e51a91a95f569a6
Instruction ID: 692e8667de04b4e38e884b88aea204a00c8c9e980c04248ab649318c6497145e
Opcode Fuzzy Hash: 3c8d9e43ba82f16890952a124e7e40704255db64f5ef72055e51a91a95f569a6
Instruction Fuzzy Hash: A0510222B18A1695EB10EF65D8718F93325FF44B89B501135D91E07EACFF6CD98AC340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66A979E Relevance: 42.1, APIs: 13, Strings: 11, Instructions: 80COMMON

Download Yara Rule

APIs

??0QString@@QEAA@VQLatin1String@@@Z.QT5CORE ref: 00007FFDF66A97D0
?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FFDF66A97DE
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66A97E8
?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66A9812
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66A981C
?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66A9844
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66A984E
?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66A9876
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66A9880
?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66A98A8
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66A98B2
?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66A98DA
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66A98E4

Part of subcall function 00007FFDF6715820: ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,00007FFDF67152E8,?,?,?,00007FFDF66A3D69), ref: 00007FFDF6715835
Part of subcall function 00007FFDF6715820: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,00007FFDF67152E8,?,?,?,00007FFDF66A3D69), ref: 00007FFDF6715847
Part of subcall function 00007FFDF6715820: ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,00007FFDF67152E8,?,?,?,00007FFDF66A3D69), ref: 00007FFDF67158AD
Part of subcall function 00007FFDF6715820: ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,00007FFDF67152E8,?,?,?,00007FFDF66A3D69), ref: 00007FFDF67158CA
Part of subcall function 00007FFDF6715820: ?deleteLater@QObject@@QEAAXXZ.QT5CORE(?,?,?,00007FFDF67152E8,?,?,?,00007FFDF66A3D69), ref: 00007FFDF67158EC

Strings

1socketError(QAbstractSocket::SocketError), xrefs: 00007FFDF66A9858
1socketReadyRead(), xrefs: 00007FFDF66A9826
2connected(), xrefs: 00007FFDF66A97FB
2bytesWritten(qint64), xrefs: 00007FFDF66A98C7
QFtpDTP Active state socket, xrefs: 00007FFDF66A97BC
1socketBytesWritten(qint64), xrefs: 00007FFDF66A98BC
2readyRead(), xrefs: 00007FFDF66A9831
1socketConnected(), xrefs: 00007FFDF66A97F2
1socketConnectionClosed(), xrefs: 00007FFDF66A988A
2error(QAbstractSocket::SocketError), xrefs: 00007FFDF66A9863
2disconnected(), xrefs: 00007FFDF66A9895

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Object@@$Connection@Meta$?connect@ConnectionQt@@@Type@$Data@@List$?dispose@Data@1@@String@@String@@@$?begin@?delete?end@?setLater@Latin1Name@Object
String ID: 1socketBytesWritten(qint64)$1socketConnected()$1socketConnectionClosed()$1socketError(QAbstractSocket::SocketError)$1socketReadyRead()$2bytesWritten(qint64)$2connected()$2disconnected()$2error(QAbstractSocket::SocketError)$2readyRead()$QFtpDTP Active state socket
API String ID: 913286721-2328112770
Opcode ID: ced64c1eeb317e209d335217329a4daa5e92d5650e10a7b6c821b52e00594725
Instruction ID: e7bec81176cc43aa8378a84fe08afb1cb50795ed20eba33217d14b34e7aac6af
Opcode Fuzzy Hash: ced64c1eeb317e209d335217329a4daa5e92d5650e10a7b6c821b52e00594725
Instruction Fuzzy Hash: CE41E072B08B16D6EB10CF65E9648AC3374FB48748B500176DA5E53EACEF38D69AC740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6717520 Relevance: 40.7, APIs: 27, Instructions: 213timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF6714530: ??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FFDF671454F
Part of subcall function 00007FFDF6714530: ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF671455F

??0QByteArray@@QEAA@HD@Z.QT5CORE ref: 00007FFDF67175AA
?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF67175B4
?begin@QByteArray@@QEAAPEADXZ.QT5CORE ref: 00007FFDF67175C1

Part of subcall function 00007FFDF6714810: ??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FFDF6714841
Part of subcall function 00007FFDF6714810: ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF6714851

??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF67175ED
?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFDF6717618
?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF6717625
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6717638

Part of subcall function 00007FFDF66F7970: ??0QSharedData@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00000000,00007FFDF67307A7,?,?,?,00007FFDF6746CBE,?,?,00000000,00007FFDF6730752), ref: 00007FFDF66F798D
Part of subcall function 00007FFDF66F7970: ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00000000,00007FFDF67307A7,?,?,?,00007FFDF6746CBE,?,?,00000000,00007FFDF6730752), ref: 00007FFDF66F7997

Part of subcall function 00007FFDF671A170: ?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF6719F52), ref: 00007FFDF671A1A0
Part of subcall function 00007FFDF671A170: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF6719F52), ref: 00007FFDF671A1B6
Part of subcall function 00007FFDF671A170: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF6719F52), ref: 00007FFDF671A1D5
Part of subcall function 00007FFDF671A170: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFDF6719F52), ref: 00007FFDF671A24C

?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF671768D
??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF67176A4
??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF67176B1
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF67176BB
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF67176E9
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE ref: 00007FFDF67176FF
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF671770B
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF671771C

Part of subcall function 00007FFDF67199F0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF6719A37

?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF671773E
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF671774A
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF6717776
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF67177CE

Part of subcall function 00007FFDF6759290: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDF668328F), ref: 00007FFDF67592AA

?append@QListData@@QEAAPEAPEAXXZ.QT5CORE ref: 00007FFDF67177DE
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF67177FB
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6717826
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6717830
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF671783A
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF671789E
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF67178A8
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF67178B2

Part of subcall function 00007FFDF67147B0: ??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FFDF67147CF
Part of subcall function 00007FFDF67147B0: ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF67147DF

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Array@@Byte$String@@$Data@@$List$?begin@?size@Logger@@Message$V0@@$?warning@$?constChar@@Data@$?append@?detach_grow@?end@Data@1@DateSharedTime@@V0@$$malloc
String ID:
API String ID: 3322277849-0
Opcode ID: c0e21c67cf75e3fe747dcf8ff38d2e88b10c5282d4ae763abdd20a76f918ed55
Instruction ID: ef8066f0e41586cb7729df301ae551463cea71c1942b594e2925035273b66274
Opcode Fuzzy Hash: c0e21c67cf75e3fe747dcf8ff38d2e88b10c5282d4ae763abdd20a76f918ed55
Instruction Fuzzy Hash: 7CA14C26B08A4296EB10DF25E4746BD7364FB84B88F404572DA6E43EE9EF38D54AC300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF668D840 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 147COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF6696840: ??0QUrl@@QEAA@AEBV0@@Z.QT5CORE(?,?,00000000,00007FFDF6685F0E), ref: 00007FFDF6696853

?scheme@QUrl@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FFDF668D894
?compare@QString@@QEBAHVQLatin1String@@W4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FFDF668D8A4
?isLocalFile@QUrl@@QEBA_NXZ.QT5CORE ref: 00007FFDF668D8B2
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF668D8C6
?scheme@QUrl@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FFDF668D8FC
?isEmpty@QString@@QEBA_NXZ.QT5CORE ref: 00007FFDF668D905
?authority@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z.QT5CORE ref: 00007FFDF668D91F
?isEmpty@QString@@QEBA_NXZ.QT5CORE ref: 00007FFDF668D928
?scheme@QUrl@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FFDF668D93F
?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF668D948
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF668D967
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF668D979
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF668D98C
?toString@QUrl@@QEBA?AVQString@@V?$QUrlTwoFlags@W4UrlFormattingOption@QUrl@@W4ComponentFormattingOption@2@@@@Z.QT5CORE ref: 00007FFDF668D9A9
??0QFileInfo@@QEAA@AEBVQString@@@Z.QT5CORE ref: 00007FFDF668D9B6
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF668D9C0
?exists@QFileInfo@@QEBA_NXZ.QT5CORE ref: 00007FFDF668D9CA
?dir@QFileInfo@@QEBA?AVQDir@@XZ.QT5CORE ref: 00007FFDF668D9E5
?exists@QDir@@QEBA_NXZ.QT5CORE ref: 00007FFDF668D9EE
??1QDir@@QEAA@XZ.QT5CORE ref: 00007FFDF668DA09
??1QFileInfo@@QEAA@XZ.QT5CORE ref: 00007FFDF668DA2D
??1QUrl@@QEAA@XZ.QT5CORE ref: 00007FFDF668DA3C

Strings

qrc, xrefs: 00007FFDF668D871

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Url@@$FileInfo@@$?scheme@Dir@@Formatting$?exists@ComponentEmpty@Flags@Option@$?authority@?compare@?dir@?size@CaseFile@Latin1LocalOption@2@@@@Qt@@@Sensitivity@String@String@@@Url@@@@@V0@@
String ID: qrc
API String ID: 3580839574-1673588963
Opcode ID: 1de6d75ad68d28835c68548db97a6485371a92565bbd6b5c457c82351fa25ace
Instruction ID: 5b94535de96610024341dc38e67bfa6ffc5c3049f6fff34a2f6296ef91149167
Opcode Fuzzy Hash: 1de6d75ad68d28835c68548db97a6485371a92565bbd6b5c457c82351fa25ace
Instruction Fuzzy Hash: EB515C22B08A1295FB009F74D874AB83378EF44798F405675D92E52EECEF2CD98AC750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6695660 Relevance: 37.7, APIs: 25, Instructions: 186COMMON

Download Yara Rule

APIs

?size@QListData@@QEBAHXZ.QT5CORE(00000000,?,00000001,?,00007FFDF6695655,?,?,00000000,00007FFDF66E2CA9), ref: 00007FFDF669567D
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFDF66E2CA9), ref: 00007FFDF66956A2
?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE(?,?,00000000,00007FFDF66E2CA9), ref: 00007FFDF66956B0
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFDF66E2CA9), ref: 00007FFDF66956BC
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFDF66E2CA9), ref: 00007FFDF66956C8
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,00000000,00007FFDF66E2CA9), ref: 00007FFDF66956E7
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFDF66E2CA9), ref: 00007FFDF6695737
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,00000000,00007FFDF66E2CA9), ref: 00007FFDF6695745
?realloc@QListData@@QEAAXH@Z.QT5CORE(?,?,00000000,00007FFDF66E2CA9), ref: 00007FFDF669574F
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFDF66E2CA9), ref: 00007FFDF6695758
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFDF66E2CA9), ref: 00007FFDF6695764
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66957A2
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE ref: 00007FFDF66957B9
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66957C5
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66957D7
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66957F7
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF6695819
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF6695825
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF6695846
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6695897
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF66958A5
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66958AE
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66958C2
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,00000000,00007FFDF66E2CA9), ref: 00007FFDF66958CF
?append@QListData@@QEAAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFDF66E2CA9), ref: 00007FFDF66958D8

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Data@@List$?begin@$Array@@Byte$V0@@$?end@$?dispose@Data@1@Data@1@@$?append@?detach@?detach_grow@?realloc@?size@
String ID:
API String ID: 1400189274-0
Opcode ID: e9ac4835167f14f2809d85a976cf1b8148f66709bfbe63671945405eae455789
Instruction ID: 6e8be50b5e310fde0b24725c7538d6e948b712919e52bb525e16e5dc2e45e68e
Opcode Fuzzy Hash: e9ac4835167f14f2809d85a976cf1b8148f66709bfbe63671945405eae455789
Instruction Fuzzy Hash: A2719D26F19A1686EB109F15A8649793368FB45F95B444271CE2E47FECEF3CE886C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66AD6D0 Relevance: 36.9, APIs: 15, Strings: 6, Instructions: 122COMMON

Download Yara Rule

APIs

?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66AD6F7
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66AD705
?compare@QByteArray@@QEBAHPEBDW4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FFDF66AD730
?toLongLong@QByteArray@@QEBA_JPEA_NH@Z.QT5CORE ref: 00007FFDF66AD744
?compare@QByteArray@@QEBAHPEBDW4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FFDF66AD766
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66AD779
?startsWith@QByteArray@@QEBA_NPEBD@Z.QT5CORE ref: 00007FFDF66AD78B
?startsWith@QByteArray@@QEBA_NPEBD@Z.QT5CORE ref: 00007FFDF66AD7A1
?endsWith@QByteArray@@QEBA_NPEBD@Z.QT5CORE ref: 00007FFDF66AD7BB
?endsWith@QByteArray@@QEBA_NPEBD@Z.QT5CORE ref: 00007FFDF66AD7D1
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66AD7E7
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66AD861
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66AD86A
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF66AD885
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66AD8A7

Strings

text/, xrefs: 00007FFDF66AD77F
content-type, xrefs: 00007FFDF66AD75C
javascript, xrefs: 00007FFDF66AD7AF
application/, xrefs: 00007FFDF66AD795
content-length, xrefs: 00007FFDF66AD723
ecmascript, xrefs: 00007FFDF66AD7C5

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Array@@Byte$With@$Data@@List$?compare@?ends?startsCaseQt@@@Sensitivity@$?begin@?dispose@?end@Data@1@@LongLong@V0@@
String ID: application/$content-length$content-type$ecmascript$javascript$text/
API String ID: 3071422044-756080929
Opcode ID: 9c8a501be1b093545f216e3dfcc28588d1417148850f328270932dcaa4ab4f7c
Instruction ID: 7a59b3ee538010ed4ab0c0dac4e370a44ba0d64a6965da08631a20f2c47972da
Opcode Fuzzy Hash: 9c8a501be1b093545f216e3dfcc28588d1417148850f328270932dcaa4ab4f7c
Instruction Fuzzy Hash: 80518122B0894291EB10DF15E474AB97378EF85B94F941171DA6D07DE8EF2DE84AC700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66857A0 Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 179COMMON

Download Yara Rule

APIs

??0QBasicMutex@@QEAA@XZ.QT5CORE ref: 00007FFDF66857CD
?setHost@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE ref: 00007FFDF66857E0
?setPort@QUrl@@QEAAXH@Z.QT5CORE ref: 00007FFDF66857EC
??0QString@@QEAA@VQLatin1String@@@Z.QT5CORE ref: 00007FFDF6685815
?setScheme@QUrl@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FFDF6685823
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF668582D

Part of subcall function 00007FFDF6692C20: ??0QSharedData@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFDF6696996), ref: 00007FFDF6692C45
Part of subcall function 00007FFDF6692C20: ??0QBasicMutex@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFDF6696996), ref: 00007FFDF6692C80
Part of subcall function 00007FFDF6692C20: ??4QUrl@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,?,00000000), ref: 00007FFDF6692CCE

??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF6685891
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66858F8
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF6685906
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6685910
??0QVariant@@QEAA@_N@Z.QT5CORE ref: 00007FFDF6685929
??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF6685958

Part of subcall function 00007FFDF6685A70: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,00007FFDF66858AF), ref: 00007FFDF6685A8B
Part of subcall function 00007FFDF6685A70: ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,00007FFDF66858AF), ref: 00007FFDF6685A97
Part of subcall function 00007FFDF6685A70: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,00007FFDF66858AF), ref: 00007FFDF6685AB3
Part of subcall function 00007FFDF6685A70: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,00007FFDF66858AF), ref: 00007FFDF6685ABE
Part of subcall function 00007FFDF6685A70: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,00007FFDF66858AF), ref: 00007FFDF6685ACB
Part of subcall function 00007FFDF6685A70: ?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,00007FFDF66858AF), ref: 00007FFDF6685AD7
Part of subcall function 00007FFDF6685A70: ?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,00007FFDF66858AF), ref: 00007FFDF6685AE3
Part of subcall function 00007FFDF6685A70: memcmp.VCRUNTIME140(?,?,?,00007FFDF66858AF), ref: 00007FFDF6685AF2

??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66859C7
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF66859D5
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66859DF
??0QVariant@@QEAA@_N@Z.QT5CORE ref: 00007FFDF66859F0
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF6685A0C
??1QUrl@@QEAA@XZ.QT5CORE ref: 00007FFDF6685A44

Strings

preconnect-https, xrefs: 00007FFDF66857F2
spdy/3, xrefs: 00007FFDF668594D

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Array@@Byte$Data@@Url@@$List$?set?size@Variant@@$?const?dispose@BasicChar@@Data@Data@1@@Mutex@@String@@@$?begin@?end@Host@Latin1Mode@1@@ParsingPort@Scheme@SharedV0@@memcmp
String ID: preconnect-https$spdy/3
API String ID: 2419606996-1821861327
Opcode ID: ce5eb206166f7991eaf31f39ad989bd0dda4e83f1fa2a1e98cdab017a5dd70e5
Instruction ID: 9ad56ad8e3bf150555f810c772cb77ee3b4997d11055e1254a349e0eac3d9de3
Opcode Fuzzy Hash: ce5eb206166f7991eaf31f39ad989bd0dda4e83f1fa2a1e98cdab017a5dd70e5
Instruction Fuzzy Hash: D8814B22B0894299EB50DF35E4A0AFD3365EF90758F844172DE1E13D9CEE38E90AC740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6727500 Relevance: 34.7, APIs: 23, Instructions: 210memoryCOMMON

Download Yara Rule

APIs

?data@QArrayData@@QEBAPEBXXZ.QT5CORE ref: 00007FFDF6727563
?data@QArrayData@@QEBAPEBXXZ.QT5CORE ref: 00007FFDF6727577

Part of subcall function 00007FFDF67272D0: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF67272F0

?data@QArrayData@@QEBAPEBXXZ.QT5CORE ref: 00007FFDF672759E
?data@QArrayData@@QEBAPEBXXZ.QT5CORE ref: 00007FFDF67275AA
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF67275DC
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF67275EC
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF67275F7
?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z.QT5CORE ref: 00007FFDF6727616
?data@QArrayData@@QEBAPEBXXZ.QT5CORE ref: 00007FFDF6727626
?data@QArrayData@@QEBAPEBXXZ.QT5CORE ref: 00007FFDF672763B
?data@QArrayData@@QEBAPEBXXZ.QT5CORE ref: 00007FFDF6727647
?data@QArrayData@@QEBAPEBXXZ.QT5CORE ref: 00007FFDF672765A
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF6727685
memcpy.VCRUNTIME140 ref: 00007FFDF67276A6
?data@QArrayData@@QEBAPEBXXZ.QT5CORE ref: 00007FFDF67276BA
?data@QArrayData@@QEBAPEBXXZ.QT5CORE ref: 00007FFDF67276CE
?data@QArrayData@@QEBAPEBXXZ.QT5CORE ref: 00007FFDF67276F5
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF672771C
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF672772C
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6727737
?data@QArrayData@@QEBAPEBXXZ.QT5CORE ref: 00007FFDF6727740
?sharedNull@QArrayData@@SAPEAU1@XZ.QT5CORE ref: 00007FFDF672776B
?deallocate@QArrayData@@SAXPEAU1@_K1@Z.QT5CORE ref: 00007FFDF67277BD

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Array$Data@@$?data@$Array@@Byte$V0@@$String@@U1@_$?allocate@?deallocate@?sharedAllocationData@@@@@Flags@Null@Option@memcpy
String ID:
API String ID: 3796595600-0
Opcode ID: 029e8bbf3a7c3cf4d02fc658622c3b2109aa8bc900f98d99ad34ee1e876812a7
Instruction ID: fb9e4af57a9b4ce9a0475805f9d88a60931d7ff0ce6c5a0b73fecb5a6da8084d
Opcode Fuzzy Hash: 029e8bbf3a7c3cf4d02fc658622c3b2109aa8bc900f98d99ad34ee1e876812a7
Instruction Fuzzy Hash: 69815062B0968286EB10DF15E6749B973A4FB45F95B094231CE2E47F98EF3CE846C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66BD7C0 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 140COMMON

Download Yara Rule

APIs

?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z.QT5CORE ref: 00007FFDF66BD821
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z.QT5CORE ref: 00007FFDF66BD864
??0QVariant@@QEAA@H@Z.QT5CORE ref: 00007FFDF66BD8B1
?setProperty@QObject@@QEAA_NPEBDAEBVQVariant@@@Z.QT5CORE ref: 00007FFDF66BD8C6
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF66BD8D1
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66BD900
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66BD90E
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66BD982
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66BD98D
??0QVariant@@QEAA@H@Z.QT5CORE ref: 00007FFDF66BD99A
?setProperty@QObject@@QEAA_NPEBDAEBVQVariant@@@Z.QT5CORE ref: 00007FFDF66BD9AF
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF66BD9BA
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66BD9ED

Strings

HTTP2StreamID, xrefs: 00007FFDF66BD8BF, 00007FFDF66BD9A8
1_q_uploadDataReadyRead(), xrefs: 00007FFDF66BD95C
2destroyed(QObject*), xrefs: 00007FFDF66BD8EE
2readyRead(), xrefs: 00007FFDF66BD973
1_q_replyDestroyed(QObject*), xrefs: 00007FFDF66BD8D7

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Object@@$Connection@MetaVariant@@$?connect@?get?setConnectionCountData@ExternalObject@@@Pointer@@Property@Qt@@@Ref@SharedType@U12@Variant@@@$String@@
String ID: 1_q_replyDestroyed(QObject*)$1_q_uploadDataReadyRead()$2destroyed(QObject*)$2readyRead()$HTTP2StreamID
API String ID: 334285360-237629884
Opcode ID: 6a62c076009e8dd64c6f75dce9c84cb38b34fa5427d97740aa1b2be1f3c68640
Instruction ID: f865060d4d12ebd17090bc7ea9ab9b9710ccb1d99f2a0c733b2102aaf35e1d7d
Opcode Fuzzy Hash: 6a62c076009e8dd64c6f75dce9c84cb38b34fa5427d97740aa1b2be1f3c68640
Instruction Fuzzy Hash: E4618232718A8696D714DF21E860BAE7368FB84B54F444135DA6D47E9CEF3CD94ACB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF668F770 Relevance: 31.6, APIs: 21, Instructions: 104timeCOMMON

Download Yara Rule

APIs

?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF668F798

Part of subcall function 00007FFDF668F910: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,00007FFDF668F7AB), ref: 00007FFDF668F924
Part of subcall function 00007FFDF668F910: ?at@QByteArray@@QEBADH@Z.QT5CORE(?,?,?,00007FFDF668F7AB), ref: 00007FFDF668F945
Part of subcall function 00007FFDF668F910: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,00007FFDF668F7AB), ref: 00007FFDF668F95A

?indexOf@QByteArray@@QEBAHDH@Z.QT5CORE ref: 00007FFDF668F7B6
?indexOf@QByteArray@@QEBAHDH@Z.QT5CORE ref: 00007FFDF668F7CB
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF668F7E5
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF668F7F3
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF668F7FF
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF668F80C
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF668F817
?mid@QByteArray@@QEBA?AV1@HH@Z.QT5CORE ref: 00007FFDF668F83A
?trimmed@QByteArray@@QEHAA?AV1@XZ.QT5CORE ref: 00007FFDF668F848
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF668F853
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF668F85E
?mid@QByteArray@@QEBA?AV1@HH@Z.QT5CORE ref: 00007FFDF668F87E
?trimmed@QByteArray@@QEHAA?AV1@XZ.QT5CORE ref: 00007FFDF668F88C
??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF668F89A
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF668F8A5
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF668F8B0
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF668F8C1
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF668F8D0
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF668F8DB
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF668F8E6

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Array@@Byte$String@@$V0@@$?size@$?index?mid@?trimmed@$?at@DateTime@@V0@$$
String ID:
API String ID: 2136887296-0
Opcode ID: 350fba93a85a3b3bd586205a24f5351de2b50aa0372b9882eb9cc7058acaaacc
Instruction ID: d3b71fb0f5898db9e87ac362ef38a2d6df73512f5694596f7bd2e7a09c01c14e
Opcode Fuzzy Hash: 350fba93a85a3b3bd586205a24f5351de2b50aa0372b9882eb9cc7058acaaacc
Instruction Fuzzy Hash: DB412D32718A4396EB10DF26E8748697774FF84B84B405171DA5E43EA8EF7CD94ACB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF668D6B0 Relevance: 30.2, APIs: 20, Instructions: 172timeCOMMON

Download Yara Rule

APIs

?isOpen@QIODevice@@QEBA_NXZ.QT5CORE ref: 00007FFDF6699302
?size@QListData@@QEBAHXZ.QT5CORE ref: 00007FFDF6699356
?isEmpty@QListData@@QEBA_NXZ.QT5CORE ref: 00007FFDF6699370
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF669939B
?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF66993AB
?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFDF66993B8
??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF66993CA
??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF66993D6
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66993E1
?at@QListData@@QEBAPEAPEAXH@Z.QT5CORE ref: 00007FFDF6699409
?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF669941E
?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFDF669942A
?write@QIODevice@@QEAA_JPEBD_J@Z.QT5CORE ref: 00007FFDF669943D
?append@QRingBuffer@@QEAAXAEBVQByteArray@@@Z.QT5CORE ref: 00007FFDF669944D
?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF6699456
?size@QListData@@QEBAHXZ.QT5CORE ref: 00007FFDF6699468
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66994CA
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF66994D8
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6699527
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF6699535

Part of subcall function 00007FFDF669A530: ?toInt@QVariant@@QEBAHPEA_N@Z.QT5CORE ref: 00007FFDF669A557
Part of subcall function 00007FFDF669A530: ??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF669A563

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Data@@List$?size@ByteString@@$Array@@$?const?dispose@Char@@Data@Data@1@@Device@@Variant@@$?append@?at@?begin@?write@Array@@@Buffer@@DateEmpty@Int@Open@RingTime@@V0@$$V0@@
String ID:
API String ID: 236719278-0
Opcode ID: f1497239347153833c791ae8080fc6c9f60b9718698e65bb3f8e13987b76f10a
Instruction ID: ce0b24b703495b85d2efa84bce46d614ad571b1b8c3e0d3cc493c6f30c4a9f9b
Opcode Fuzzy Hash: f1497239347153833c791ae8080fc6c9f60b9718698e65bb3f8e13987b76f10a
Instruction Fuzzy Hash: CA713032B09A5286E7109F21A464A7933A8FB44F89F494275DE2E43F9DDF3CE956C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6687660 Relevance: 29.8, APIs: 9, Strings: 8, Instructions: 76COMMON

Download Yara Rule

APIs

?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z.QT5CORE ref: 00007FFDF6687684
?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66876DD
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66876E8
?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF6687711
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF668771C
?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF6687745
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF6687750
?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF6687779
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF6687784

Strings

2preSharedKeyAuthenticationRequired(QSslPreSharedKeyAuthenticator*), xrefs: 00007FFDF6687762
1_q_replySslErrors(QList<QSslError>), xrefs: 00007FFDF6687722
1_q_replyFinished(), xrefs: 00007FFDF66876BA
1_q_replyPreSharedKeyAuthenticationRequired(QSslPreSharedKeyAuthenticator*), xrefs: 00007FFDF6687756
2encrypted(), xrefs: 00007FFDF66876FA
2sslErrors(QList<QSslError>), xrefs: 00007FFDF668772E
1_q_replyEncrypted(), xrefs: 00007FFDF66876EE
2finished(), xrefs: 00007FFDF66876C6

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Object@@$Connection@Meta$?connect@ConnectionQt@@@Type@$?getCountData@ExternalObject@@@Pointer@@Ref@SharedU12@
String ID: 1_q_replyEncrypted()$1_q_replyFinished()$1_q_replyPreSharedKeyAuthenticationRequired(QSslPreSharedKeyAuthenticator*)$1_q_replySslErrors(QList<QSslError>)$2encrypted()$2finished()$2preSharedKeyAuthenticationRequired(QSslPreSharedKeyAuthenticator*)$2sslErrors(QList<QSslError>)
API String ID: 88705724-258905617
Opcode ID: 88f14113e6574b2db36c1229bf9c35dd5e1a4878f5f58fcdcc89dd9e9186a99c
Instruction ID: ff2abd32538b721e692f02565791155067623da3a93fd3cc6c45884076bd09ae
Opcode Fuzzy Hash: 88f14113e6574b2db36c1229bf9c35dd5e1a4878f5f58fcdcc89dd9e9186a99c
Instruction Fuzzy Hash: 0F317072709B4685EB509F25E9609B87768FB48B94F040271DE5D12EA8EF3CD98BC700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D99D54 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 93libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FFDF5D99D7E
GetModuleHandleW.KERNEL32 ref: 00007FFDF5D99D93
GetProcAddress.KERNEL32 ref: 00007FFDF5D99DAF
GetProcAddress.KERNEL32 ref: 00007FFDF5D99DC2
GetProcAddress.KERNEL32 ref: 00007FFDF5D99DD5
CreateEventW.KERNEL32 ref: 00007FFDF5D99E4C

Part of subcall function 00007FFDF5D99D3C: _onexit.LIBCMT ref: 00007FFDF5D99D40

__scrt_fastfail.LIBCMT ref: 00007FFDF5D99E83
__scrt_fastfail.LIBCMT ref: 00007FFDF5D99E8E
__scrt_fastfail.LIBCMT ref: 00007FFDF5D99E99
DeleteCriticalSection.KERNEL32 ref: 00007FFDF5D99EAB
CloseHandle.KERNEL32 ref: 00007FFDF5D99EBD

Strings

InitializeConditionVariable, xrefs: 00007FFDF5D99DA5
kernel32.dll, xrefs: 00007FFDF5D99D8C
WakeAllConditionVariable, xrefs: 00007FFDF5D99DC8
SleepConditionVariableCS, xrefs: 00007FFDF5D99DB5
api-ms-win-core-synch-l1-2-0.dll, xrefs: 00007FFDF5D99D77

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID: AddressHandleProc__scrt_fastfail$Module$CloseCreateCriticalDeleteEventSection_onexit
String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 1097833127-1714406822
Opcode ID: d02a69a7411d751e7995a2565a30ce3bf57883ae812f0cc932bd3746a903c3b9
Instruction ID: bb373a7969cbbba023b637242375ec7dbdfa04ba056e1e43b9ede83d3b5f6e8f
Opcode Fuzzy Hash: d02a69a7411d751e7995a2565a30ce3bf57883ae812f0cc932bd3746a903c3b9
Instruction Fuzzy Hash: EC414F60B0BA0E92FF14AB20EC75B752361AF46F58F944039C92E47AEDEF2DA445C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6729820 Relevance: 27.3, APIs: 18, Instructions: 285COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF6744FD0: ?globalInstanceGet@QMutexPool@@SAPEAVQMutex@@PEBX@Z.QT5CORE(?,?,?,?,?,00007FFDF6729859,?,?,?,?,?,?,?,00007FFDF6728046), ref: 00007FFDF6744FE7
Part of subcall function 00007FFDF6744FD0: ?lock@QMutex@@QEAAXXZ.QT5CORE(?,?,?,?,?,00007FFDF6729859,?,?,?,?,?,?,?,00007FFDF6728046), ref: 00007FFDF6744FFA
Part of subcall function 00007FFDF6744FD0: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FFDF6729859,?,?,?,?,?,?,?,00007FFDF6728046), ref: 00007FFDF6745109
Part of subcall function 00007FFDF6744FD0: ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,00007FFDF6729859,?,?,?,?,?,?,?,00007FFDF6728046), ref: 00007FFDF6745117
Part of subcall function 00007FFDF6744FD0: ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FFDF6729859,?,?,?,?,?,?,?,00007FFDF6728046), ref: 00007FFDF6745122

?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFDF6728046), ref: 00007FFDF67298C5
??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFDF6728046), ref: 00007FFDF6729917
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFDF6728046), ref: 00007FFDF6729925
?isEmpty@QListData@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,00007FFDF6728046), ref: 00007FFDF672992F
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFDF6728046), ref: 00007FFDF6729948
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFDF6728046), ref: 00007FFDF6729C15

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Data@@List$?dispose@Data@1@@$Array@@ByteMutex@@String@@$?global?lock@Empty@Get@InstanceMutexPool@@V0@@
String ID:
API String ID: 3050649312-0
Opcode ID: 110a1d17d103739b19caba1ecdf90705a5a52a839ab9ebf812840503f2738955
Instruction ID: a6b002267d00878349492e688cf18ccb6127a7336ea77e41c0fa20b71a698aad
Opcode Fuzzy Hash: 110a1d17d103739b19caba1ecdf90705a5a52a839ab9ebf812840503f2738955
Instruction Fuzzy Hash: 77C15B32B15A4286EB248F26D8B05B93364FB51B95B5D4235CE6E13EDDDF2DE842CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF67134E0 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 277timeCOMMON

Download Yara Rule

APIs

?start@QElapsedTimer@@QEAAXXZ.QT5CORE ref: 00007FFDF671355A
?property@QObject@@QEBA?AVQVariant@@PEBD@Z.QT5CORE ref: 00007FFDF671356E
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF6713584
?elapsed@QElapsedTimer@@QEBA_JXZ.QT5CORE ref: 00007FFDF67137BA
?elapsed@QElapsedTimer@@QEBA_JXZ.QT5CORE ref: 00007FFDF67137C9
?qt_subtract_from_timeout@@YAHHH@Z.QT5CORE ref: 00007FFDF67137D5

Strings

Socket operation timed out, xrefs: 00007FFDF6713856
_q_networksession, xrefs: 00007FFDF6713560

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: ElapsedTimer@@$?elapsed@Variant@@$?property@?qt_subtract_from_timeout@@?start@Object@@
String ID: Socket operation timed out$_q_networksession
API String ID: 2506561869-1174360909
Opcode ID: fd903e0b572153d2b81339b0b1c725914bd444621ef3ef56afb4a5bbe2a4c517
Instruction ID: 5a0fe6ec301a4c1461ceb53e73a546bb93ebb6a419a44e353866eb88bdef1f0e
Opcode Fuzzy Hash: fd903e0b572153d2b81339b0b1c725914bd444621ef3ef56afb4a5bbe2a4c517
Instruction Fuzzy Hash: EBD15B32B08A82AAEB50DB64D470BFD3369BB40758F444176DA2D57ED9EF38E54AC340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66C3830 Relevance: 24.1, APIs: 16, Instructions: 82COMMON

Download Yara Rule

APIs

??0QBasicMutex@@QEAA@XZ.QT5CORE(?,?,?,?,00000000,00007FFDF66C29EB), ref: 00007FFDF66C3845
?scheme@QUrl@@QEBA?AVQString@@XZ.QT5CORE(?,?,?,?,00000000,00007FFDF66C29EB), ref: 00007FFDF66C3861
?setScheme@QUrl@@QEAAXAEBVQString@@@Z.QT5CORE(?,?,?,?,00000000,00007FFDF66C29EB), ref: 00007FFDF66C386D
??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,00000000,00007FFDF66C29EB), ref: 00007FFDF66C3878
??1QUrl@@QEAA@XZ.QT5CORE(?,?,?,?,00000000,00007FFDF66C29EB), ref: 00007FFDF66C3883
?authority@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z.QT5CORE(?,?,?,?,00000000,00007FFDF66C29EB), ref: 00007FFDF66C38A5
?setAuthority@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE(?,?,?,?,00000000,00007FFDF66C29EB), ref: 00007FFDF66C38B4
??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,00000000,00007FFDF66C29EB), ref: 00007FFDF66C38BF
??1QUrl@@QEAA@XZ.QT5CORE(?,?,?,?,00000000,00007FFDF66C29EB), ref: 00007FFDF66C38CA

Part of subcall function 00007FFDF66D73C0: ??0QUrl@@QEAA@AEBV0@@Z.QT5CORE(?,?,00000000,00007FFDF66BCED6), ref: 00007FFDF66D73FB
Part of subcall function 00007FFDF66D73C0: ?path@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z.QT5CORE(?,?,00000000,00007FFDF66BCED6), ref: 00007FFDF66D7411
Part of subcall function 00007FFDF66D73C0: ?isEmpty@QString@@QEBA_NXZ.QT5CORE(?,?,00000000,00007FFDF66BCED6), ref: 00007FFDF66D741A
Part of subcall function 00007FFDF66D73C0: ??1QString@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFDF66BCED6), ref: 00007FFDF66D7428
Part of subcall function 00007FFDF66D73C0: ?setPath@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE(?,?,00000000,00007FFDF66BCED6), ref: 00007FFDF66D7456
Part of subcall function 00007FFDF66D73C0: ??1QString@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFDF66BCED6), ref: 00007FFDF66D7461
Part of subcall function 00007FFDF66D73C0: ?toEncoded@QUrl@@QEBA?AVQByteArray@@V?$QUrlTwoFlags@W4UrlFormattingOption@QUrl@@W4ComponentFormattingOption@2@@@@Z.QT5CORE(?,?,00000000,00007FFDF66BCED6), ref: 00007FFDF66D7478
Part of subcall function 00007FFDF66D73C0: ??1QUrl@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFDF66BCED6), ref: 00007FFDF66D7483

?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,00000000,00007FFDF66C29EB), ref: 00007FFDF66C38E6
?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,?,00000000,00007FFDF66C29EB), ref: 00007FFDF66C38F1
?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,?,00000000,00007FFDF66C29EB), ref: 00007FFDF66C391A
??0QString@@QEAA@VQLatin1String@@@Z.QT5CORE(?,?,?,?,00000000,00007FFDF66C29EB), ref: 00007FFDF66C393A
?setPath@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE(?,?,?,?,00000000,00007FFDF66C29EB), ref: 00007FFDF66C394E
??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,00000000,00007FFDF66C29EB), ref: 00007FFDF66C3959
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,00000000,00007FFDF66C29EB), ref: 00007FFDF66C3964

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Url@@$?setFormatting$ComponentFlags@Mode@1@@Option@Parsing$?constArray@@ByteChar@@Data@Path@String@@@Url@@@@@$?authority@?path@?scheme@?size@Authority@BasicEmpty@Encoded@Latin1Mutex@@Option@2@@@@Scheme@V0@@
String ID:
API String ID: 2195264724-0
Opcode ID: 0cd64a59c2f0f74f5c35b6d1dc0dbb9947f2c86dd78968ead128553242ba7e7c
Instruction ID: 9da419f9b13c09c124187f427275164ba08a8c86c517e099572b46038c27037f
Opcode Fuzzy Hash: 0cd64a59c2f0f74f5c35b6d1dc0dbb9947f2c86dd78968ead128553242ba7e7c
Instruction Fuzzy Hash: 96318F25B0CA4282EB109B15E47442D7375FF89B81B404275DA9E03FA8EF2DD94ACB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66C781A Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 62timeCOMMON

Download Yara Rule

APIs

??0QChar@@QEAA@UQLatin1Char@@@Z.QT5CORE ref: 00007FFDF66C7820
?translate@QCoreApplication@@SA?AVQString@@PEBD00H@Z.QT5CORE ref: 00007FFDF66C785A
?arg@QString@@QEBA?AV1@AEBV1@HVQChar@@@Z.QT5CORE ref: 00007FFDF66C7875
??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF66C7881
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66C788B
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66C7895
?translate@QCoreApplication@@SA?AVQString@@PEBD00H@Z.QT5CORE ref: 00007FFDF66C78C4
?arg@QString@@QEBA?AV1@AEBV1@HVQChar@@@Z.QT5CORE ref: 00007FFDF66C78E0
??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF66C78EC
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66C78F6
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66C79B1

Part of subcall function 00007FFDF6711CA0: ?isEmpty@QString@@QEBA_NXZ.QT5CORE ref: 00007FFDF6711CC0
Part of subcall function 00007FFDF6711CA0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF6711CD7

Strings

QHttp, xrefs: 00007FFDF66C784F, 00007FFDF66C78B9
Host %1 not found, xrefs: 00007FFDF66C7845, 00007FFDF66C78AF

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Char@@@V0@@$?arg@?translate@Application@@CoreDateTime@@V0@$$$Array@@ByteChar@@Empty@Latin1
String ID: Host %1 not found$QHttp
API String ID: 2795233775-221119264
Opcode ID: 45eaf6dbf5d154ed008c5bb623107ea4957b4c1aa8957dd0cacf6d80c5c54b45
Instruction ID: 32cf0c5d2bb318588feb13a54069c8a08f05906fedda6da54d75611377909883
Opcode Fuzzy Hash: 45eaf6dbf5d154ed008c5bb623107ea4957b4c1aa8957dd0cacf6d80c5c54b45
Instruction Fuzzy Hash: D5214622B08A1295EB108F65E8749B83774FF44B99B401272DA2D13EE8FF3CD64AC744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6693460 Relevance: 21.1, APIs: 14, Instructions: 128COMMON

Download Yara Rule

APIs

?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66934A4
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE ref: 00007FFDF66934BB
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66934C7
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66934D9

Part of subcall function 00007FFDF6687480: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00007FFDF668324E,?,?,00000100,00007FFDF66939B7,?,?,?,00007FFDF6692CC4,?,?,00000000), ref: 00007FFDF66874C7
Part of subcall function 00007FFDF6687480: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00007FFDF668324E,?,?,00000100,00007FFDF66939B7,?,?,?,00007FFDF6692CC4,?,?,00000000), ref: 00007FFDF66874D5

?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66934FC
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF6693508
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF669353A
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF6693548
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF6693594
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66935B6
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66935C4

Part of subcall function 00007FFDF6759290: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDF668328F), ref: 00007FFDF67592AA

?append@QListData@@QEAAPEAPEAXXZ.QT5CORE(?,?,?,?,?,00000000,00007FFDF669663A,?,?,?,?,?,?,?,?,00000000), ref: 00007FFDF66935E5
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF6694428
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF6694436

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Array@@ByteData@@ListV0@@$?begin@$?append@?detach_grow@?end@Data@1@malloc
String ID:
API String ID: 724226085-0
Opcode ID: 78a164494fe4bcb87a644bdd67d487684fed99e45ff826bb727d26a8ec08ff0c
Instruction ID: b6e0dc490ba5fc9394ee58486d5344dd12aed2d79ee5e101783a1f2430cbe12f
Opcode Fuzzy Hash: 78a164494fe4bcb87a644bdd67d487684fed99e45ff826bb727d26a8ec08ff0c
Instruction Fuzzy Hash: 34516D32708A8682DB009B12E86456AB368FB84FD4F444576DE6D47FACDF7CD596CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D41630 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 64windowCOMMON

Download Yara Rule

APIs

?device@QImageIOHandler@@QEBAPEAVQIODevice@@XZ.QT5GUI ref: 00007FFDF5D41643
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FFDF5D4165B
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF5D4166B
?peek@QIODevice@@QEAA?AVQByteArray@@_J@Z.QT5CORE ref: 00007FFDF5D4168C
?startsWith@QByteArray@@QEBA_NPEBD@Z.QT5CORE ref: 00007FFDF5D4169E
?endsWith@QByteArray@@QEBA_NPEBD@Z.QT5CORE ref: 00007FFDF5D416B4
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF5D416CB
?setFormat@QImageIOHandler@@QEBAXAEBVQByteArray@@@Z.QT5GUI ref: 00007FFDF5D416FC
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF5D41707

Strings

WEBP, xrefs: 00007FFDF5D416A8
QWebpHandler::canRead() called with no device, xrefs: 00007FFDF5D41664
RIFF, xrefs: 00007FFDF5D41692

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID: Byte$Array@@$Device@@Handler@@ImageLogger@@MessageWith@$?device@?ends?peek@?set?starts?warning@Array@@@Array@@_Format@
String ID: QWebpHandler::canRead() called with no device$RIFF$WEBP
API String ID: 4149987770-97849969
Opcode ID: 82b2134fd389eb788f26b41c6ab4919cfe8b9d93f688e279e544d08e78a84ba0
Instruction ID: f75d1111278f5da6e1faf47a237d457fee5d4ebba46f2518f882b1cf6cb35726
Opcode Fuzzy Hash: 82b2134fd389eb788f26b41c6ab4919cfe8b9d93f688e279e544d08e78a84ba0
Instruction Fuzzy Hash: 18214162B0B64A92EF109F64ED24B7963A1FB51F58F440131C56D076ECEF6CD54ACB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF668D6C0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 56windowCOMMON

Download Yara Rule

APIs

?isOpen@QIODevice@@QEBA_NXZ.QT5CORE ref: 00007FFDF66995AC
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FFDF66995D1
?critical@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF66995E1
?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF6699624
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF669962F
?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF669965F
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF669966A

Strings

2readChannelFinished(), xrefs: 00007FFDF669964B
1_q_copyReadyRead(), xrefs: 00007FFDF66995F7
2readyRead(), xrefs: 00007FFDF6699606
QNetworkReplyImpl: copy from QIODevice already in progress -- backend probly needs to be fixed, xrefs: 00007FFDF66995DA
1_q_copyReadChannelFinished(), xrefs: 00007FFDF669963C

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Object@@$Connection@Meta$?connect@ConnectionLogger@@MessageQt@@@Type@$?critical@Device@@Open@
String ID: 1_q_copyReadChannelFinished()$1_q_copyReadyRead()$2readChannelFinished()$2readyRead()$QNetworkReplyImpl: copy from QIODevice already in progress -- backend probly needs to be fixed
API String ID: 460977959-2229069138
Opcode ID: bf819eea966a306043aba308b9c2a8e483b768d43e69c59bf8b0effabbc5a477
Instruction ID: a75b932156ade61fb95a830d8e39847c597b17b422922c85677dc5c0cd2728a2
Opcode Fuzzy Hash: bf819eea966a306043aba308b9c2a8e483b768d43e69c59bf8b0effabbc5a477
Instruction Fuzzy Hash: 80211E76B18B4681EB50CF15F460AA97369FB88B84F440275DA5D07EACDF3CE54ACB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66F9760 Relevance: 19.6, APIs: 13, Instructions: 69COMMON

Download Yara Rule

APIs

??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,00007FFDF66AAD64), ref: 00007FFDF66F9770
?toString@QIPAddressUtils@@YAXAEAVQString@@QEAE@Z.QT5CORE(?,?,?,?,00007FFDF66AAD64), ref: 00007FFDF66F9796
?isEmpty@QString@@QEBA_NXZ.QT5CORE(?,?,?,?,00007FFDF66AAD64), ref: 00007FFDF66F97A3
?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,00007FFDF66AAD64), ref: 00007FFDF66F97C5
??0QString@@QEAA@HW4Initialization@Qt@@@Z.QT5CORE(?,?,?,?,00007FFDF66AAD64), ref: 00007FFDF66F97D6
?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,?,00007FFDF66AAD64), ref: 00007FFDF66F97E1
??0QChar@@QEAA@UQLatin1Char@@@Z.QT5CORE(?,?,?,?,00007FFDF66AAD64), ref: 00007FFDF66F97F1
?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,00007FFDF66AAD64), ref: 00007FFDF66F9802
?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,?,00007FFDF66AAD64), ref: 00007FFDF66F9811
memcpy.VCRUNTIME140(?,?,?,?,00007FFDF66AAD64), ref: 00007FFDF66F9821
?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE(?,?,?,?,00007FFDF66AAD64), ref: 00007FFDF66F982E
??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,00007FFDF66AAD64), ref: 00007FFDF66F9839
?toString@QIPAddressUtils@@YAXAEAVQString@@I@Z.QT5CORE(?,?,?,?,00007FFDF66AAD64), ref: 00007FFDF66F9859

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Char@@$?const?size@AddressData@String@Utils@@$?append@Char@@@Empty@Initialization@Latin1Qt@@@V1@@memcpy
String ID:
API String ID: 2572024655-0
Opcode ID: 99a09543e94087cd81ea9d41cd69a14d52a7d09120ad25f3a411daec02ec8075
Instruction ID: 79d978aa0d52bf412b96aa0f3d3dd8c1f24576ec5e33b588fedff5a3b4e50352
Opcode Fuzzy Hash: 99a09543e94087cd81ea9d41cd69a14d52a7d09120ad25f3a411daec02ec8075
Instruction Fuzzy Hash: 60214F22B0865686DB009F15E8749787375FF89BD5B444171CE5E03F98FE3CD98A8700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66B5820 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 116windowCOMMON

Download Yara Rule

APIs

??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00000000,?,00007FFDF66B31B3), ref: 00007FFDF66B584E
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,00000000,?,00007FFDF66B31B3), ref: 00007FFDF66B585F
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,00000000,?,00007FFDF66B31B3), ref: 00007FFDF66B586D
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00000000,?,00007FFDF66B31B3), ref: 00007FFDF66B587B

Part of subcall function 00007FFDF66B5EA0: ??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF66B5F45
Part of subcall function 00007FFDF66B5EA0: ??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF66B5F5B
Part of subcall function 00007FFDF66B5EA0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66B5F6D
Part of subcall function 00007FFDF66B5EA0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66B5F7F
Part of subcall function 00007FFDF66B5EA0: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66B5F8A
Part of subcall function 00007FFDF66B5EA0: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66B5F95
Part of subcall function 00007FFDF66B5EA0: ??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF66B5FAB
Part of subcall function 00007FFDF66B5EA0: ??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF66B5FC1
Part of subcall function 00007FFDF66B5EA0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66B5FD3
Part of subcall function 00007FFDF66B5EA0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66B5FE5
Part of subcall function 00007FFDF66B5EA0: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66B5FF0
Part of subcall function 00007FFDF66B5EA0: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66B5FFB
Part of subcall function 00007FFDF66B5EA0: ??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF66B6011
Part of subcall function 00007FFDF66B5EA0: ??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF66B6027
Part of subcall function 00007FFDF66B5EA0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66B6039
Part of subcall function 00007FFDF66B5EA0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66B604B
Part of subcall function 00007FFDF66B5EA0: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66B6056
Part of subcall function 00007FFDF66B5EA0: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66B6061
Part of subcall function 00007FFDF66B5EA0: ??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF66B6077
Part of subcall function 00007FFDF66B5EA0: ??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF66B608D
Part of subcall function 00007FFDF66B5EA0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66B609F
Part of subcall function 00007FFDF66B5EA0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66B60B1
Part of subcall function 00007FFDF66B5EA0: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66B60BC
Part of subcall function 00007FFDF66B5EA0: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66B60C7
Part of subcall function 00007FFDF66B5EA0: ??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF66B60DD
Part of subcall function 00007FFDF66B5EA0: ??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF66B60F3
Part of subcall function 00007FFDF66B5EA0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66B6105
Part of subcall function 00007FFDF66B5EA0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66B6117
Part of subcall function 00007FFDF66B5EA0: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66B6122
Part of subcall function 00007FFDF66B5EA0: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66B612D
Part of subcall function 00007FFDF66B5EA0: ??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFDF66B6142

?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,00000000,?,00007FFDF66B31B3), ref: 00007FFDF66B589F
??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE(?,?,?,?,?,?,?,00000000,?,00007FFDF66B31B3), ref: 00007FFDF66B5929
?critical@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,00000000,?,00007FFDF66B31B3), ref: 00007FFDF66B5939
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00000000,?,00007FFDF66B31B3), ref: 00007FFDF66B5947
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00000000,?,00007FFDF66B31B3), ref: 00007FFDF66B5952

Part of subcall function 00007FFDF66B4120: ?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF66B418B
Part of subcall function 00007FFDF66B4120: ?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF66B4196
Part of subcall function 00007FFDF66B4120: ?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFDF66B41AB
Part of subcall function 00007FFDF66B4120: ?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFDF66B41B7
Part of subcall function 00007FFDF66B4120: memcmp.VCRUNTIME140 ref: 00007FFDF66B41C6
Part of subcall function 00007FFDF66B4120: ?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF66B41D4
Part of subcall function 00007FFDF66B4120: ?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF66B41DF
Part of subcall function 00007FFDF66B4120: ?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF66B41FC
Part of subcall function 00007FFDF66B4120: ?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF66B4208
Part of subcall function 00007FFDF66B4120: ?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFDF66B421D
Part of subcall function 00007FFDF66B4120: ?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFDF66B422A
Part of subcall function 00007FFDF66B4120: memcmp.VCRUNTIME140 ref: 00007FFDF66B4239
Part of subcall function 00007FFDF66B4120: ?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF66B4248
Part of subcall function 00007FFDF66B4120: ?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF66B4253

Strings

lookup in dynamic table requires search index enabled, xrefs: 00007FFDF66B5932
accept, xrefs: 00007FFDF66B5886

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Array@@Byte$String@@$V0@@$?size@$?constChar@@Data@$Logger@@Messagememcmp$?critical@?qstrcmp@@
String ID: accept$lookup in dynamic table requires search index enabled
API String ID: 767616139-4055155769
Opcode ID: 81010d0f849b4e747ee17f9bc22b76f8c85209bdedb56ba6fc563d2811948fc8
Instruction ID: 9eeab016878e0feca7c6156150a1cf722d31c3445659d03756a22aeb1ed327e5
Opcode Fuzzy Hash: 81010d0f849b4e747ee17f9bc22b76f8c85209bdedb56ba6fc563d2811948fc8
Instruction Fuzzy Hash: 2C517362B08A82D2EB60DF21E4609E973A5FB44794F444171DBAD43E9DDF3CD555CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6699690 Relevance: 18.1, APIs: 12, Instructions: 104timeCOMMON

Download Yara Rule

APIs

??0QVariant@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF6699709
??0QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF6699716
?toLongLong@QVariant@@QEBA_JPEA_N@Z.QT5CORE ref: 00007FFDF669972D
??0QVariant@@QEAA@_J@Z.QT5CORE ref: 00007FFDF6699742
??4QVariant@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF6699752
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF669975D
?readyRead@QIODevice@@QEAAXXZ.QT5CORE ref: 00007FFDF669976D
?elapsed@QElapsedTimer@@QEBA_JXZ.QT5CORE ref: 00007FFDF669977A
?restart@QElapsedTimer@@QEAA_JXZ.QT5CORE ref: 00007FFDF6699793
?isNull@QVariant@@QEBA_NXZ.QT5CORE ref: 00007FFDF669979E
?toLongLong@QVariant@@QEBA_JPEA_N@Z.QT5CORE ref: 00007FFDF66997B5
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF6699816

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Variant@@$ElapsedLongLong@Timer@@V0@@$?elapsed@?ready?restart@Device@@Null@Read@V0@$$
String ID:
API String ID: 486414557-0
Opcode ID: ccf8897b887699e56f6b68fe2fb8467f6e612a5e07618a6444b4b4f41319178c
Instruction ID: 3cfdca9844662d1453bb41a7c890f279b48c50e71b14a2de356e065380cfb35c
Opcode Fuzzy Hash: ccf8897b887699e56f6b68fe2fb8467f6e612a5e07618a6444b4b4f41319178c
Instruction Fuzzy Hash: 0F416E32B18A8282EB54CB15D474AB93365FB84B98F484275D92E07EEDEE3CE945C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66E96D0 Relevance: 18.1, APIs: 12, Instructions: 76timeCOMMON

Download Yara Rule

APIs

?isEmpty@QString@@QEBA_NXZ.QT5CORE(?,?,?,?,00007FFDF66E84E1), ref: 00007FFDF66E96E1
?isEmpty@QListData@@QEBA_NXZ.QT5CORE(?,?,?,?,00007FFDF66E84E1), ref: 00007FFDF66E96F2
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,00007FFDF66E84E1), ref: 00007FFDF66E9735
?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,00007FFDF66E84E1), ref: 00007FFDF66E9745
?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,?,00007FFDF66E84E1), ref: 00007FFDF66E9752
??0QByteArray@@QEAA@PEBDH@Z.QT5CORE(?,?,?,?,00007FFDF66E84E1), ref: 00007FFDF66E9764
??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE(?,?,?,?,00007FFDF66E84E1), ref: 00007FFDF66E9770
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,00007FFDF66E84E1), ref: 00007FFDF66E977B

Part of subcall function 00007FFDF6699A30: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,00007FFDF66E4757), ref: 00007FFDF6699A4F
Part of subcall function 00007FFDF6699A30: ?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE(?,?,?,00007FFDF66E4757), ref: 00007FFDF6699A5D
Part of subcall function 00007FFDF6699A30: ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,00007FFDF66E4757), ref: 00007FFDF6699A69
Part of subcall function 00007FFDF6699A30: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,00007FFDF66E4757), ref: 00007FFDF6699A75
Part of subcall function 00007FFDF6699A30: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00007FFDF66E4757), ref: 00007FFDF6699A97
Part of subcall function 00007FFDF6699A30: ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF66E4757), ref: 00007FFDF6699AE7
Part of subcall function 00007FFDF6699A30: ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,00007FFDF66E4757), ref: 00007FFDF6699AF5

??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,00007FFDF66E84E1), ref: 00007FFDF66E97B6
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,00007FFDF66E84E1), ref: 00007FFDF66E97C6
?prepend@QListData@@QEAAPEAPEAXXZ.QT5CORE(?,?,?,?,00007FFDF66E84E1), ref: 00007FFDF66E97CF
?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,00007FFDF66E84E1), ref: 00007FFDF66E97E0

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Data@@List$Array@@Byte$String@@V0@@$?begin@$?size@Empty@$?const?detach@?dispose@?end@?prepend@Char@@Data@Data@1@Data@1@@DateTime@@V0@$$
String ID:
API String ID: 2846168812-0
Opcode ID: f2a2759653aa60ef6e179a35ce14904f6edc979a524d1efb4cec01342d3177ad
Instruction ID: 05f584a76973b7d114b399b3430ade11f3651f2c3435be5b72b3c0d950b30b46
Opcode Fuzzy Hash: f2a2759653aa60ef6e179a35ce14904f6edc979a524d1efb4cec01342d3177ad
Instruction Fuzzy Hash: F7311A26B08A4286EB04DF12E474A697369FF89F80F444275CE5E03F98EF7CE8468704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF60CFCFE50 Relevance: 18.1, APIs: 12, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF60CFCE310: ??0QByteArray@@QEAA@XZ.QT5CORE ref: 00007FF60CFCE339
Part of subcall function 00007FF60CFCE310: ?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFCE352
Part of subcall function 00007FF60CFCE310: ?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z.QT5CORE ref: 00007FF60CFCE392
Part of subcall function 00007FF60CFCE310: ??0QChar@@QEAA@UQLatin1Char@@@Z.QT5CORE ref: 00007FF60CFCE3A2
Part of subcall function 00007FF60CFCE310: ?arg@QString@@QEBA?AV1@HHHVQChar@@@Z.QT5CORE ref: 00007FF60CFCE3C6
Part of subcall function 00007FF60CFCE310: ??0QChar@@QEAA@UQLatin1Char@@@Z.QT5CORE ref: 00007FF60CFCE3D5
Part of subcall function 00007FF60CFCE310: ?arg@QString@@QEBA?AV1@HHHVQChar@@@Z.QT5CORE ref: 00007FF60CFCE3F8
Part of subcall function 00007FF60CFCE310: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF60CFCE409
Part of subcall function 00007FF60CFCE310: ?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FF60CFCE41E
Part of subcall function 00007FF60CFCE310: ?append@QString@@QEAAAEAV1@AEBV1@@Z.QT5CORE ref: 00007FF60CFCE42B
Part of subcall function 00007FF60CFCE310: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFCE43D
Part of subcall function 00007FF60CFCE310: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFCE448
Part of subcall function 00007FF60CFCE310: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFCE453
Part of subcall function 00007FF60CFCE310: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFCE45E
Part of subcall function 00007FF60CFCE310: ??4QString@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FF60CFCE46A
Part of subcall function 00007FF60CFCE310: ??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FF60CFCE487
Part of subcall function 00007FF60CFCE310: ?debug@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE ref: 00007FF60CFCE494
Part of subcall function 00007FF60CFCE310: ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FF60CFCE4A5

?count@QComboBox@@QEBAHXZ.QT5WIDGETS ref: 00007FF60CFCFE75
?itemData@QComboBox@@QEBA?AVQVariant@@HH@Z.QT5WIDGETS ref: 00007FF60CFCFE96
?toString@QVariant@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FF60CFCFEA5
??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FF60CFCFEB1
??8@YA_NAEBVQString@@0@Z.QT5CORE ref: 00007FF60CFCFEC1
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFCFED0
?count@QComboBox@@QEBAHXZ.QT5WIDGETS ref: 00007FF60CFCFEE0
?currentIndex@QComboBox@@QEBAHXZ.QT5WIDGETS ref: 00007FF60CFCFEF2
?setCurrentIndex@QComboBox@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60CFCFF10
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFCFF1C
?setCurrentIndex@QComboBox@@QEAAXH@Z.QT5WIDGETS ref: 00007FF60CFCFF3B
??1QString@@QEAA@XZ.QT5CORE ref: 00007FF60CFCFF4A

Memory Dump Source

Source File: 0000000F.00000002.3088052427.00007FF60CFC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF60CFC0000, based on PE: true

Associated: 0000000F.00000002.3088035517.00007FF60CFC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088110305.00007FF60D086000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088157309.00007FF60D101000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088175807.00007FF60D104000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088193777.00007FF60D108000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088211068.00007FF60D10B000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff60cfc0000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Box@@Combo$Char@@@$Data@Index@Variant@@$?append@?arg@?count@?from?setArrayArray@@Ascii_helper@ByteChar@@CurrentDebug@@Latin1Logger@@MessageTypedV1@@$??8@?current?debug@?itemString@String@@0@V0@@
String ID:
API String ID: 2205253895-0
Opcode ID: 18002b4e69e142db51e53f58c36ed4a07987c2148beb647c35cbdc273d42dd6b
Instruction ID: 9f75c1f09d91843b0cd7b8621f2d1cd01f0df9fc392cfaa7304426687812fc9a
Opcode Fuzzy Hash: 18002b4e69e142db51e53f58c36ed4a07987c2148beb647c35cbdc273d42dd6b
Instruction Fuzzy Hash: 25315C22B18A4192EB04DF25E99016D6321FFC5B84FB45131CB8FC3A64EFADE85AC705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66C77C0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 59timeCOMMON

Download Yara Rule

APIs

??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,00000000,?,?,00007FFDF66C7557), ref: 00007FFDF66C77E4
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,?,?,?,00000000,?,?,00007FFDF66C7557), ref: 00007FFDF66C7964
?translate@QCoreApplication@@SA?AVQString@@PEBD00H@Z.QT5CORE ref: 00007FFDF66C799B
??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF66C79A7
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66C79B1

Strings

Proxy requires authentication, xrefs: 00007FFDF66C7942
QHttp, xrefs: 00007FFDF66C7985
Unknown protocol specified, xrefs: 00007FFDF66C7975
Host requires authentication, xrefs: 00007FFDF66C797E
Data corrupted, xrefs: 00007FFDF66C796C

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$V0@@$?translate@Application@@CoreDateTime@@V0@$$
String ID: Data corrupted$Host requires authentication$Proxy requires authentication$QHttp$Unknown protocol specified
API String ID: 259000012-610499893
Opcode ID: fb468a569c41d31fc4fa4723047463644df9c5b607374e03756cb296cedc6f1c
Instruction ID: a0616109440cb7027cde8230af8aede664192b1b232187a82040636924343269
Opcode Fuzzy Hash: fb468a569c41d31fc4fa4723047463644df9c5b607374e03756cb296cedc6f1c
Instruction Fuzzy Hash: 64218061B0CA52D5E7249B25E8748B83B28FF46B95F444272DA2D02EECDF3CE946C744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF672B790 Relevance: 16.6, APIs: 11, Instructions: 113COMMON

Download Yara Rule

APIs

?qstrcmp@@YAHAEBVQByteArray@@0@Z.QT5CORE ref: 00007FFDF672B7E7
?qstrcmp@@YAHAEBVQByteArray@@0@Z.QT5CORE ref: 00007FFDF672B80F
??0QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF672B834
?qstrcmp@@YAHAEBVQByteArray@@0@Z.QT5CORE ref: 00007FFDF672B86A
?qstrcmp@@YAHAEBVQByteArray@@0@Z.QT5CORE ref: 00007FFDF672B898
??4QVariant@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF672B8A9
?createNode@QMapDataBase@@QEAAPEAUQMapNodeBase@@HHPEAU2@_N@Z.QT5CORE ref: 00007FFDF672B8C6
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF672B8D6
??0QVariant@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF672B8E3

Part of subcall function 00007FFDF672AF50: ??0QSharedData@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF672B5C3,00000000,?,?,00007FFDF66CD147), ref: 00007FFDF672AF78
Part of subcall function 00007FFDF672AF50: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00007FFDF672B5C3,00000000,?,?,00007FFDF66CD147), ref: 00007FFDF672B034
Part of subcall function 00007FFDF672AF50: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00007FFDF672B5C3,00000000,?,?,00007FFDF66CD147), ref: 00007FFDF672B067
Part of subcall function 00007FFDF672AF50: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00007FFDF672B5C3,00000000,?,?,00007FFDF66CD147), ref: 00007FFDF672B08E

??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFDF672B8EE
??4QVariant@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF672B90D

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Byte$V0@@$Variant@@$?qstrcmp@@Array@@Array@@0@$Base@@$?createDataData@@NodeNode@SharedU2@_
String ID:
API String ID: 1989383768-0
Opcode ID: 69c36f0a6d4988efcc5e4ee65f5875e79ce4f9416a11dc8f8413990f262d5730
Instruction ID: 07bf2ebd418983ebdce21d68a3836d3bad54cd749050f32756b8c992f0fcbdf1
Opcode Fuzzy Hash: 69c36f0a6d4988efcc5e4ee65f5875e79ce4f9416a11dc8f8413990f262d5730
Instruction Fuzzy Hash: F5415166B08A4682EB049F22D474A697368FB59F88F494031CF6D47F98EF3CE456CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF67156E0 Relevance: 16.6, APIs: 11, Instructions: 85COMMON

Download Yara Rule

APIs

?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF671571A
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE ref: 00007FFDF6715731
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF671573D
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF671574F
memcpy.VCRUNTIME140 ref: 00007FFDF6715774
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF6715785
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF6715791
memcpy.VCRUNTIME140 ref: 00007FFDF67157BF
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF67157E8
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF67157F1
?append@QListData@@QEAAPEAPEAXXZ.QT5CORE ref: 00007FFDF671580C

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Data@@List$?begin@$memcpy$?append@?detach_grow@?dispose@?end@Data@1@Data@1@@
String ID:
API String ID: 966379029-0
Opcode ID: 264cc267f2103d9f1a9ab639b41686b7f5ff285a9dea238f236c2a04e645529f
Instruction ID: 210b133322879b7c749196bce36451440a009045dcd8191cb4652fb6a3ab8704
Opcode Fuzzy Hash: 264cc267f2103d9f1a9ab639b41686b7f5ff285a9dea238f236c2a04e645529f
Instruction Fuzzy Hash: 24314C26B19A4692DB148B15A8746787369FB85BA1F544232CE6D43FE8DF3CD846C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D41590 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 37windowCOMMON

Download Yara Rule

APIs

??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE(?,?,?,?,?,?,?,?,00007FFDF5D410C6), ref: 00007FFDF5D415A6
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,00007FFDF5D410C6), ref: 00007FFDF5D415B6
?peek@QIODevice@@QEAA?AVQByteArray@@_J@Z.QT5CORE(?,?,?,?,?,?,?,?,00007FFDF5D410C6), ref: 00007FFDF5D415D3
?startsWith@QByteArray@@QEBA_NPEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,00007FFDF5D410C6), ref: 00007FFDF5D415E5
?endsWith@QByteArray@@QEBA_NPEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,00007FFDF5D410C6), ref: 00007FFDF5D415FB
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00007FFDF5D410C6), ref: 00007FFDF5D41610

Strings

WEBP, xrefs: 00007FFDF5D415EF
QWebpHandler::canRead() called with no device, xrefs: 00007FFDF5D415AF
RIFF, xrefs: 00007FFDF5D415D9

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID: Byte$Array@@$Logger@@MessageWith@$?ends?peek@?starts?warning@Array@@_Device@@
String ID: QWebpHandler::canRead() called with no device$RIFF$WEBP
API String ID: 1375363764-97849969
Opcode ID: 12a5c691402833975b1edc10e62f66381e7739370b61e5c65c232bbea82d361f
Instruction ID: ee26d87992d731675ff349713818979360aeb8a2c98764e54e286579c863cb47
Opcode Fuzzy Hash: 12a5c691402833975b1edc10e62f66381e7739370b61e5c65c232bbea82d361f
Instruction Fuzzy Hash: 81012D61B1AA4A92EF10EF64ED60BA96361BF92F49F841032D66D075ACDE6CD50DC700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66C5850 Relevance: 15.2, APIs: 10, Instructions: 152timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF6759290: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDF668328F), ref: 00007FFDF67592AA

??0QObjectPrivate@@QEAA@H@Z.QT5CORE ref: 00007FFDF66C5889
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66C58A7
??0QTimer@@QEAA@PEAVQObject@@@Z.QT5CORE ref: 00007FFDF66C58F5
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66C5900
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66C590E
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66C591C
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66C5949
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66C5954
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66C595F
??0QObject@@IEAA@AEAVQObjectPrivate@@PEAV0@@Z.QT5CORE ref: 00007FFDF66C5A24

Part of subcall function 00007FFDF66CBF40: ??0QObject@@QEAA@PEAV0@@Z.QT5CORE ref: 00007FFDF66CBF4F
Part of subcall function 00007FFDF66CBF40: ??0QBasicMutex@@QEAA@XZ.QT5CORE ref: 00007FFDF66CBF71
Part of subcall function 00007FFDF66CBF40: ??1QUrl@@QEAA@XZ.QT5CORE ref: 00007FFDF66CBF91
Part of subcall function 00007FFDF66CBF40: ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66CC026

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$V0@@$ObjectObject@@Private@@$Array@@BasicByteMutex@@Object@@@Timer@@Url@@malloc
String ID:
API String ID: 4192777407-0
Opcode ID: 4d8b203b589bb4c0ad0223d2e8e644eeec5b8a5a6494be324fb5bb74e6ad99b7
Instruction ID: 1a5ad818dd0217b583df3aea6ea1d719bb47874bbed84dccfb1f2d25b6723dbc
Opcode Fuzzy Hash: 4d8b203b589bb4c0ad0223d2e8e644eeec5b8a5a6494be324fb5bb74e6ad99b7
Instruction Fuzzy Hash: 4961B232709B9286DB50DF11E864BA973A8FB84B90F4A4135DA6E83B99FF3CD445C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF670F6D0 Relevance: 15.1, APIs: 10, Instructions: 144COMMON

Download Yara Rule

APIs

?isEmpty@QListData@@QEBA_NXZ.QT5CORE ref: 00007FFDF670F6E0
?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE ref: 00007FFDF670F741
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF670F74A
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF670F758
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF670F766
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF670F83A
?size@QListData@@QEBAHXZ.QT5CORE ref: 00007FFDF670F868
?append@QListData@@QEAAPEAPEAXAEBU1@@Z.QT5CORE ref: 00007FFDF670F886
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF670F892
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF670F89E

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Data@@List$?begin@$?end@$?append@?detach@?dispose@?size@Data@1@Data@1@@Empty@U1@@
String ID:
API String ID: 1538834070-0
Opcode ID: b8681489521fa6df2db8ff3b2fe58d358c0346b4f98507e0ac9cf7cbddc0b224
Instruction ID: d0df15e12020e791f1f4008870809ef1775089b352d0fac010f8f94796c60719
Opcode Fuzzy Hash: b8681489521fa6df2db8ff3b2fe58d358c0346b4f98507e0ac9cf7cbddc0b224
Instruction Fuzzy Hash: 9A518D22B09A8682EB14DB16A4706B97368FB85FD1F584136DE6D07FD8DF3CD8828710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF668B4A0 Relevance: 15.1, APIs: 10, Instructions: 94COMMON

Download Yara Rule

APIs

?qHash@@YAIAEBVQByteArray@@I@Z.QT5CORE ref: 00007FFDF668B4E4
?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF668B533
?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF668B53E
?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF668B54C
?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFDF668B558
?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFDF668B565
memcmp.VCRUNTIME140 ref: 00007FFDF668B574
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF668B595
?freeNode@QHashData@@QEAAXPEAX@Z.QT5CORE ref: 00007FFDF668B5A1
?hasShrunk@QHashData@@QEAAXXZ.QT5CORE ref: 00007FFDF668B5BC

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$?size@$?constArray@@ByteChar@@Data@Data@@Hash$?free?hasHash@@Node@Shrunk@memcmp
String ID:
API String ID: 3581844596-0
Opcode ID: 8f1d0ed32103232e9d9e7f28a6743fc338506fcf37204322fa95100e4bff45c1
Instruction ID: 35a45555227d53ee69f982d15100c0b86b71257a4353c3a4d147931b93d21730
Opcode Fuzzy Hash: 8f1d0ed32103232e9d9e7f28a6743fc338506fcf37204322fa95100e4bff45c1
Instruction Fuzzy Hash: FC414832718A4686DB10DF21E92452D7769FB89F89B844171DE5E43F98EF3CD845CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66F74D0 Relevance: 15.1, APIs: 10, Instructions: 57timeCOMMON

Download Yara Rule

APIs

?indexOf@QString@@QEBAHVQLatin1String@@HW4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FFDF66F7521
?clear@QString@@QEAAXXZ.QT5CORE ref: 00007FFDF66F7532
?left@QString@@QEBA?AV1@H@Z.QT5CORE ref: 00007FFDF66F7543
??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF66F7550
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66F755B
?mid@QString@@QEBA?AV1@HH@Z.QT5CORE ref: 00007FFDF66F7571
??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF66F757E
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66F7589

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$DateTime@@V0@$$V0@@$?clear@?index?left@?mid@CaseLatin1Qt@@@Sensitivity@
String ID:
API String ID: 2484421654-0
Opcode ID: b33861567d216a0799704be6887fed03b6de56fea2d02512575d33c3944972f3
Instruction ID: b6ae794eb2b4c302b74dcd5a5039c5679d028e2927ebadf72654b0b5407352c1
Opcode Fuzzy Hash: b33861567d216a0799704be6887fed03b6de56fea2d02512575d33c3944972f3
Instruction Fuzzy Hash: 35217176708A42C2DB109F24E8345697374FB85B58F540331CA6E02EA8EF3CD98AC744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66856B0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

??0QBasicMutex@@QEAA@XZ.QT5CORE ref: 00007FFDF66856CE
?setHost@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE ref: 00007FFDF66856E2
?setPort@QUrl@@QEAAXH@Z.QT5CORE ref: 00007FFDF66856EF
??0QString@@QEAA@VQLatin1String@@@Z.QT5CORE ref: 00007FFDF668571E
?setScheme@QUrl@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FFDF668572E
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6685739

Part of subcall function 00007FFDF6692C20: ??0QSharedData@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFDF6696996), ref: 00007FFDF6692C45
Part of subcall function 00007FFDF6692C20: ??0QBasicMutex@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFDF6696996), ref: 00007FFDF6692C80
Part of subcall function 00007FFDF6692C20: ??4QUrl@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,?,00000000), ref: 00007FFDF6692CCE

Part of subcall function 00007FFDF6687660: ?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z.QT5CORE ref: 00007FFDF6687684
Part of subcall function 00007FFDF6687660: ?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66876DD
Part of subcall function 00007FFDF6687660: ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66876E8
Part of subcall function 00007FFDF6687660: ?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF6687711
Part of subcall function 00007FFDF6687660: ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF668771C
Part of subcall function 00007FFDF6687660: ?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF6687745
Part of subcall function 00007FFDF6687660: ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF6687750
Part of subcall function 00007FFDF6687660: ?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF6687779
Part of subcall function 00007FFDF6687660: ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF6687784

??1QUrl@@QEAA@XZ.QT5CORE ref: 00007FFDF6685781

Strings

preconnect-http, xrefs: 00007FFDF66856FD

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Object@@$Connection@Meta$Url@@$?connect@ConnectionQt@@@Type@$?setString@@$BasicMutex@@SharedString@@@$?getCountData@Data@@ExternalHost@Latin1Mode@1@@Object@@@ParsingPointer@@Port@Ref@Scheme@U12@V0@@
String ID: preconnect-http
API String ID: 503967994-867629942
Opcode ID: 9358651ad1077d37ce3849a994ab2e5dae487c50de4870febe0fe844db220bc3
Instruction ID: fb52e0c123e92f4b1fc11b14400311ff19467fda8d745faf312a32d65697f14b
Opcode Fuzzy Hash: 9358651ad1077d37ce3849a994ab2e5dae487c50de4870febe0fe844db220bc3
Instruction Fuzzy Hash: 03216B7671CA8292DB00DB11F4608AAB325FB94794F405131EA9E43EACEF7CD54ACB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6723660 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

??0QDebugStateSaver@@QEAA@AEAVQDebug@@@Z.QT5CORE ref: 00007FFDF672367D
?resetFormat@QDebug@@QEAAAEAV1@XZ.QT5CORE ref: 00007FFDF6723686
??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF6723782
??6QDebug@@QEAAAEAV0@H@Z.QT5CORE ref: 00007FFDF672378D
??6QDebug@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FFDF6723798
??1QDebugStateSaver@@QEAA@XZ.QT5CORE ref: 00007FFDF67237AC
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF67237B5

Strings

QLocalSocket::SocketError(, xrefs: 00007FFDF6723778

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$DebugSaver@@State$?resetDebug@@@Format@
String ID: QLocalSocket::SocketError(
API String ID: 3506180795-2301656246
Opcode ID: 2334670426e07c6dcc8dfcf15347f911f8655201226ba44816f2a1d149dfa67c
Instruction ID: 1668484be5e2574a5d87a70303164d752c5173e8f1fae497a21d5af12fe84da8
Opcode Fuzzy Hash: 2334670426e07c6dcc8dfcf15347f911f8655201226ba44816f2a1d149dfa67c
Instruction Fuzzy Hash: E4111836B08A4282DB049F15E8646787379FB98B94F445075EA6E43FA8DF3CE846C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66BB7E0 Relevance: 13.6, APIs: 9, Instructions: 135COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FFDF66BB8D0
memcpy.VCRUNTIME140 ref: 00007FFDF66BB8E7
memset.VCRUNTIME140 ref: 00007FFDF66BB8FC
memcpy.VCRUNTIME140 ref: 00007FFDF66BB914
memcpy.VCRUNTIME140 ref: 00007FFDF66BB92D
memset.VCRUNTIME140 ref: 00007FFDF66BB93B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFDF66BB9B2

Part of subcall function 00007FFDF6759290: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDF668328F), ref: 00007FFDF67592AA

?_Xbad_alloc@std@@YAXXZ.MSVCP140 ref: 00007FFDF66BB9B9
?_Xbad_alloc@std@@YAXXZ.MSVCP140 ref: 00007FFDF66BB9BF

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: memcpy$Xbad_alloc@std@@memset$_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 3194922333-0
Opcode ID: 089ba6a1dfcff68f2a5856aff94affe473b4f2ed83dc5fd2c6de4d887766ad83
Instruction ID: 36b8169f46e0f498ff8b5552d9569b71acacbd3f6769b292f175ed6cc20328aa
Opcode Fuzzy Hash: 089ba6a1dfcff68f2a5856aff94affe473b4f2ed83dc5fd2c6de4d887766ad83
Instruction Fuzzy Hash: DE51C121B09B8691EF10DB65E4746B96758FB4ABE4F540A35EA7D07FCAEE3CE0418300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66CF720 Relevance: 12.1, APIs: 8, Instructions: 105COMMON

Download Yara Rule

APIs

?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66CF764
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE ref: 00007FFDF66CF77B
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66CF787
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66CF799
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66CF7BC
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66CF7C8
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66CF84D

Part of subcall function 00007FFDF6759290: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDF668328F), ref: 00007FFDF67592AA

?append@QListData@@QEAAPEAPEAXXZ.QT5CORE(?,?,?,?,00000000,?,00007FFDF66D26EC,?,?,00000000,00007FFDF66CFC2B), ref: 00007FFDF66CF897

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Data@@List$?begin@$?append@?detach_grow@?end@Data@1@malloc
String ID:
API String ID: 1110224875-0
Opcode ID: 39d77016dc73c2b84ef014bbb9c937d97b9b916b4fb48b744bfddb81d2952cf9
Instruction ID: 6710e90a07ac943b56ae796517e6aac16ed0c94d76617c403a428a8d34b7d069
Opcode Fuzzy Hash: 39d77016dc73c2b84ef014bbb9c937d97b9b916b4fb48b744bfddb81d2952cf9
Instruction Fuzzy Hash: B2418C32B09A8582DB10DB12E86096AB3A8FB85FE5B444536EE6D47FD8DF3CD551CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66BB4A0 Relevance: 12.1, APIs: 8, Instructions: 84COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF66BE240: ?createData@QMapDataBase@@SAPEAU1@XZ.QT5CORE(?,?,?,00007FFDF66BB4B3), ref: 00007FFDF66BE258
Part of subcall function 00007FFDF66BE240: ?setParent@QMapNodeBase@@QEAAXPEAU1@@Z.QT5CORE(?,?,?,00007FFDF66BB4B3), ref: 00007FFDF66BE280
Part of subcall function 00007FFDF66BE240: ?recalcMostLeftNode@QMapDataBase@@QEAAXXZ.QT5CORE(?,?,?,00007FFDF66BB4B3), ref: 00007FFDF66BE2AE

Part of subcall function 00007FFDF66BE680: ?qstrcmp@@YAHAEBVQByteArray@@0@Z.QT5CORE(?,?,?,00007FFDF66BB4BE), ref: 00007FFDF66BE6A7
Part of subcall function 00007FFDF66BE680: ?qstrcmp@@YAHAEBVQByteArray@@0@Z.QT5CORE(?,?,?,00007FFDF66BB4BE), ref: 00007FFDF66BE6CF

??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66BB4E5
?qstrcmp@@YAHAEBVQByteArray@@0@Z.QT5CORE ref: 00007FFDF66BB51A
?qstrcmp@@YAHAEBVQByteArray@@0@Z.QT5CORE ref: 00007FFDF66BB548
??4QByteArray@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF66BB559
?createNode@QMapDataBase@@QEAAPEAUQMapNodeBase@@HHPEAU2@_N@Z.QT5CORE ref: 00007FFDF66BB575
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66BB585
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66BB592
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66BB59D

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Byte$Base@@$?qstrcmp@@Array@@Array@@0@$DataV0@@$?createNodeNode@$?recalc?setData@LeftMostParent@String@@U1@@U2@_
String ID:
API String ID: 2025822657-0
Opcode ID: c11763c4345d192984f9f22cee0216a3c58b906a557b4428ecf3945c5f500c4b
Instruction ID: 2b7a8c90eb181e350b32e7a7a5bcacd63f6ce52c8364f117eb1b62e85c6f52e7
Opcode Fuzzy Hash: c11763c4345d192984f9f22cee0216a3c58b906a557b4428ecf3945c5f500c4b
Instruction Fuzzy Hash: EC314F76708A42C6DB108F12E46496A7368FB49FC4B484572DE5E07F98EF3DE446CB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF669F7E0 Relevance: 12.1, APIs: 8, Instructions: 78timeCOMMON

Download Yara Rule

APIs

??8QUrl@@QEBA_NAEBV0@@Z.QT5CORE(?,?,?,00007FFDF6683DE9), ref: 00007FFDF669F80C
??8QDateTime@@QEBA_NAEBV0@@Z.QT5CORE(?,?,?,00007FFDF6683DE9), ref: 00007FFDF669F822
??8QDateTime@@QEBA_NAEBV0@@Z.QT5CORE(?,?,?,00007FFDF6683DE9), ref: 00007FFDF669F838
?size@QListData@@QEBAHXZ.QT5CORE(?,?,?,00007FFDF6683DE9), ref: 00007FFDF669F858
?size@QListData@@QEBAHXZ.QT5CORE(?,?,?,00007FFDF6683DE9), ref: 00007FFDF669F864
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,00007FFDF6683DE9), ref: 00007FFDF669F872
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,00007FFDF6683DE9), ref: 00007FFDF669F87F
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,00007FFDF6683DE9), ref: 00007FFDF669F88C

Part of subcall function 00007FFDF668A570: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,00007FFDF6693192,?,?,?,00007FFDF6681409), ref: 00007FFDF668A585
Part of subcall function 00007FFDF668A570: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,00007FFDF6693192,?,?,?,00007FFDF6681409), ref: 00007FFDF668A590
Part of subcall function 00007FFDF668A570: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,00007FFDF6693192,?,?,?,00007FFDF6681409), ref: 00007FFDF668A5A2
Part of subcall function 00007FFDF668A570: ?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,00007FFDF6693192,?,?,?,00007FFDF6681409), ref: 00007FFDF668A5AE
Part of subcall function 00007FFDF668A570: ?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,00007FFDF6693192,?,?,?,00007FFDF6681409), ref: 00007FFDF668A5BA

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: ?size@Data@@ListString@@$V0@@$?begin@?constChar@@Data@DateTime@@$?end@Url@@
String ID:
API String ID: 425079827-0
Opcode ID: 6f475e5890b56868c748e45513cd081239d2e9461bd8c8a32d8e842f9d644aab
Instruction ID: f64d9525441ee0087cf1ca43f6062b0fe9bf04160bc0959e78ceda5c69f7a42e
Opcode Fuzzy Hash: 6f475e5890b56868c748e45513cd081239d2e9461bd8c8a32d8e842f9d644aab
Instruction Fuzzy Hash: AE315E22B08A42A2EB50DF12E5648A823B9FF55B88B4500B6DE5D07EDCEF3CD44AC700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66E9800 Relevance: 12.1, APIs: 8, Instructions: 75COMMON

Download Yara Rule

APIs

?read@QIODevice@@QEAA_JPEAD_J@Z.QT5CORE(?,?,?,00007FFDF66E6E6E), ref: 00007FFDF66E984E
??0QByteArray@@QEAA@PEBDH@Z.QT5CORE(?,?,?,00007FFDF66E6E6E), ref: 00007FFDF66E986D
?isEmpty@QString@@QEBA_NXZ.QT5CORE(?,?,?,00007FFDF66E6E6E), ref: 00007FFDF66E9878
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00007FFDF66E6E6E), ref: 00007FFDF66E98A9
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00007FFDF66E6E6E), ref: 00007FFDF66E98BB
?append@QListData@@QEAAPEAPEAXXZ.QT5CORE(?,?,?,00007FFDF66E6E6E), ref: 00007FFDF66E98C5
?size@QString@@QEBAHXZ.QT5CORE(?,?,?,00007FFDF66E6E6E), ref: 00007FFDF66E98D8
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF66E6E6E), ref: 00007FFDF66E98EA

Part of subcall function 00007FFDF66D4700: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,00007FFDF66D46E8), ref: 00007FFDF66D475B
Part of subcall function 00007FFDF66D4700: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,00007FFDF66D46E8), ref: 00007FFDF66D4767
Part of subcall function 00007FFDF66D4700: ?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFDF66D46E8), ref: 00007FFDF66D4791
Part of subcall function 00007FFDF66D4700: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00007FFDF66D46E8), ref: 00007FFDF66D47A4
Part of subcall function 00007FFDF66D4700: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,00007FFDF66D46E8), ref: 00007FFDF66D47CB
Part of subcall function 00007FFDF66D4700: ??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFDF66D46E8), ref: 00007FFDF66D47D9
Part of subcall function 00007FFDF66D4700: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,00007FFDF66D46E8), ref: 00007FFDF66D47FA
Part of subcall function 00007FFDF66D4700: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,00007FFDF66D46E8), ref: 00007FFDF66D4812
Part of subcall function 00007FFDF66D4700: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,00007FFDF66D46E8), ref: 00007FFDF66D483F
Part of subcall function 00007FFDF66D4700: ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFDF66D46E8), ref: 00007FFDF66D4856
Part of subcall function 00007FFDF66D4700: ?erase@QListData@@QEAAPEAPEAXPEAPEAX@Z.QT5CORE(?,?,?,?,?,?,?,00007FFDF66D46E8), ref: 00007FFDF66D4862
Part of subcall function 00007FFDF66D4700: ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFDF66D46E8), ref: 00007FFDF66D486D

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Array@@ByteData@@List$?begin@$String@@$V0@@$?size@$?append@?const?erase@?read@A@$$Char@@Data@Device@@Empty@memcpy
String ID:
API String ID: 3158978291-0
Opcode ID: 4d1374ee13958e5d252ebadc586f1541367c0e45561da73cd4a31fb83a55b327
Instruction ID: bbaedb8bc8fa88adf2be034878a252b3f356a180b87f48d36ac054b26f5ac8c9
Opcode Fuzzy Hash: 4d1374ee13958e5d252ebadc586f1541367c0e45561da73cd4a31fb83a55b327
Instruction Fuzzy Hash: EE31A13270864292EB109F15E4604AAB325EF95BC4F540271CB6E07EE9EF6DED8AC700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66F17D0 Relevance: 12.1, APIs: 8, Instructions: 68COMMON

Download Yara Rule

APIs

?lock@QMutex@@QEAAXXZ.QT5CORE(?,?,00000000,00007FFDF66F0AAE,?,?,?,?,?,?,?,00007FFDF66F1109), ref: 00007FFDF66F17E8
?firstNode@QHashData@@QEAAPEAUNode@1@XZ.QT5CORE(?,?,00000000,00007FFDF66F0AAE,?,?,?,?,?,?,?,00007FFDF66F1109), ref: 00007FFDF66F17FB
?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,?,00000000,00007FFDF66F0AAE,?,?,?,?,?,?,?,00007FFDF66F1109), ref: 00007FFDF66F181F
?firstNode@QHashData@@QEAAPEAUNode@1@XZ.QT5CORE(?,?,00000000,00007FFDF66F0AAE,?,?,?,?,?,?,?,00007FFDF66F1109), ref: 00007FFDF66F183C
?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,?,00000000,00007FFDF66F0AAE,?,?,?,?,?,?,?,00007FFDF66F1109), ref: 00007FFDF66F185F
?firstNode@QHashData@@QEAAPEAUNode@1@XZ.QT5CORE(?,?,00000000,00007FFDF66F0AAE,?,?,?,?,?,?,?,00007FFDF66F1109), ref: 00007FFDF66F1878
?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,?,00000000,00007FFDF66F0AAE,?,?,?,?,?,?,?,00007FFDF66F1109), ref: 00007FFDF66F1892
?unlock@QMutexLocker@@QEAAXXZ.QT5CORE(?,?,00000000,00007FFDF66F0AAE,?,?,?,?,?,?,?,00007FFDF66F1109), ref: 00007FFDF66F18A4

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Data@@HashNode@Node@1@$?first?nextU21@@$?lock@?unlock@Locker@@MutexMutex@@
String ID:
API String ID: 35386720-0
Opcode ID: d6c6babba26e12488e21e24e9c917e9387ad7d5c3c3787479a72b8879b932b7a
Instruction ID: 72261255951ab5fa802a92994a378469a7b6c1254516b665dfbcd639341d4658
Opcode Fuzzy Hash: d6c6babba26e12488e21e24e9c917e9387ad7d5c3c3787479a72b8879b932b7a
Instruction Fuzzy Hash: E5211236F0968292EB549B61D57493863A5FF45BC0F581975CA3F02FD8EF2CE8C18A00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66FB7D0 Relevance: 10.6, APIs: 7, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF66FAFD0: ?detach_helper@QHashData@@QEAAPEAU1@P6AXPEAUNode@1@PEAX@ZP6AX0@ZHH@Z.QT5CORE ref: 00007FFDF66FB008
Part of subcall function 00007FFDF66FAFD0: ?free_helper@QHashData@@QEAAXP6AXPEAUNode@1@@Z@Z.QT5CORE ref: 00007FFDF66FB039

?qHash@@YAIAEBVQString@@I@Z.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFDF66FC503,?,?,?,00007FFDF66FB570), ref: 00007FFDF66FB809

Part of subcall function 00007FFDF66FCE70: ?qHash@@YAIAEBVQString@@I@Z.QT5CORE(?,?,?,?,?,?,00007FFDF66FB89B,?,?,?,?,?,?,?,?,00000000), ref: 00007FFDF66FCF33
Part of subcall function 00007FFDF66FCE70: ??8@YA_NAEBVQString@@0@Z.QT5CORE(?,?,?,?,?,?,00007FFDF66FB89B,?,?,?,?,?,?,?,?,00000000), ref: 00007FFDF66FCF68
Part of subcall function 00007FFDF66FCE70: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00007FFDF66FB89B,?,?,?,?,?,?,?,?,00000000), ref: 00007FFDF66FCF81
Part of subcall function 00007FFDF66FCE70: ?freeNode@QHashData@@QEAAXPEAX@Z.QT5CORE(?,?,?,?,?,?,00007FFDF66FB89B,?,?,?,?,?,?,?,?,00000000), ref: 00007FFDF66FCF8E
Part of subcall function 00007FFDF66FCE70: ?hasShrunk@QHashData@@QEAAXXZ.QT5CORE(?,?,?,?,?,?,00007FFDF66FB89B,?,?,?,?,?,?,?,?,00000000), ref: 00007FFDF66FCFA7
Part of subcall function 00007FFDF66FCE70: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00007FFDF66FB89B,?,?,?,?,?,?,?,?,00000000), ref: 00007FFDF66FCFBF
Part of subcall function 00007FFDF66FCE70: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00007FFDF66FB89B,?,?,?,?,?,?,?,?,00000000), ref: 00007FFDF66FCFD2

??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFDF66FC503,?,?,?,00007FFDF66FB570), ref: 00007FFDF66FB851
??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFDF66FC503,?,?,?,00007FFDF66FB570), ref: 00007FFDF66FB864
?qHash@@YAIAEBVQString@@I@Z.QT5CORE ref: 00007FFDF66FB8CA

Part of subcall function 00007FFDF66FB4B0: ??8@YA_NAEBVQString@@0@Z.QT5CORE(?,?,00000000,00007FFDF66F2A1C), ref: 00007FFDF66FB4FC

?willGrow@QHashData@@QEAA_NXZ.QT5CORE ref: 00007FFDF66FB8F1
?allocateNode@QHashData@@QEAAPEAXH@Z.QT5CORE ref: 00007FFDF66FB916
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66FB930

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Data@@Hash$Hash@@$??8@Node@String@@0@$?allocate?detach_helper@?free?free_helper@?has?willArray@@ByteGrow@Node@1@Node@1@@Shrunk@V0@@
String ID:
API String ID: 3770219487-0
Opcode ID: 732a7608d27d8c17a3cfd79b72840b427cbb593aeac87e19b105ccec2cc91236
Instruction ID: c7e0daa92f61fa16fd66f7f34475e35c3a95312c67f3dde423241478408f5f09
Opcode Fuzzy Hash: 732a7608d27d8c17a3cfd79b72840b427cbb593aeac87e19b105ccec2cc91236
Instruction Fuzzy Hash: B6519E62B08B8192EB00CF25D5606697374FB99B84F149635DF6D07B99EF38E4A1CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66D3780 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

??1QUrl@@QEAA@XZ.QT5CORE ref: 00007FFDF66D37BB
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66D37C8
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66D3840
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66D384D
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66D385A
??1QUrl@@QEAA@XZ.QT5CORE ref: 00007FFDF66D3896
??1QObjectPrivate@@UEAA@XZ.QT5CORE ref: 00007FFDF66D389F

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Array@@ByteString@@Url@@$ObjectPrivate@@
String ID:
API String ID: 393494805-0
Opcode ID: 9efc34ceb8bc089478cb67f7a71f274947798da0cc79133dea2b6483276f663f
Instruction ID: 438130fb86b955ffe94d0408b0d4b1774e3ce9acd77df5d701f3ba1e34abef28
Opcode Fuzzy Hash: 9efc34ceb8bc089478cb67f7a71f274947798da0cc79133dea2b6483276f663f
Instruction Fuzzy Hash: F5315F31B09942A6EB48DB25D5706B8B328FF85750F448171D63E93EE9EF2CE856C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6707750 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68timeCOMMON

Download Yara Rule

APIs

??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF670778D
?isEmpty@QString@@QEBA_NXZ.QT5CORE ref: 00007FFDF67077C1
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z.QT5CORE ref: 00007FFDF67077F4
??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF6707807
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6707815

Strings

Invalid domain name, xrefs: 00007FFDF67077D6

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$?tr@DateEmpty@MetaObject@@Time@@V0@$$V0@@
String ID: Invalid domain name
API String ID: 1141942472-4090324451
Opcode ID: 2a8cc17a081109b85a3e070029c6dd49ea791e34f475fea44ef8067f035c493b
Instruction ID: 422c90e4fd10d8688aec915ef294d3ad383b5b26677f86df3c5bb74c2218233d
Opcode Fuzzy Hash: 2a8cc17a081109b85a3e070029c6dd49ea791e34f475fea44ef8067f035c493b
Instruction Fuzzy Hash: 74313C3261CA86A6DB50CF20E870BAAB768FB80744F444176E29D42EDDEF7CD549CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF672F800 Relevance: 10.6, APIs: 7, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF6759290: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDF668328F), ref: 00007FFDF67592AA

??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF672F827
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF672F841
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF672F853
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF672F886

Part of subcall function 00007FFDF672F920: ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FFDF672F7BD), ref: 00007FFDF672F93B

??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE ref: 00007FFDF672F8A1
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF672F8AC
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF672F8D4

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Array@@ByteDebug@@$String@@@malloc
String ID:
API String ID: 2997392113-0
Opcode ID: 164f0cf8fa7555a2673a7bc0ef4e3ecb668fbd9cf874c37977684c17c607a163
Instruction ID: c8e265acd6abe22bc00d4403195296aab634c61075cd5a044be3db59e5502a77
Opcode Fuzzy Hash: 164f0cf8fa7555a2673a7bc0ef4e3ecb668fbd9cf874c37977684c17c607a163
Instruction Fuzzy Hash: 73211036718A5692EB00DF15E87496A7364FB85B80F804171DE9E07FA9EF3CD946CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66BD6E0 Relevance: 10.6, APIs: 7, Instructions: 57COMMON

Download Yara Rule

APIs

?createNode@QMapDataBase@@QEAAPEAUQMapNodeBase@@HHPEAU2@_N@Z.QT5CORE ref: 00007FFDF66BD708
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66BD719
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66BD727
?color@QMapNodeBase@@QEBA?AW4Color@1@XZ.QT5CORE ref: 00007FFDF66BD730
?setColor@QMapNodeBase@@QEAAXW4Color@1@@Z.QT5CORE ref: 00007FFDF66BD73B
?setParent@QMapNodeBase@@QEAAXPEAU1@@Z.QT5CORE ref: 00007FFDF66BD787

Part of subcall function 00007FFDF66BD6E0: ?setParent@QMapNodeBase@@QEAAXPEAU1@@Z.QT5CORE ref: 00007FFDF66BD75C

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Base@@$Node$?set$Array@@ByteParent@U1@@V0@@$?color@?createColor@Color@1@Color@1@@DataNode@U2@_
String ID:
API String ID: 2305653893-0
Opcode ID: 7e9670c5f59bc8ac053378a6485b0c69fae05ba6992539312b7a63fc307d9eed
Instruction ID: 66532851a06f91918e97644780056d8f00aea888f1edc0aff90d2849c6f8c8a4
Opcode Fuzzy Hash: 7e9670c5f59bc8ac053378a6485b0c69fae05ba6992539312b7a63fc307d9eed
Instruction Fuzzy Hash: 19212826B08A4282EB049F22E9247697364FB88FC4F444175CA6D4BF98EF7CE856C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D614F0 Relevance: 10.5, APIs: 8, Instructions: 453COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FFDF5D61563
memset.VCRUNTIME140 ref: 00007FFDF5D616A1
memset.VCRUNTIME140 ref: 00007FFDF5D617C6
memset.VCRUNTIME140 ref: 00007FFDF5D618E4
memset.VCRUNTIME140 ref: 00007FFDF5D619AC
memcpy.VCRUNTIME140 ref: 00007FFDF5D61A46

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: a6d468db4333e8731d862714eeee9638e4860e649500defd43d993b0ae2314c0
Instruction ID: 9b6a87469f389e1ff6af6dfb773d5208cde474fd6c86b53bb8d4c28899b24cad
Opcode Fuzzy Hash: a6d468db4333e8731d862714eeee9638e4860e649500defd43d993b0ae2314c0
Instruction Fuzzy Hash: 4D42F816E19BC592E711CB3CC6197FC6760F7AAB48F19A325CB9C12157EF25A2DAC300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D4D1A0 Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 272COMMON

Download Yara Rule

Strings

VP8 , xrefs: 00007FFDF5D4D343

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID:
String ID: VP8
API String ID: 0-2406432225
Opcode ID: 02ff9131429cd44c4b2c0120519d0a69040d7850b41cc6d310304563f932765e
Instruction ID: 6c3d6cf3df4000dd35596a714f5241444528706dec330c6c6b2ee66c6c149000
Opcode Fuzzy Hash: 02ff9131429cd44c4b2c0120519d0a69040d7850b41cc6d310304563f932765e
Instruction Fuzzy Hash: E6C1BD32B0AB8986E760DF25D950B6973A0FB49B54F144235DBAD87BC8DF38E561CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF60D055E50 Relevance: 9.1, APIs: 6, Instructions: 119COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF60D042EC0: _aligned_free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF60D042F4B
Part of subcall function 00007FF60D042EC0: _aligned_free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF60D042F97

Part of subcall function 00007FF60D042EC0: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF60D042F52
Part of subcall function 00007FF60D042EC0: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF60D042F9E

_aligned_free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF60D055F41
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF60D055F48
_aligned_free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF60D055F7C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF60D055F83
_aligned_free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF60D055FB7
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF60D055FBE

Memory Dump Source

Source File: 0000000F.00000002.3088052427.00007FF60CFC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF60CFC0000, based on PE: true

Associated: 0000000F.00000002.3088035517.00007FF60CFC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088110305.00007FF60D086000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088157309.00007FF60D101000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088175807.00007FF60D104000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088193777.00007FF60D108000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088211068.00007FF60D10B000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff60cfc0000_SRTMiniServer.jbxd

Similarity

API ID: _aligned_freefree
String ID:
API String ID: 426171744-0
Opcode ID: d268f71062386fd26cdd8fa367d8ea1d741fb92c2fa0268ba5ff27bd3d6672b7
Instruction ID: 3df9c5198bea597174609a5caf456996696730c2b59f6eb437166cf97561447c
Opcode Fuzzy Hash: d268f71062386fd26cdd8fa367d8ea1d741fb92c2fa0268ba5ff27bd3d6672b7
Instruction Fuzzy Hash: 9D4190B2B04B4594EB14DFA6D8446EE6761FB58BD4F604232EE0E93B99EF38C540C304

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66B9670 Relevance: 9.1, APIs: 6, Instructions: 108COMMON

Download Yara Rule

APIs

?nextNode@QMapNodeBase@@QEBAPEBU1@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF66B8F1F), ref: 00007FFDF66B9701
?fromRawData@QByteArray@@SA?AV1@PEBDH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF66B8F1F), ref: 00007FFDF66B9789
?toBase64@QByteArray@@QEBA?AV1@V?$QFlags@W4Base64Option@QByteArray@@@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF66B8F1F), ref: 00007FFDF66B979D
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFDF66B8F1F), ref: 00007FFDF66B97A8
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFDF66B8F1F), ref: 00007FFDF66B97FE
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFDF66B8F1F), ref: 00007FFDF66B9805

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Byte$Array@@$_invalid_parameter_noinfo_noreturn$?from?nextArray@@@@@Base64Base64@Base@@Data@Flags@NodeNode@Option@
String ID:
API String ID: 553760676-0
Opcode ID: ea665cb8819a81fe10b6fe89c0d030240a9dc5e0b073ee20a5817829db39a4d7
Instruction ID: 8dabe1c2e85d12512e0c2609c986c6edf643ecebda33b85375f54c896d70b080
Opcode Fuzzy Hash: ea665cb8819a81fe10b6fe89c0d030240a9dc5e0b073ee20a5817829db39a4d7
Instruction Fuzzy Hash: 46418122B18686C2EF10DB25E0646B96364FB85B84F440271E65E47EEEEF6CE545CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6711700 Relevance: 9.1, APIs: 6, Instructions: 96COMMON

Download Yara Rule

APIs

??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF671171F
?isReadable@QIODevice@@QEBA_NXZ.QT5CORE ref: 00007FFDF671173B
?setReadChannelCount@QIODevicePrivate@@QEAAXH@Z.QT5CORE ref: 00007FFDF6711760
?isWritable@QIODevice@@QEBA_NXZ.QT5CORE ref: 00007FFDF6711773
?setWriteChannelCount@QIODevicePrivate@@QEAAXH@Z.QT5CORE ref: 00007FFDF6711798
?activate@QMetaObject@@SAXPEAVQObject@@PEBU1@HPEAPEAX@Z.QT5CORE ref: 00007FFDF67118A3

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: ?setChannelCount@DeviceDevice@@Object@@Private@@$?activate@MetaReadReadable@String@@V0@@Writable@Write
String ID:
API String ID: 2187096659-0
Opcode ID: e798d5b906411e9c466e5ff7a8eae8ac8d3857c9607aae1f6a28a4d59f45bbc7
Instruction ID: 806435d61423005afcf379cda05a79d84f87de366fa027b74641b07e9559f136
Opcode Fuzzy Hash: e798d5b906411e9c466e5ff7a8eae8ac8d3857c9607aae1f6a28a4d59f45bbc7
Instruction Fuzzy Hash: BE415C36B08B8192DB089F21E1A07E973A5FB88B84F404032DB6D47BA8DF79E465C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66A54A0 Relevance: 9.1, APIs: 6, Instructions: 78COMMON

Download Yara Rule

APIs

?isEmpty@QListData@@QEBA_NXZ.QT5CORE ref: 00007FFDF66A54C3
?at@QListData@@QEBAPEAPEAXH@Z.QT5CORE ref: 00007FFDF66A54DF
?activate@QMetaObject@@SAXPEAVQObject@@PEBU1@HPEAPEAX@Z.QT5CORE ref: 00007FFDF66A5541
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66A556A
?isEmpty@QListData@@QEBA_NXZ.QT5CORE ref: 00007FFDF66A559F
?activate@QMetaObject@@SAXPEAVQObject@@PEBU1@HPEAPEAX@Z.QT5CORE ref: 00007FFDF66A55D7

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Object@@$Data@@List$?activate@Empty@Meta$?at@Array@@Byte
String ID:
API String ID: 2511475051-0
Opcode ID: 44a59b09a4e02b6fab43e7977d0d815f208fbc2fa137b05dc51a2bd26365cd10
Instruction ID: 4b3a43aea8fcade78a207bad3cfe25c9484f1a0e529eca4e54829a1146818c3b
Opcode Fuzzy Hash: 44a59b09a4e02b6fab43e7977d0d815f208fbc2fa137b05dc51a2bd26365cd10
Instruction Fuzzy Hash: F3413E3271CA8186EB50DF20E060BA977A5FB85748F440175EA9E0BEADDF3CD545CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66814A0 Relevance: 9.1, APIs: 6, Instructions: 71COMMON

Download Yara Rule

APIs

?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFDF66814C2
??0QByteArray@@QEAA@HW4Initialization@Qt@@@Z.QT5CORE ref: 00007FFDF66814D5
?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFDF66814DE
?constData@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFDF6681517
?cend@QByteArray@@QEBAPEBDXZ.QT5CORE ref: 00007FFDF6681523
?resize@QByteArray@@QEAAXH@Z.QT5CORE ref: 00007FFDF668156A

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Array@@ByteString@@$?constChar@@Data@$?cend@?resize@?size@Initialization@Qt@@@
String ID:
API String ID: 1104785696-0
Opcode ID: fc0698119a3a7454dfa5408696d16732a0955c37eca1ee0bc8e378a696af5376
Instruction ID: 240ff03149ae45fcd9c6bec138bd1906178de9185ce560617ddbfc596cbaf81c
Opcode Fuzzy Hash: fc0698119a3a7454dfa5408696d16732a0955c37eca1ee0bc8e378a696af5376
Instruction Fuzzy Hash: 9F21F166B0D68289DB048F26A424439BBA5FF89FC0B48C571CE6E03F58EE3CD4468701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6683710 Relevance: 9.1, APIs: 6, Instructions: 65COMMON

Download Yara Rule

APIs

??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6683744
?qt_qFindChildren_helper@@YAXPEBVQObject@@AEBVQString@@AEBUQMetaObject@@PEAV?$QList@PEAX@@V?$QFlags@W4FindChildOption@Qt@@@@@Z.QT5CORE ref: 00007FFDF6683770
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF668377B
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF668378E
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFDF66837E8
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66837F3

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Data@@ListString@@$FindObject@@$?begin@?dispose@?end@?qt_qChildChildren_helper@@Data@1@@Flags@List@MetaOption@Qt@@@@@
String ID:
API String ID: 2432269031-0
Opcode ID: 9da034710dd619ec85310c0bf86a9c8ab1b78c89a3281f08ad1b212a42916b5e
Instruction ID: 6099b99804e2dd0a8a88bb445e240a8d44fbd12e2d673a23521562fb6add1d14
Opcode Fuzzy Hash: 9da034710dd619ec85310c0bf86a9c8ab1b78c89a3281f08ad1b212a42916b5e
Instruction Fuzzy Hash: 19211C36709A4682EB008BA5E474569B364FF84BA4F144175DA5E43FE8DE7DE846C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6743850 Relevance: 9.1, APIs: 6, Instructions: 56COMMON

Download Yara Rule

APIs

?createNode@QMapDataBase@@QEAAPEAUQMapNodeBase@@HHPEAU2@_N@Z.QT5CORE ref: 00007FFDF6743878
??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF6743891
?color@QMapNodeBase@@QEBA?AW4Color@1@XZ.QT5CORE ref: 00007FFDF674389A
?setColor@QMapNodeBase@@QEAAXW4Color@1@@Z.QT5CORE ref: 00007FFDF67438A5
?setParent@QMapNodeBase@@QEAAXPEAU1@@Z.QT5CORE ref: 00007FFDF67438F1

Part of subcall function 00007FFDF6743850: ?setParent@QMapNodeBase@@QEAAXPEAU1@@Z.QT5CORE ref: 00007FFDF67438C6

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Base@@$Node$?set$Parent@U1@@$?color@?createArray@@ByteColor@Color@1@Color@1@@DataNode@U2@_V0@@
String ID:
API String ID: 485551508-0
Opcode ID: 593bac8f3a809254947673f5464a731d19afef5fe296862d8bf8b511f12b8a27
Instruction ID: 26bfbe8756aaae6723724047ffc02d82e02a624ae76a6e4308dc7c33f06e3b48
Opcode Fuzzy Hash: 593bac8f3a809254947673f5464a731d19afef5fe296862d8bf8b511f12b8a27
Instruction Fuzzy Hash: FE213822B08A4182EB048F16E424729B3B8FB88FC4F484139CE6D47F98EF7DE5568740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF668F470 Relevance: 9.0, APIs: 6, Instructions: 27timeCOMMON

Download Yara Rule

APIs

??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF668F0DB,?,?,?,00007FFDF66836EC), ref: 00007FFDF668F483
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF668F0DB,?,?,?,00007FFDF66836EC), ref: 00007FFDF668F48D
??1QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF668F0DB,?,?,?,00007FFDF66836EC), ref: 00007FFDF668F497
??1QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF668F0DB,?,?,?,00007FFDF66836EC), ref: 00007FFDF668F4A1
??1QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF668F0DB,?,?,?,00007FFDF66836EC), ref: 00007FFDF668F4AB
??1QDateTime@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF668F0DB,?,?,?,00007FFDF66836EC), ref: 00007FFDF668F4B5

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Array@@Byte$DateTime@@
String ID:
API String ID: 664682113-0
Opcode ID: 21ed419e4c519055bcc3de7e691c68d1f7ec3d13e50004de8fa204095c59815a
Instruction ID: 835887c2dc242a814d974360c4fd941aec955c93d3fde77572f96bc6652fc9a5
Opcode Fuzzy Hash: 21ed419e4c519055bcc3de7e691c68d1f7ec3d13e50004de8fa204095c59815a
Instruction Fuzzy Hash: 68F03C21B0C806A2EB049B65EA749783335FF94740F444271C62E02DE9EF6CECEAC344

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66EB6C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON

Download Yara Rule

APIs

?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,00000000,00007FFDF66EAACF), ref: 00007FFDF66EB703
?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFDF66EB737
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66EB744
_Init_thread_footer.LIBCMT ref: 00007FFDF66EB77A

Strings

QNetworkSession::SessionError, xrefs: 00007FFDF66EB6F7

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Meta$Array@@Byte$Type@$?normalized?registerFlag@Flags@Init_thread_footerNormalizedObject@@Object@@@TypeType@@Type@@@@
String ID: QNetworkSession::SessionError
API String ID: 109532953-3125804625
Opcode ID: 66336642b8895b226e275e115d1f6d97a731b78d5c2154e9377d79bf72081221
Instruction ID: 5753e052fd1a99e25ab411f16a5b4a0ff0239d83254d295cd00a188b07e29a15
Opcode Fuzzy Hash: 66336642b8895b226e275e115d1f6d97a731b78d5c2154e9377d79bf72081221
Instruction Fuzzy Hash: 8A110071B18A4286E710CF25F8B09653768BF58741F800176D62D86EEDEF3CE949CB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66954B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON

Download Yara Rule

APIs

?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,00000000,00007FFDF6692CA1,?,?,00000000), ref: 00007FFDF66954F3
?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFDF6695527
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF6695534
_Init_thread_footer.LIBCMT ref: 00007FFDF669556A

Strings

QNetworkRequest, xrefs: 00007FFDF66954E7

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Meta$Array@@Byte$Type@$?normalized?registerFlag@Flags@Init_thread_footerNormalizedObject@@Object@@@TypeType@@Type@@@@
String ID: QNetworkRequest
API String ID: 109532953-2472831940
Opcode ID: 2533aed385cb9b56338f0f5201eff0a5ddde6d98870adab78307847782f5459c
Instruction ID: ef18499de2aac7b425f9edf46af22a1fea2829a2ac1930b671393fadbb63c5a4
Opcode Fuzzy Hash: 2533aed385cb9b56338f0f5201eff0a5ddde6d98870adab78307847782f5459c
Instruction Fuzzy Hash: 6E110A71F0864686E710CF15E8B096537A8BB64758F840176DA6D43EEDEF3CE95ACB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF673D6E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27windowCOMMON

Download Yara Rule

APIs

?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF673D6F8

Part of subcall function 00007FFDF6727C90: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFDF673D0D5,?,?,?,?,?,?,?,?,?,?,00007FFDF67428DA), ref: 00007FFDF6727CEC
Part of subcall function 00007FFDF6727C90: _Init_thread_footer.LIBCMT ref: 00007FFDF6727D05

??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF673D71D
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF673D734

Strings

X509_print, xrefs: 00007FFDF673D726
QSslSocket: cannot call unresolved function %s, xrefs: 00007FFDF673D72D

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
String ID: QSslSocket: cannot call unresolved function %s$X509_print
API String ID: 646154281-491108590
Opcode ID: b25c54454cec0c21b0613005ec07e1bca5aa58cd2aa8d1a84f48b016ef470672
Instruction ID: 1d38dbb93bdfa8c22d68a82cf52a1a99ed7bffa819745e38bef014743cd3519c
Opcode Fuzzy Hash: b25c54454cec0c21b0613005ec07e1bca5aa58cd2aa8d1a84f48b016ef470672
Instruction Fuzzy Hash: E9F05B15F1CA83C1EB51AB51E872EB53359BF81F44F404231D56D03F99EE3CD5968600

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF673B840 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27windowCOMMON

Download Yara Rule

APIs

?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF6749226,00000000,00000001,00000000,00007FFDF67510F7), ref: 00007FFDF673B858

Part of subcall function 00007FFDF6727C90: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFDF673D0D5,?,?,?,?,?,?,?,?,?,?,00007FFDF67428DA), ref: 00007FFDF6727CEC
Part of subcall function 00007FFDF6727C90: _Init_thread_footer.LIBCMT ref: 00007FFDF6727D05

??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF6749226,00000000,00000001,00000000,00007FFDF67510F7), ref: 00007FFDF673B87D
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF6749226,00000000,00000001,00000000,00007FFDF67510F7), ref: 00007FFDF673B894

Strings

SSL_free, xrefs: 00007FFDF673B886
QSslSocket: cannot call unresolved function %s, xrefs: 00007FFDF673B88D

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
String ID: QSslSocket: cannot call unresolved function %s$SSL_free
API String ID: 646154281-4066756980
Opcode ID: f80fc64bd5da9d35e29530b1d14d9f5cb8aeb02956c119cf7200080ec3fe248c
Instruction ID: b3017e2db843a2c79ba6e27e6e4ef035b9ed6323a66a5fcb8b9fd66bab29a935
Opcode Fuzzy Hash: f80fc64bd5da9d35e29530b1d14d9f5cb8aeb02956c119cf7200080ec3fe248c
Instruction Fuzzy Hash: 7EF03614F1CA83C1EB51AB61D871DB53359AF81F44F504131C56D03FADEE2CA596C600

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF673B6F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON

Download Yara Rule

APIs

?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF673B708

Part of subcall function 00007FFDF6727C90: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFDF673D0D5,?,?,?,?,?,?,?,?,?,?,00007FFDF67428DA), ref: 00007FFDF6727CEC
Part of subcall function 00007FFDF6727C90: _Init_thread_footer.LIBCMT ref: 00007FFDF6727D05

??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF673B72D
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF673B744

Strings

QSslSocket: cannot call unresolved function %s, xrefs: 00007FFDF673B73D
SSL_clear, xrefs: 00007FFDF673B736

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
String ID: QSslSocket: cannot call unresolved function %s$SSL_clear
API String ID: 646154281-668550569
Opcode ID: c0f03b8d19fb203dc9429b45d8155a00bfefefa0f49fe20baf8efeab7483a84f
Instruction ID: 7a731faa5759135aa03323dbcc0aab4567d46ba8e57b11a3d4cebfa00c82753f
Opcode Fuzzy Hash: c0f03b8d19fb203dc9429b45d8155a00bfefefa0f49fe20baf8efeab7483a84f
Instruction Fuzzy Hash: 94F05424F1CA83C1EB51AB65E872DB53359AF91F10F504336D96D03FE8EE2CE9868600

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6739700 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON

Download Yara Rule

APIs

?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF6746946,?,?,?,00007FFDF6748514), ref: 00007FFDF6739718

Part of subcall function 00007FFDF6727C90: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFDF673D0D5,?,?,?,?,?,?,?,?,?,?,00007FFDF67428DA), ref: 00007FFDF6727CEC
Part of subcall function 00007FFDF6727C90: _Init_thread_footer.LIBCMT ref: 00007FFDF6727D05

??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF6746946,?,?,?,00007FFDF6748514), ref: 00007FFDF673973D
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF6746946,?,?,?,00007FFDF6748514), ref: 00007FFDF6739754

Strings

EVP_PKEY_get1_RSA, xrefs: 00007FFDF6739746
QSslSocket: cannot call unresolved function %s, xrefs: 00007FFDF673974D

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
String ID: EVP_PKEY_get1_RSA$QSslSocket: cannot call unresolved function %s
API String ID: 646154281-3901137079
Opcode ID: 16633d4edfc15fb0c6b79b6ac486c0364d364c99b618f4cccd359a5e4c3d64c2
Instruction ID: 5cc7b35aab44466d6960974fbfdb25c9119b5fe24c7ab191a16728d080a9aec2
Opcode Fuzzy Hash: 16633d4edfc15fb0c6b79b6ac486c0364d364c99b618f4cccd359a5e4c3d64c2
Instruction Fuzzy Hash: 33F03014F1CA8381EB51AF61E832DB53399AF85F00F404232C96D03FE9FE2C95868600

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF673D520 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON

Download Yara Rule

APIs

?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF6745024), ref: 00007FFDF673D538

Part of subcall function 00007FFDF6727C90: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFDF673D0D5,?,?,?,?,?,?,?,?,?,?,00007FFDF67428DA), ref: 00007FFDF6727CEC
Part of subcall function 00007FFDF6727C90: _Init_thread_footer.LIBCMT ref: 00007FFDF6727D05

??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF6745024), ref: 00007FFDF673D55D
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF6745024), ref: 00007FFDF673D574

Strings

X509_get_subject_name, xrefs: 00007FFDF673D566
QSslSocket: cannot call unresolved function %s, xrefs: 00007FFDF673D56D

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
String ID: QSslSocket: cannot call unresolved function %s$X509_get_subject_name
API String ID: 646154281-2939435048
Opcode ID: 3707b8a0728b006d4606af42e330697f06fb200f6c1327030db21a6dcea4fdac
Instruction ID: 1aa94084b67a1b9783d2fdc9b7f5408ea2afa236dd0a378097d621dd29e4f650
Opcode Fuzzy Hash: 3707b8a0728b006d4606af42e330697f06fb200f6c1327030db21a6dcea4fdac
Instruction Fuzzy Hash: B6F03054F1CA4381EB50AB61E871EB53399AF85F14F404236D96D42FA9EE2CA58A8700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF673B530 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON

Download Yara Rule

APIs

?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF673B548

Part of subcall function 00007FFDF6727C90: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFDF673D0D5,?,?,?,?,?,?,?,?,?,?,00007FFDF67428DA), ref: 00007FFDF6727CEC
Part of subcall function 00007FFDF6727C90: _Init_thread_footer.LIBCMT ref: 00007FFDF6727D05

??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF673B56D
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF673B584

Strings

QSslSocket: cannot call unresolved function %s, xrefs: 00007FFDF673B57D
SSL_CTX_use_psk_identity_hint, xrefs: 00007FFDF673B576

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
String ID: QSslSocket: cannot call unresolved function %s$SSL_CTX_use_psk_identity_hint
API String ID: 646154281-1560254588
Opcode ID: 23484b62d594ebc46183416067ad120405337deffc687689bd688ad6af3f841d
Instruction ID: a2813477ff6f6a690021e5e36810596d24cc8e92457380909252d1da59850e70
Opcode Fuzzy Hash: 23484b62d594ebc46183416067ad120405337deffc687689bd688ad6af3f841d
Instruction Fuzzy Hash: 24F05414F1CA43C1EB11AB61E831EB93399BF85F40F404236C96D43FA9EE2CE5868700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6739540 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON

Download Yara Rule

APIs

?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF6746921,?,?,?,00007FFDF6748514), ref: 00007FFDF6739558

Part of subcall function 00007FFDF6727C90: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFDF673D0D5,?,?,?,?,?,?,?,?,?,?,00007FFDF67428DA), ref: 00007FFDF6727CEC
Part of subcall function 00007FFDF6727C90: _Init_thread_footer.LIBCMT ref: 00007FFDF6727D05

??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF6746921,?,?,?,00007FFDF6748514), ref: 00007FFDF673957D
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF6746921,?,?,?,00007FFDF6748514), ref: 00007FFDF6739594

Strings

EVP_PKEY_base_id, xrefs: 00007FFDF6739586
QSslSocket: cannot call unresolved function %s, xrefs: 00007FFDF673958D

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
String ID: EVP_PKEY_base_id$QSslSocket: cannot call unresolved function %s
API String ID: 646154281-3796295355
Opcode ID: cfd4f40f239d3b1e3c927571a9844a2cca8091e06d5796312dc0849fd5f8cdc7
Instruction ID: ebc0706b063d6ecf474d110260d9c197cf21db9636af8f614ca442eeaf5f7682
Opcode Fuzzy Hash: cfd4f40f239d3b1e3c927571a9844a2cca8091e06d5796312dc0849fd5f8cdc7
Instruction Fuzzy Hash: 5BF03014F1CA8381EB11AB61E832DB53399BF85F00F405236D96D03FEDEE2D95868700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF673D750 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON

Download Yara Rule

APIs

?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF674BCD7), ref: 00007FFDF673D768

Part of subcall function 00007FFDF6727C90: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFDF673D0D5,?,?,?,?,?,?,?,?,?,?,00007FFDF67428DA), ref: 00007FFDF6727CEC
Part of subcall function 00007FFDF6727C90: _Init_thread_footer.LIBCMT ref: 00007FFDF6727D05

??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF674BCD7), ref: 00007FFDF673D78D
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF674BCD7), ref: 00007FFDF673D7A4

Strings

X509_verify_cert, xrefs: 00007FFDF673D796
QSslSocket: cannot call unresolved function %s, xrefs: 00007FFDF673D79D

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
String ID: QSslSocket: cannot call unresolved function %s$X509_verify_cert
API String ID: 646154281-1197077324
Opcode ID: 42b1814fd74a89d5348741d4ec4c2ab270e63f7207aba4bf1ebe2173897a7a29
Instruction ID: 63b3e7f9e26ce3d043f81195771087ea97da8a77d29ec001ece9a8d5727705ab
Opcode Fuzzy Hash: 42b1814fd74a89d5348741d4ec4c2ab270e63f7207aba4bf1ebe2173897a7a29
Instruction Fuzzy Hash: 50F03024F1CA8381EB50AB61E872DB53359AF81F50F504336D96D02FECEE2CA5968700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF673D670 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON

Download Yara Rule

APIs

?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF6742EC1,?,?,?,?,00007FFDF6744099), ref: 00007FFDF673D688

Part of subcall function 00007FFDF6727C90: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFDF673D0D5,?,?,?,?,?,?,?,?,?,?,00007FFDF67428DA), ref: 00007FFDF6727CEC
Part of subcall function 00007FFDF6727C90: _Init_thread_footer.LIBCMT ref: 00007FFDF6727D05

??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF6742EC1,?,?,?,?,00007FFDF6744099), ref: 00007FFDF673D6AD
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF6742EC1,?,?,?,?,00007FFDF6744099), ref: 00007FFDF673D6C4

Strings

QSslSocket: cannot call unresolved function %s, xrefs: 00007FFDF673D6BD
X509_getm_notBefore, xrefs: 00007FFDF673D6B6

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
String ID: QSslSocket: cannot call unresolved function %s$X509_getm_notBefore
API String ID: 646154281-627992934
Opcode ID: 022f86617e0003062e67b371291654fae79fd6f702d44ccd087d959fd4e091a3
Instruction ID: 12f369face42e490c33bc9c7d804dc662ba04de29d6a445a47bac692f3d7eeb6
Opcode Fuzzy Hash: 022f86617e0003062e67b371291654fae79fd6f702d44ccd087d959fd4e091a3
Instruction Fuzzy Hash: 4FF03014F1CA83C1EB11AB61E831DB53399AF85F40F504236C96D03FA9EE2C959A8A00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF673B680 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON

Download Yara Rule

APIs

?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF673B698

Part of subcall function 00007FFDF6727C90: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFDF673D0D5,?,?,?,?,?,?,?,?,?,?,00007FFDF67428DA), ref: 00007FFDF6727CEC
Part of subcall function 00007FFDF6727C90: _Init_thread_footer.LIBCMT ref: 00007FFDF6727D05

??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF673B6BD
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF673B6D4

Strings

SSL_accept, xrefs: 00007FFDF673B6C6
QSslSocket: cannot call unresolved function %s, xrefs: 00007FFDF673B6CD

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
String ID: QSslSocket: cannot call unresolved function %s$SSL_accept
API String ID: 646154281-4119542777
Opcode ID: 7c8f21af64d07e17e70ac3ccfc44d309be4c141903c19184078ee8dad22bf854
Instruction ID: 44764fa6ba988fc6782ff06a211ed2f1763ed7fc585b37c4f40449368cd45b1d
Opcode Fuzzy Hash: 7c8f21af64d07e17e70ac3ccfc44d309be4c141903c19184078ee8dad22bf854
Instruction Fuzzy Hash: 71F09020F1CA83C1EB00AB61E832DB53359AF81F00F504236C97D03FE9EE2CA5868A00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6739690 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON

Download Yara Rule

APIs

?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF67469A6,?,?,?,00007FFDF6748514), ref: 00007FFDF67396A8

Part of subcall function 00007FFDF6727C90: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFDF673D0D5,?,?,?,?,?,?,?,?,?,?,00007FFDF67428DA), ref: 00007FFDF6727CEC
Part of subcall function 00007FFDF6727C90: _Init_thread_footer.LIBCMT ref: 00007FFDF6727D05

??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF67469A6,?,?,?,00007FFDF6748514), ref: 00007FFDF67396CD
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF67469A6,?,?,?,00007FFDF6748514), ref: 00007FFDF67396E4

Strings

EVP_PKEY_get1_EC_KEY, xrefs: 00007FFDF67396D6
QSslSocket: cannot call unresolved function %s, xrefs: 00007FFDF67396DD

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
String ID: EVP_PKEY_get1_EC_KEY$QSslSocket: cannot call unresolved function %s
API String ID: 646154281-939091918
Opcode ID: 1a3577bb23dcf1fef093ae4b7412c5d8927ad29e8db5b32c3f246ea463fa64a7
Instruction ID: c980a425208237ac228696f917a856981ba29c50dfcc11622c88ad0dbb0bc664
Opcode Fuzzy Hash: 1a3577bb23dcf1fef093ae4b7412c5d8927ad29e8db5b32c3f246ea463fa64a7
Instruction Fuzzy Hash: B3F05B14F1DA43C1EB509B61D871EB53359AF45F40F405135D56D03F99FE2DD5868640

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF67397E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON

Download Yara Rule

APIs

?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF67397F8

Part of subcall function 00007FFDF6727C90: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFDF673D0D5,?,?,?,?,?,?,?,?,?,?,00007FFDF67428DA), ref: 00007FFDF6727CEC
Part of subcall function 00007FFDF6727C90: _Init_thread_footer.LIBCMT ref: 00007FFDF6727D05

??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF673981D
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF6739834

Strings

QSslSocket: cannot call unresolved function %s, xrefs: 00007FFDF673982D
EVP_PKEY_set1_DSA, xrefs: 00007FFDF6739826

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
String ID: EVP_PKEY_set1_DSA$QSslSocket: cannot call unresolved function %s
API String ID: 646154281-2907225549
Opcode ID: 40a50c02b8552015b7314c429d767b217330b5274a047452669cd851fc4acca0
Instruction ID: e4de554ce4c049f71a2a90b13ebd9557433467919c0da408fef417c7d76b18cd
Opcode Fuzzy Hash: 40a50c02b8552015b7314c429d767b217330b5274a047452669cd851fc4acca0
Instruction Fuzzy Hash: 53F03024F1CA8381EB11AB61E872EB5335ABF81F10F404236D96D03FE9FE2D95868604

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF673D830 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON

Download Yara Rule

APIs

?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF67483CE), ref: 00007FFDF673D848

Part of subcall function 00007FFDF6727C90: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFDF673D0D5,?,?,?,?,?,?,?,?,?,?,00007FFDF67428DA), ref: 00007FFDF6727CEC
Part of subcall function 00007FFDF6727C90: _Init_thread_footer.LIBCMT ref: 00007FFDF6727D05

??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF67483CE), ref: 00007FFDF673D86D
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF67483CE), ref: 00007FFDF673D884

Strings

QSslSocket: cannot call unresolved function %s, xrefs: 00007FFDF673D87D
d2i_PKCS12_bio, xrefs: 00007FFDF673D876

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
String ID: QSslSocket: cannot call unresolved function %s$d2i_PKCS12_bio
API String ID: 646154281-1413310762
Opcode ID: 6417901f5582894965d79ff18773289ea55f9d2f7a13519bcd9641b801d24606
Instruction ID: 412938b008da9ff3aeda3adc27a2098f5aa0cb5facf9551f3f475709e3dd040e
Opcode Fuzzy Hash: 6417901f5582894965d79ff18773289ea55f9d2f7a13519bcd9641b801d24606
Instruction Fuzzy Hash: BCF03614F1CA43C1EB50AB61E871EB53399AF45F00F405231D55D02FE9EE2CA5868600

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6739850 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON

Download Yara Rule

APIs

?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF6739868

Part of subcall function 00007FFDF6727C90: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFDF673D0D5,?,?,?,?,?,?,?,?,?,?,00007FFDF67428DA), ref: 00007FFDF6727CEC
Part of subcall function 00007FFDF6727C90: _Init_thread_footer.LIBCMT ref: 00007FFDF6727D05

??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF673988D
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF67398A4

Strings

EVP_PKEY_set1_EC_KEY, xrefs: 00007FFDF6739896
QSslSocket: cannot call unresolved function %s, xrefs: 00007FFDF673989D

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
String ID: EVP_PKEY_set1_EC_KEY$QSslSocket: cannot call unresolved function %s
API String ID: 646154281-2965549941
Opcode ID: b49acd71400ac8357735982f13f4ab1f1f4bfe7f62d4585e0cabc50fe4bf551a
Instruction ID: aa98ff292bcf8c00046613539d4406920a8281af9d8be63265c9c8d28ff43322
Opcode Fuzzy Hash: b49acd71400ac8357735982f13f4ab1f1f4bfe7f62d4585e0cabc50fe4bf551a
Instruction Fuzzy Hash: D2F03024F1CA8381FB50AB61E872EB5335AAF85F10F544236D97D03FE9EE2D95868604

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF673B760 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON

Download Yara Rule

APIs

?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF673B778

Part of subcall function 00007FFDF6727C90: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFDF673D0D5,?,?,?,?,?,?,?,?,?,?,00007FFDF67428DA), ref: 00007FFDF6727CEC
Part of subcall function 00007FFDF6727C90: _Init_thread_footer.LIBCMT ref: 00007FFDF6727D05

??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF673B79D
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF673B7B4

Strings

QSslSocket: cannot call unresolved function %s, xrefs: 00007FFDF673B7AD
SSL_connect, xrefs: 00007FFDF673B7A6

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
String ID: QSslSocket: cannot call unresolved function %s$SSL_connect
API String ID: 646154281-2438786244
Opcode ID: 3bd5499aaa58d41400f9e99fc93fb29d062ceac5f2e344cae1a4cc9e6a0bdb75
Instruction ID: c79cb2cc4bd38f21bb085c7dd4601237fd75cd77bff57cc2e7d3da1c76a3c6d0
Opcode Fuzzy Hash: 3bd5499aaa58d41400f9e99fc93fb29d062ceac5f2e344cae1a4cc9e6a0bdb75
Instruction Fuzzy Hash: D9F03024F1CA83C1EB50AB61E872EB53359AF91F10F504236D96D03FE8EE2CA5868600

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6739770 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON

Download Yara Rule

APIs

?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF6739788

Part of subcall function 00007FFDF6727C90: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFDF673D0D5,?,?,?,?,?,?,?,?,?,?,00007FFDF67428DA), ref: 00007FFDF6727CEC
Part of subcall function 00007FFDF6727C90: _Init_thread_footer.LIBCMT ref: 00007FFDF6727D05

??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF67397AD
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF67397C4

Strings

EVP_PKEY_new, xrefs: 00007FFDF67397B6
QSslSocket: cannot call unresolved function %s, xrefs: 00007FFDF67397BD

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
String ID: EVP_PKEY_new$QSslSocket: cannot call unresolved function %s
API String ID: 646154281-74362941
Opcode ID: ec9f0ef880cdbc16332845ac75119c43c122e592b42d49a838ebd94d027eefc8
Instruction ID: 222b4afd4478cd66cb64fdc6a1ec2a4ae9d30fcbe6404e725498e954fe13e045
Opcode Fuzzy Hash: ec9f0ef880cdbc16332845ac75119c43c122e592b42d49a838ebd94d027eefc8
Instruction Fuzzy Hash: 84F03014F1CA8381EB11AF61E831DB53399AF85F10F504232C96D07FE9FE2D95868600

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF673D7C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON

Download Yara Rule

APIs

?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF6742231,?,?,?,00007FFDF672CAE6), ref: 00007FFDF673D7D8

Part of subcall function 00007FFDF6727C90: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFDF673D0D5,?,?,?,?,?,?,?,?,?,?,00007FFDF67428DA), ref: 00007FFDF6727CEC
Part of subcall function 00007FFDF6727C90: _Init_thread_footer.LIBCMT ref: 00007FFDF6727D05

??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF6742231,?,?,?,00007FFDF672CAE6), ref: 00007FFDF673D7FD
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF6742231,?,?,?,00007FFDF672CAE6), ref: 00007FFDF673D814

Strings

QSslSocket: cannot call unresolved function %s, xrefs: 00007FFDF673D80D
d2i_DHparams, xrefs: 00007FFDF673D806

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
String ID: QSslSocket: cannot call unresolved function %s$d2i_DHparams
API String ID: 646154281-3362144670
Opcode ID: 1a0d7d29c32929e0fc84aa9290b5012047e7eeef7d5a8cfab4be1567aa5960f0
Instruction ID: 43c77c4306137bf47f07e746e6495cd9ffab2f4b33771623bb1091e450df775a
Opcode Fuzzy Hash: 1a0d7d29c32929e0fc84aa9290b5012047e7eeef7d5a8cfab4be1567aa5960f0
Instruction Fuzzy Hash: 51F03014F1CA4381EB50AB61E871DB53399AF85F00F505232C96D02FA9EE2CE58A8A40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF673B7D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON

Download Yara Rule

APIs

?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFDF673B7E8

Part of subcall function 00007FFDF6727C90: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFDF673D0D5,?,?,?,?,?,?,?,?,?,?,00007FFDF67428DA), ref: 00007FFDF6727CEC
Part of subcall function 00007FFDF6727C90: _Init_thread_footer.LIBCMT ref: 00007FFDF6727D05

??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFDF673B80D
?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFDF673B824

Strings

SSL_ctrl, xrefs: 00007FFDF673B816
QSslSocket: cannot call unresolved function %s, xrefs: 00007FFDF673B81D

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
String ID: QSslSocket: cannot call unresolved function %s$SSL_ctrl
API String ID: 646154281-3177806278
Opcode ID: 5e9ebf072326d9fcb767376bb91d501f92028ec773628c35f26ab0ec5bf1624a
Instruction ID: d77c75bdf61d371168c23a4b61ad12d29c8350ea170572786931c8007d87a640
Opcode Fuzzy Hash: 5e9ebf072326d9fcb767376bb91d501f92028ec773628c35f26ab0ec5bf1624a
Instruction Fuzzy Hash: 54F09614F28A43C1EB409B21E831DB53359AF41F10F404231C56D03FE8EE2DD58A8640

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D95320 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 249COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FFDF5D953E2

Part of subcall function 00007FFDF5D956C0: memcpy.VCRUNTIME140 ref: 00007FFDF5D957FC

memset.VCRUNTIME140 ref: 00007FFDF5D95629

Strings

WEBP, xrefs: 00007FFDF5D95542
VP8L, xrefs: 00007FFDF5D95549
RIFF, xrefs: 00007FFDF5D9553B

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID: memset$memcpy
String ID: RIFF$VP8L$WEBP
API String ID: 368790112-2152065085
Opcode ID: c98bb87acb19021eb130a0770900102a1ce0f68bed675091136fedb3a620d3e3
Instruction ID: 8f12eb9a7cfdafc524b7a8f3bcfd51971929e7056073e64c6493f3c25ff5955d
Opcode Fuzzy Hash: c98bb87acb19021eb130a0770900102a1ce0f68bed675091136fedb3a620d3e3
Instruction Fuzzy Hash: 47A18D72B0A6898AE714DF61D8607AD37A1EF46B88F444035DE1E97B8DDE38E905C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6715820 Relevance: 7.6, APIs: 5, Instructions: 70COMMON

Download Yara Rule

APIs

?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,00007FFDF67152E8,?,?,?,00007FFDF66A3D69), ref: 00007FFDF6715835
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,00007FFDF67152E8,?,?,?,00007FFDF66A3D69), ref: 00007FFDF6715847
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,00007FFDF67152E8,?,?,?,00007FFDF66A3D69), ref: 00007FFDF67158AD
?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,00007FFDF67152E8,?,?,?,00007FFDF66A3D69), ref: 00007FFDF67158CA
?deleteLater@QObject@@QEAAXXZ.QT5CORE(?,?,?,00007FFDF67152E8,?,?,?,00007FFDF66A3D69), ref: 00007FFDF67158EC

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Data@@List$?dispose@Data@1@@$?begin@?delete?end@Later@Object@@
String ID:
API String ID: 3538899828-0
Opcode ID: 55a490ad505929420c2a155480f315e1727e8a8008690ca307e03405abe32e02
Instruction ID: 747d01d0bcae3d2bbab4d52ee57791445ee434133ed765537e70631cb41d5eac
Opcode Fuzzy Hash: 55a490ad505929420c2a155480f315e1727e8a8008690ca307e03405abe32e02
Instruction Fuzzy Hash: 71311032B05A4597FB658B69E86076973E4EB44B54F184136CB6E83FE4DF3CD8868700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6701780 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

??0QSharedData@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF67008C4,?,?,preconnect-https,00007FFDF66E23DA), ref: 00007FFDF67017C3
??0QUrl@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00007FFDF67008C4,?,?,preconnect-https,00007FFDF66E23DA), ref: 00007FFDF67017D1
??0QSharedData@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF67008C4,?,?,preconnect-https,00007FFDF66E23DA), ref: 00007FFDF67017FA
??0QBasicMutex@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF67008C4,?,?,preconnect-https,00007FFDF66E23DA), ref: 00007FFDF6701804
??1QUrl@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF67008C4,?,?,preconnect-https,00007FFDF66E23DA), ref: 00007FFDF670183C

Part of subcall function 00007FFDF6759290: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDF668328F), ref: 00007FFDF67592AA

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Data@@SharedUrl@@$BasicMutex@@V0@@malloc
String ID:
API String ID: 494146124-0
Opcode ID: a9df2a07026b2a0657b2e06d6141e4eb58c9ff08d65b36ed02a9b04c3a248feb
Instruction ID: 77e3697671d8cef7a11df4b34136e3c4245b3d5e8b91cf185dac509727e71e11
Opcode Fuzzy Hash: a9df2a07026b2a0657b2e06d6141e4eb58c9ff08d65b36ed02a9b04c3a248feb
Instruction Fuzzy Hash: 4B316932B096428AEB14DF55E47066973A4EB44B94F088039DB6E43FD8EF3CE952C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF67034B0 Relevance: 7.6, APIs: 5, Instructions: 65timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF6759290: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDF668328F), ref: 00007FFDF67592AA

Part of subcall function 00007FFDF6703760: ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF6703473), ref: 00007FFDF6703769
Part of subcall function 00007FFDF6703760: ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF6703473), ref: 00007FFDF670377A
Part of subcall function 00007FFDF6703760: ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF6703473), ref: 00007FFDF6703784
Part of subcall function 00007FFDF6703760: ??0QDateTime@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF6703473), ref: 00007FFDF6703796
Part of subcall function 00007FFDF6703760: ??0QDateTime@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF6703473), ref: 00007FFDF67037A0

??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF67034F7
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF670350F
??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF6703522
??4QDateTime@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF6703542
??4QDateTime@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFDF6703555

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$V0@@$DateTime@@$malloc
String ID:
API String ID: 3964370747-0
Opcode ID: 736984523568c381f090e0e289ed52e0ba5e6d715d16004edf59b37252454acd
Instruction ID: db8492bf85e2af193b35e8760f1e79209e15a14e8cfe8112a2e2b0c388a3404b
Opcode Fuzzy Hash: 736984523568c381f090e0e289ed52e0ba5e6d715d16004edf59b37252454acd
Instruction Fuzzy Hash: CD313C26708BE089DB40CB5AE4A4529BB78F799B94F168066DFDD43B5ACE38C092C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D4B0A0 Relevance: 7.6, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDF5D4B4C0), ref: 00007FFDF5D4B0CB
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDF5D4B4C0), ref: 00007FFDF5D4B0D4

Part of subcall function 00007FFDF5D97160: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000098,00007FFDF5D4B0EB,?,?,?,00007FFDF5D4B4C0), ref: 00007FFDF5D97170

memset.VCRUNTIME140(?,?,?,00007FFDF5D4B4C0), ref: 00007FFDF5D4B0FD
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDF5D4B4C0), ref: 00007FFDF5D4B106
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDF5D4B4C0), ref: 00007FFDF5D4B125
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDF5D4B4C0), ref: 00007FFDF5D4B14E

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID: free$memset
String ID:
API String ID: 2717317152-0
Opcode ID: 361219c9071bef26e3eb2c497ef19fa60b0e6f648a5828a4905808d4e931e281
Instruction ID: 47294231388e6b48799b7cbcdc3c01f5a135b18d8af3619053a7e20e84e44cd5
Opcode Fuzzy Hash: 361219c9071bef26e3eb2c497ef19fa60b0e6f648a5828a4905808d4e931e281
Instruction Fuzzy Hash: B5218132B16A8996DB48DF22D9517ED7360FB85F48F480035DB6D0368ADF34E8A1C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6699830 Relevance: 7.5, APIs: 5, Instructions: 47COMMON

Download Yara Rule

APIs

?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFDF66987D0,?,?,?,?,?,?,00000000,00007FFDF669A47C), ref: 00007FFDF6699858
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFDF66987D0,?,?,?,?,?,?,00000000,00007FFDF669A47C), ref: 00007FFDF6699864
?size@QListData@@QEBAHXZ.QT5CORE(?,?,00000000,00007FFDF66987D0,?,?,?,?,?,?,00000000,00007FFDF669A47C), ref: 00007FFDF669988D
??0QEvent@@QEAA@W4Type@0@@Z.QT5CORE(?,?,00000000,00007FFDF66987D0,?,?,?,?,?,?,00000000,00007FFDF669A47C), ref: 00007FFDF66998AB
?postEvent@QCoreApplication@@SAXPEAVQObject@@PEAVQEvent@@H@Z.QT5CORE(?,?,00000000,00007FFDF66987D0,?,?,?,?,?,?,00000000,00007FFDF669A47C), ref: 00007FFDF66998C4

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Data@@List$Event@@$?begin@?end@?post?size@Application@@CoreEvent@Object@@Type@0@@
String ID:
API String ID: 1072224609-0
Opcode ID: 769dd6c88e0b9c25c6dbbae4db539726ef5460109e312a6c91f1227082783e21
Instruction ID: a904bc37c78beb4804ac7dcbe07afae4ef147501939b37965fa6228a9c56267d
Opcode Fuzzy Hash: 769dd6c88e0b9c25c6dbbae4db539726ef5460109e312a6c91f1227082783e21
Instruction Fuzzy Hash: 06118F32B19A4296EB048B01E8645797368FB89FC4F480575EA5E03F9DDF3CD882CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6703830 Relevance: 7.5, APIs: 5, Instructions: 44timeCOMMON

Download Yara Rule

APIs

??1QDateTime@@QEAA@XZ.QT5CORE ref: 00007FFDF670388C
??1QDateTime@@QEAA@XZ.QT5CORE ref: 00007FFDF6703896
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF67038A0
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF67038AA
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF67038B3

Part of subcall function 00007FFDF6759290: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDF668328F), ref: 00007FFDF67592AA

Part of subcall function 00007FFDF6703760: ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF6703473), ref: 00007FFDF6703769
Part of subcall function 00007FFDF6703760: ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF6703473), ref: 00007FFDF670377A
Part of subcall function 00007FFDF6703760: ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF6703473), ref: 00007FFDF6703784
Part of subcall function 00007FFDF6703760: ??0QDateTime@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF6703473), ref: 00007FFDF6703796
Part of subcall function 00007FFDF6703760: ??0QDateTime@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF6703473), ref: 00007FFDF67037A0

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$DateTime@@$malloc
String ID:
API String ID: 3822018753-0
Opcode ID: 0a9aeea5e2b5aa2aa0bf0411b2adad507fffa7a4d76f610647324bf13d9c30da
Instruction ID: 09560b8b563af46ec83b5b01aa1db0f7b606aa41f0427678004708148cfff4bb
Opcode Fuzzy Hash: 0a9aeea5e2b5aa2aa0bf0411b2adad507fffa7a4d76f610647324bf13d9c30da
Instruction Fuzzy Hash: 03112B22B08A4691EB04DB16E6B47287365FB44B94F084170DA2D47ED9DF3CE8D6C354

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D417D0 Relevance: 7.5, APIs: 5, Instructions: 39COMMON

Download Yara Rule

APIs

?device@QImageIOHandler@@QEBAPEAVQIODevice@@XZ.QT5GUI(?,?,00000000,00007FFDF5D419CD), ref: 00007FFDF5D417F2
?readAll@QIODevice@@QEAA?AVQByteArray@@XZ.QT5CORE(?,?,00000000,00007FFDF5D419CD), ref: 00007FFDF5D41800
??4QByteArray@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE(?,?,00000000,00007FFDF5D419CD), ref: 00007FFDF5D4180D
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFDF5D419CD), ref: 00007FFDF5D41818
?constData@QByteArray@@QEBAPEBDXZ.QT5CORE(?,?,00000000,00007FFDF5D419CD), ref: 00007FFDF5D41822

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID: Array@@Byte$Device@@$?const?device@?readAll@Data@Handler@@ImageV0@$$V0@@
String ID:
API String ID: 14243995-0
Opcode ID: 5b94255f5ac245ff9501521cf51722e8e3ed053d93535ef80b7488d019647efa
Instruction ID: 948a7f5a078cc807b891919711cc405b7d6145e674aec3a6407a104224e551d5
Opcode Fuzzy Hash: 5b94255f5ac245ff9501521cf51722e8e3ed053d93535ef80b7488d019647efa
Instruction Fuzzy Hash: F7016136B1AA4583DB10AB21F8507AEB3A0FB44B44F445031DB9E47BA8DF3CE586C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66FF7E0 Relevance: 7.5, APIs: 5, Instructions: 32COMMON

Download Yara Rule

APIs

??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFDF66FF806
??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66FF818
??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FFDF66FF829
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66FF83A
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66FF84B

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$Array@@ByteV0@@$A@$$
String ID:
API String ID: 101242672-0
Opcode ID: 6a60991c38404d20dc76e4393af336ee2f79ee035afaebd938658c59fef5e0f3
Instruction ID: 6af4f1df38e37ed9a7807e3aeafb0936a352baf68d675af9cf80dea08fa17b8b
Opcode Fuzzy Hash: 6a60991c38404d20dc76e4393af336ee2f79ee035afaebd938658c59fef5e0f3
Instruction Fuzzy Hash: 13018B62B1C94196EB40CB15E874B2A6324BF84B80F584170E96E02AECEF7CD8858B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66A96BF Relevance: 7.5, APIs: 5, Instructions: 29timeCOMMON

Download Yara Rule

APIs

?isOpen@QIODevice@@QEBA_NXZ.QT5CORE ref: 00007FFDF66A96D9
?readAll@QIODevice@@QEAA?AVQByteArray@@XZ.QT5CORE ref: 00007FFDF66A96EB
??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFDF66A96F8
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF66A9702
?clear@QByteArray@@QEAAXXZ.QT5CORE ref: 00007FFDF66A9722

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Array@@Byte$Device@@$?clear@?readAll@DateOpen@Time@@V0@$$V0@@
String ID:
API String ID: 3340490329-0
Opcode ID: 227e25864e1b31cf92d735a1051a26fc8270dc2227c0a65d653a76de2dbbfc98
Instruction ID: d068b231bd047b87fccedfddc72abe45aa8c649094fd62adc61d1444dbe4a17e
Opcode Fuzzy Hash: 227e25864e1b31cf92d735a1051a26fc8270dc2227c0a65d653a76de2dbbfc98
Instruction Fuzzy Hash: 04014022B24A6297FB10CF21D864AAC3778FB00B44F500175DA1E47E99EF28E565C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF67037C0 Relevance: 7.5, APIs: 5, Instructions: 25timeCOMMON

Download Yara Rule

APIs

??1QDateTime@@QEAA@XZ.QT5CORE ref: 00007FFDF67037DD
??1QDateTime@@QEAA@XZ.QT5CORE ref: 00007FFDF67037E7
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF67037F1
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF67037FB
??1QString@@QEAA@XZ.QT5CORE ref: 00007FFDF6703804

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$DateTime@@
String ID:
API String ID: 1669668222-0
Opcode ID: f466ca9cdad7fb8002baf08e77b92c2899f486ee04730045aeedca42c327fe69
Instruction ID: 7ca23cd3ecba56e189de9ca5b17dfcea15d79a2aa2809c3621ffca96554a9de1
Opcode Fuzzy Hash: f466ca9cdad7fb8002baf08e77b92c2899f486ee04730045aeedca42c327fe69
Instruction Fuzzy Hash: D1F01D62F08907D2EB04DF21E8745783328EF54B19B480170CA2E02AE8EF2CD9DBC394

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6703760 Relevance: 7.5, APIs: 5, Instructions: 20timeCOMMON

Download Yara Rule

APIs

??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF6703473), ref: 00007FFDF6703769
??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF6703473), ref: 00007FFDF670377A
??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF6703473), ref: 00007FFDF6703784
??0QDateTime@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF6703473), ref: 00007FFDF6703796
??0QDateTime@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF6703473), ref: 00007FFDF67037A0

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$DateTime@@
String ID:
API String ID: 1669668222-0
Opcode ID: 5faad8ac852ff5419c791b04024e571638a371d6cc9e22ff56938da3e4eb9ec8
Instruction ID: b369115504c1f1dc37cbaaa938744181b79332100ef35c594bfd26187a68416f
Opcode Fuzzy Hash: 5faad8ac852ff5419c791b04024e571638a371d6cc9e22ff56938da3e4eb9ec8
Instruction Fuzzy Hash: 25F0126261460A86DB449F60D4647683334FB58F0DF501164C91D42698EFB8D8CAC784

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D41310 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

??0QImageIOHandler@@QEAA@XZ.QT5GUI(?,?,?,00007FFDF5D41127), ref: 00007FFDF5D4131D
?invalidate@QColor@@AEAAXXZ.QT5GUI(?,?,?,00007FFDF5D41127), ref: 00007FFDF5D41355
??0QByteArray@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF5D41127), ref: 00007FFDF5D4135F

Strings

K, xrefs: 00007FFDF5D41323

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID: ?invalidate@Array@@ByteColor@@Handler@@Image
String ID: K
API String ID: 468397674-856455061
Opcode ID: 18d9dc8137f5a710cff19be3bf150b2a9e7d63ba66e2a740790b6d8804f66728
Instruction ID: 7e08fb7445563e8b1895eff71f3bba57464d129b1fb567857be18fd83bc5f817
Opcode Fuzzy Hash: 18d9dc8137f5a710cff19be3bf150b2a9e7d63ba66e2a740790b6d8804f66728
Instruction Fuzzy Hash: 8D010032606F0586D7909F35E99076873E8FB49B48F504234CA9C833A8EF38D4A9C380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF67236DF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF67236E9
??1QDebugStateSaver@@QEAA@XZ.QT5CORE ref: 00007FFDF67237AC
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF67237B5

Strings

QLocalSocket::ServerNotFoundError, xrefs: 00007FFDF67236DF

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$DebugSaver@@State
String ID: QLocalSocket::ServerNotFoundError
API String ID: 1532547931-2843305452
Opcode ID: 3fe1b042094a68d710f156d7fe00184ad53ba7384a1d255f7187785d2a50f38b
Instruction ID: f4ea2412bcadbb042fa8238ac69fbf01d71b2f0f501aa1c5fa1c68652dd80333
Opcode Fuzzy Hash: 3fe1b042094a68d710f156d7fe00184ad53ba7384a1d255f7187785d2a50f38b
Instruction Fuzzy Hash: 80E0E536B08A4281DB049F16F9604283338FB88B95B041071DE6E03FA8EF3CE851CB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF67236F4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF67236FE
??1QDebugStateSaver@@QEAA@XZ.QT5CORE ref: 00007FFDF67237AC
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF67237B5

Strings

QLocalSocket::SocketAccessError, xrefs: 00007FFDF67236F4

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$DebugSaver@@State
String ID: QLocalSocket::SocketAccessError
API String ID: 1532547931-2124978009
Opcode ID: cd526fb638bced1c9c679d991b2593d65835a7533fc0a0a380f78ccddc979093
Instruction ID: 249b92fa552f5d87223f5850b4772ee5ab834f216350342e1ae9b10947df9086
Opcode Fuzzy Hash: cd526fb638bced1c9c679d991b2593d65835a7533fc0a0a380f78ccddc979093
Instruction Fuzzy Hash: 4EE0ED36B09A4281DB045F15F9604283334FB48B95B041072DE5E03FA8DF3CE851C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6723709 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF6723713
??1QDebugStateSaver@@QEAA@XZ.QT5CORE ref: 00007FFDF67237AC
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF67237B5

Strings

QLocalSocket::SocketResourceError, xrefs: 00007FFDF6723709

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$DebugSaver@@State
String ID: QLocalSocket::SocketResourceError
API String ID: 1532547931-4227693670
Opcode ID: c35393e0936a6050e0144a0c40a678c433dd0a2a08fa58009982d4ab5469a229
Instruction ID: e508466e5e1229da8c87d86ab801bde8dc33a390e950d06fe34cb628edb766c8
Opcode Fuzzy Hash: c35393e0936a6050e0144a0c40a678c433dd0a2a08fa58009982d4ab5469a229
Instruction Fuzzy Hash: E3E0E536B19A4281DB049F16F9604283338FB88B95B441072DE6E03FA8EF3CE895CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF672371E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF6723728
??1QDebugStateSaver@@QEAA@XZ.QT5CORE ref: 00007FFDF67237AC
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF67237B5

Strings

QLocalSocket::SocketTimeoutError, xrefs: 00007FFDF672371E

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$DebugSaver@@State
String ID: QLocalSocket::SocketTimeoutError
API String ID: 1532547931-1768731006
Opcode ID: 881ca1811530087f429e2ac53fac4a1cfd9be2a79bb077d33e05d586b514f859
Instruction ID: 994677e70e37e365e67443019ec5b9bbcb3184ecad9e0fbd2e05a907a6872d01
Opcode Fuzzy Hash: 881ca1811530087f429e2ac53fac4a1cfd9be2a79bb077d33e05d586b514f859
Instruction Fuzzy Hash: 23E0E536B09A42C1DB049F16F9604283338FB88B95B041071DE6E03FA8EF3CE851CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6723730 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF672373A
??1QDebugStateSaver@@QEAA@XZ.QT5CORE ref: 00007FFDF67237AC
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF67237B5

Strings

QLocalSocket::DatagramTooLargeError, xrefs: 00007FFDF6723730

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$DebugSaver@@State
String ID: QLocalSocket::DatagramTooLargeError
API String ID: 1532547931-904559475
Opcode ID: 554e396312bc00a8d2a066d3040096d8b589346c951b0aa7e8d7bc8c8eb3ebc9
Instruction ID: 553e4eca0874dde6a7d26b4b261caf0969358eaa318d2117c60fa2fa1b231e08
Opcode Fuzzy Hash: 554e396312bc00a8d2a066d3040096d8b589346c951b0aa7e8d7bc8c8eb3ebc9
Instruction Fuzzy Hash: 5DE0ED36B09A4281DB045F15F9604283334FB48B95B041071DE5E03FA8DF3CE851C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6723742 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF672374C
??1QDebugStateSaver@@QEAA@XZ.QT5CORE ref: 00007FFDF67237AC
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF67237B5

Strings

QLocalSocket::ConnectionError, xrefs: 00007FFDF6723742

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$DebugSaver@@State
String ID: QLocalSocket::ConnectionError
API String ID: 1532547931-2889533582
Opcode ID: d0522511d657bfa92eddf7b77e0ada528f0f97815a90f9d432cacd20f8613f9c
Instruction ID: 136bb081fe22d824a5840b1f8a88a9ba8e24e42045417da97d633fb307f1a485
Opcode Fuzzy Hash: d0522511d657bfa92eddf7b77e0ada528f0f97815a90f9d432cacd20f8613f9c
Instruction Fuzzy Hash: CFE0E536B08A4282DB049F16F9604283338FB88B95B041071DE6E03FACEF3CE851CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6723754 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF672375E
??1QDebugStateSaver@@QEAA@XZ.QT5CORE ref: 00007FFDF67237AC
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF67237B5

Strings

QLocalSocket::UnsupportedSocketOperationError, xrefs: 00007FFDF6723754

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$DebugSaver@@State
String ID: QLocalSocket::UnsupportedSocketOperationError
API String ID: 1532547931-2568171267
Opcode ID: 800f3e671b680b7ba99e38336f92feb84ad519a16347489046a607e7a7a58c9d
Instruction ID: 72d13b646262aafd287981c450da6cd4bb9060e602e1f8a3d227f864110b417c
Opcode Fuzzy Hash: 800f3e671b680b7ba99e38336f92feb84ad519a16347489046a607e7a7a58c9d
Instruction Fuzzy Hash: 79E0E536B08A4281DB049F16F9604283338FB88B95B081071DE6E03FA8EF3CE851CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF67236B5 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF67236BF
??1QDebugStateSaver@@QEAA@XZ.QT5CORE ref: 00007FFDF67237AC
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF67237B5

Strings

QLocalSocket::ConnectionRefusedError, xrefs: 00007FFDF67236B5

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$DebugSaver@@State
String ID: QLocalSocket::ConnectionRefusedError
API String ID: 1532547931-1615569452
Opcode ID: 8e9d564d3b695891a33e6eb636042c68ed20f7d92a6071d5c8634eddf0e0bb3d
Instruction ID: c3bdf2ecc511640712f154e7603b0937172a51a4f8c2f9642b92cfe630d02851
Opcode Fuzzy Hash: 8e9d564d3b695891a33e6eb636042c68ed20f7d92a6071d5c8634eddf0e0bb3d
Instruction Fuzzy Hash: E3E0E536B08A4281DB049F16F9604283338FB88B95B041072DE6E03FA8DF3CE891CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF67236CA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF67236D4
??1QDebugStateSaver@@QEAA@XZ.QT5CORE ref: 00007FFDF67237AC
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF67237B5

Strings

QLocalSocket::PeerClosedError, xrefs: 00007FFDF67236CA

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$DebugSaver@@State
String ID: QLocalSocket::PeerClosedError
API String ID: 1532547931-2632870787
Opcode ID: abe1c16a035c159362bd12a7f0b10eb257045c9e7db2f807b5399fbfa5678a2f
Instruction ID: 7060efee384a6dbc62f9b35ffdc9ef688501f35b25dbf57f45be68d8c9264cb9
Opcode Fuzzy Hash: abe1c16a035c159362bd12a7f0b10eb257045c9e7db2f807b5399fbfa5678a2f
Instruction Fuzzy Hash: 4EE0ED36B08A4281DB045F15F9605283338FB84B95B081071DE6E03FA8DF3CE851CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6723766 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFDF6723770
??1QDebugStateSaver@@QEAA@XZ.QT5CORE ref: 00007FFDF67237AC
??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFDF67237B5

Strings

QLocalSocket::UnknownSocketError, xrefs: 00007FFDF6723766

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Debug@@$DebugSaver@@State
String ID: QLocalSocket::UnknownSocketError
API String ID: 1532547931-1870636887
Opcode ID: ad141025673820426cf319ca15e6b9767988ccbaa331019b693112a74be34c14
Instruction ID: ac73ca9686e2693f7d74149d2d5f965202e4d6d089db3a9569b42bf1935614ef
Opcode Fuzzy Hash: ad141025673820426cf319ca15e6b9767988ccbaa331019b693112a74be34c14
Instruction Fuzzy Hash: 97E0E536B08A4281DB049F16F9704283378FB88B95B041071DE6E03FA8DF3CE851CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66AB830 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17COMMON

Download Yara Rule

APIs

?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFDF66AB860
??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFDF66AB86B

Strings

1deleteLater(), xrefs: 00007FFDF66AB842
2done(bool), xrefs: 00007FFDF66AB854

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Object@@$Connection@Meta$?connect@ConnectionQt@@@Type@
String ID: 1deleteLater()$2done(bool)
API String ID: 1047475738-2265470634
Opcode ID: 0d55d5aa8d7452f886c91f3ac6dcb1cf1a80eea570fc60f814b615e37661c4ab
Instruction ID: 86469e01a9d1f51bba020635a8915aa0f8c369170ac8742a48812ebdf452c138
Opcode Fuzzy Hash: 0d55d5aa8d7452f886c91f3ac6dcb1cf1a80eea570fc60f814b615e37661c4ab
Instruction Fuzzy Hash: 4FE01265718A4691EB10CF10E8745F97378F758B48F940172DA6D43EA8EF3CD64AC740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D956C0 Relevance: 6.6, APIs: 5, Instructions: 347COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FFDF5D957FC
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDF5D959FC
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDF5D95A0C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDF5D95A47
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDF5D95A57

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID: free$memcpy
String ID:
API String ID: 4107583993-0
Opcode ID: 2fcc2c4a9815474cc1288ae06698a78654ec5c1e1770f20be0a1f1bb5b523614
Instruction ID: 057205164d72845656eeb95f39b36e9f17b5cff47fb0b95c9e6549cbd8a2f983
Opcode Fuzzy Hash: 2fcc2c4a9815474cc1288ae06698a78654ec5c1e1770f20be0a1f1bb5b523614
Instruction Fuzzy Hash: 2902AD62B1AB8982E710CF28D9547AC33A0FB59B8CF049235DF9D5369AEF34E595C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D7D650 Relevance: 6.3, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDF5D7D33F), ref: 00007FFDF5D7D672
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDF5D7D33F), ref: 00007FFDF5D7D67B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDF5D7D33F), ref: 00007FFDF5D7D6A5
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDF5D7D33F), ref: 00007FFDF5D7D6E5
memset.VCRUNTIME140 ref: 00007FFDF5D7D708

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID: free$memset
String ID:
API String ID: 2717317152-0
Opcode ID: b631ad133b217f50f1a8edd4504272af646ae85f8ec341c4be10219a48afd1ab
Instruction ID: 048f9420fbb24031db1e0424e0210abf8619f4549edc7537ae3af35904eb0342
Opcode Fuzzy Hash: b631ad133b217f50f1a8edd4504272af646ae85f8ec341c4be10219a48afd1ab
Instruction Fuzzy Hash: 39114F22B1B64A40EF48EB21E920BBD1261EF85F98F445135D96E17ACDCF38D4478354

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D433D0 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 249COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FFDF5D4377E
memcpy.VCRUNTIME140 ref: 00007FFDF5D437A1
memcpy.VCRUNTIME140 ref: 00007FFDF5D437C4

Strings

Could not decode alpha data., xrefs: 00007FFDF5D4367A

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID: memcpy
String ID: Could not decode alpha data.
API String ID: 3510742995-3483007141
Opcode ID: 2ba7a767d766882508268c17835d19008bff8bef58bd53ff45eb77baaa3e2de5
Instruction ID: 407ec115d705e14252fc25fa82169bc57fdd100e399f9ffc01be3699e4c04e4f
Opcode Fuzzy Hash: 2ba7a767d766882508268c17835d19008bff8bef58bd53ff45eb77baaa3e2de5
Instruction Fuzzy Hash: 3EB1AC72715AC58ADB74CF29D891BAD77A5FB88B88F104025DE4D4BB89DF38D680CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66EF4B0 Relevance: 6.1, APIs: 4, Instructions: 83COMMON

Download Yara Rule

APIs

?lock@QMutex@@QEAAXXZ.QT5CORE ref: 00007FFDF66EF4CD
?lock@QMutex@@QEAAXXZ.QT5CORE ref: 00007FFDF66EF4E0
?unlock@QMutex@@QEAAXXZ.QT5CORE ref: 00007FFDF66EF4F4
?unlock@QMutexLocker@@QEAAXXZ.QT5CORE ref: 00007FFDF66EF597

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Mutex@@$?lock@?unlock@$Locker@@Mutex
String ID:
API String ID: 3061340097-0
Opcode ID: a56d5f302760f45f6953604bea418ed017b01396de31368c5c703d9306e617f8
Instruction ID: 6cad37fd02fa0eeb1305651a49da58eed4fe575fff88edf5c0ce9b92f89ef239
Opcode Fuzzy Hash: a56d5f302760f45f6953604bea418ed017b01396de31368c5c703d9306e617f8
Instruction Fuzzy Hash: 37319932B08A4587EF00DB29D4A077977A5EFA4B98F148471DA2E43ED9EF3DD8458B01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66FB660 Relevance: 6.1, APIs: 4, Instructions: 82timeCOMMON

Download Yara Rule

APIs

?lock@QMutex@@QEAAXXZ.QT5CORE(00000000,?,?,00007FFDF66FBD01), ref: 00007FFDF66FB689

Part of subcall function 00007FFDF66F9FD0: ??0QString@@QEAA@VQLatin1String@@@Z.QT5CORE ref: 00007FFDF66FA01F
Part of subcall function 00007FFDF66F9FD0: ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFDF66FA034

?qHash@@YAIAEBVQString@@I@Z.QT5CORE(00000000,?,?,00007FFDF66FBD01), ref: 00007FFDF66FB6B5
?elapsed@QElapsedTimer@@QEBA_JXZ.QT5CORE(00000000,?,?,00007FFDF66FBD01), ref: 00007FFDF66FB73A
?unlock@QMutexLocker@@QEAAXXZ.QT5CORE(00000000,?,?,00007FFDF66FBD01), ref: 00007FFDF66FB76F

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: String@@$?elapsed@?lock@?unlock@ElapsedHash@@Latin1Locker@@MutexMutex@@String@@@Timer@@
String ID:
API String ID: 155392960-0
Opcode ID: 8a107e587f5fd681ae9d3184c528ac83be2bfb5e009a7f9314a33009c1378b62
Instruction ID: e642019651709ec1855f43c52a8ce0e83f32905d9e4da35e3b8afea1b166de51
Opcode Fuzzy Hash: 8a107e587f5fd681ae9d3184c528ac83be2bfb5e009a7f9314a33009c1378b62
Instruction Fuzzy Hash: 71317076708B8081EB14DF25E460A2873A8FB59F84F144175DA6C4BB99EF39D892CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66FF6E0 Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66FF711
?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE ref: 00007FFDF66FF71F
?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66FF72B
?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFDF66FF737

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Data@@List$?begin@$?detach@?end@Data@1@
String ID:
API String ID: 2291827984-0
Opcode ID: 873194aa351902bc65598cddfaa6585dd4721c7d9ab2f15747326d197b864ad3
Instruction ID: a951fbbacbefd3e27e5333a668efb65727a4a7f7b1a4882ee923f02fbe347d1d
Opcode Fuzzy Hash: 873194aa351902bc65598cddfaa6585dd4721c7d9ab2f15747326d197b864ad3
Instruction Fuzzy Hash: 0E117536B1864686DB109F25B454569B7A4FB45FD0F584171DA7D03FDCEE3CE8428B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF6729770 Relevance: 6.0, APIs: 4, Instructions: 46timeCOMMON

Download Yara Rule

APIs

??1QDateTime@@QEAA@XZ.QT5CORE ref: 00007FFDF67297C4
??1QDateTime@@QEAA@XZ.QT5CORE ref: 00007FFDF67297CE
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF67297EA
??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFDF67297F4

Part of subcall function 00007FFDF673D210: ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF672876D,?,?,?,00007FFDF672A3DC), ref: 00007FFDF673D228
Part of subcall function 00007FFDF673D210: ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF672876D,?,?,?,00007FFDF672A3DC), ref: 00007FFDF673D24D
Part of subcall function 00007FFDF673D210: ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFDF672876D,?,?,?,00007FFDF672A3DC), ref: 00007FFDF673D264

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Array@@ByteDateLogger@@MessageTime@@$?warning@Category@@Enabled@H00@LoggingWarning
String ID:
API String ID: 1974625209-0
Opcode ID: 79acbd7d06209fd8e8642b3c3a106aca683d16b49e50c636771dee03c54fd5e6
Instruction ID: 10f21cb19792af161bdf49212f2100cb90b5bebd34e25df84b801f4e9bdcafa1
Opcode Fuzzy Hash: 79acbd7d06209fd8e8642b3c3a106aca683d16b49e50c636771dee03c54fd5e6
Instruction Fuzzy Hash: A8116322B1894292EB54DF21DA7497C7365FF50B54B480531DA2E43DD9DF2CE8A6C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF672F6A0 Relevance: 6.0, APIs: 4, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDF6759290: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDF668328F), ref: 00007FFDF67592AA

??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF6747A85,?,?,?,00007FFDF674BE72), ref: 00007FFDF672F6BF
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF6747A85,?,?,?,00007FFDF674BE72), ref: 00007FFDF672F6D9
??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF6747A85,?,?,?,00007FFDF674BE72), ref: 00007FFDF672F6F0
??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,00007FFDF6747A85,?,?,?,00007FFDF674BE72), ref: 00007FFDF672F723

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Array@@ByteString@@$malloc
String ID:
API String ID: 2645771327-0
Opcode ID: 9b3b0cca0971da09879ea9678a2fbf8f940a53c8daadb6b6dcfbacdf83ab5dbc
Instruction ID: 3e012bae0e745594b6fdd5dc2a2804aecf1984dc260aff72e507d4adff54215e
Opcode Fuzzy Hash: 9b3b0cca0971da09879ea9678a2fbf8f940a53c8daadb6b6dcfbacdf83ab5dbc
Instruction Fuzzy Hash: 00015B36728A4181EB40DF25E0B49AA7324EF88B80F845031EA5E07F9DEF3CC884CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF60D060E50 Relevance: 6.0, APIs: 4, Instructions: 37COMMON

Download Yara Rule

APIs

?_Xbad_alloc@std@@YAXXZ.MSVCP140 ref: 00007FF60D060E6F
?_Xbad_alloc@std@@YAXXZ.MSVCP140 ref: 00007FF60D060E90
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF60D060EA7

Memory Dump Source

Source File: 0000000F.00000002.3088052427.00007FF60CFC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF60CFC0000, based on PE: true

Associated: 0000000F.00000002.3088035517.00007FF60CFC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088110305.00007FF60D086000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088157309.00007FF60D101000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088175807.00007FF60D104000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088193777.00007FF60D108000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000F.00000002.3088211068.00007FF60D10B000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff60cfc0000_SRTMiniServer.jbxd

Similarity

API ID: Xbad_alloc@std@@$_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2582267257-0
Opcode ID: b1ca0942c2911be35d6154a8b21df9a8af32e51ee33c823be6bd33c98ec84f3c
Instruction ID: 34d05a56d8d1ccd2ee3ca375c98de87d1f3cb5582b1aa802198cecc6fde11043
Opcode Fuzzy Hash: b1ca0942c2911be35d6154a8b21df9a8af32e51ee33c823be6bd33c98ec84f3c
Instruction Fuzzy Hash: D001A470F4AA13A1ED58EB60945937C12E0AF54BA4FA00B34D15F813D4FF6D60DA8219

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF672D6A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

??0QByteArray@@QEAA@UQByteArrayDataPtr@@@Z.QT5CORE(?,?,000000010000000E,00007FFDF672DBFA), ref: 00007FFDF672D6D6
_Init_thread_footer.LIBCMT ref: 00007FFDF672D766

Strings

Y-----, xrefs: 00007FFDF672D6FA

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Byte$ArrayArray@@DataInit_thread_footerPtr@@@
String ID: Y-----
API String ID: 4174580304-2754263011
Opcode ID: 68b37fdf30fc36a3f5e155693fcbbd277c96f3f36f1e265bb193d2bd29505ce3
Instruction ID: fb33328866885547867c7c37e89ecc9832c8ac2231c83b825499c89eb165e43a
Opcode Fuzzy Hash: 68b37fdf30fc36a3f5e155693fcbbd277c96f3f36f1e265bb193d2bd29505ce3
Instruction Fuzzy Hash: E911E765F1CA4789F7108F26B870A783368AB58751F485235D97D07EEDDF3CA9858B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF672D830 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

??0QByteArray@@QEAA@UQByteArrayDataPtr@@@Z.QT5CORE(?,?,00000000,00007FFDF672DCF6), ref: 00007FFDF672D866
_Init_thread_footer.LIBCMT ref: 00007FFDF672D8E7

Strings

-----, xrefs: 00007FFDF672D88A

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Byte$ArrayArray@@DataInit_thread_footerPtr@@@
String ID: -----
API String ID: 4174580304-4165711970
Opcode ID: 1c9ef6911fb7b8959b3349f9b246879a7f4943c098c523a04c8e389f7df192a1
Instruction ID: 04016792e79ec29d4c634e4b5d460683ae4f7dd71be8800081a4e5da35c5df6e
Opcode Fuzzy Hash: 1c9ef6911fb7b8959b3349f9b246879a7f4943c098c523a04c8e389f7df192a1
Instruction Fuzzy Hash: 7611E264F0CA8689FB008B26B874A743368AB58310F496235C93C07EEDDF3C7984CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF672D770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

??0QByteArray@@QEAA@UQByteArrayDataPtr@@@Z.QT5CORE(?,?,?,00007FFDF672E4EC), ref: 00007FFDF672D7A6
_Init_thread_footer.LIBCMT ref: 00007FFDF672D819

Strings

.5.13, xrefs: 00007FFDF672D7CA

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Byte$ArrayArray@@DataInit_thread_footerPtr@@@
String ID: .5.13
API String ID: 4174580304-880305061
Opcode ID: 0aa5c8ec51e34536f710a7f19ae0667605e8a5c470747c1de8499884bf89720f
Instruction ID: 02324c675e7a5670d97d19809a37c0c7f524e2943da6525c0bcb3eb3973b6a1a
Opcode Fuzzy Hash: 0aa5c8ec51e34536f710a7f19ae0667605e8a5c470747c1de8499884bf89720f
Instruction Fuzzy Hash: 351106A1F0EA4281FB05DF14E870AB43329AB98750F505236D92D46EEEEF3C78858B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66B94A6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON

Download Yara Rule

APIs

??4QString@@QEAAAEAV0@VQLatin1String@@@Z.QT5CORE ref: 00007FFDF66B950F

Strings

Z, xrefs: 00007FFDF66B94B2
The connection established in response to a CONNECT request was reset or abnormally closed, xrefs: 00007FFDF66B94AB

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Latin1String@@String@@@
String ID: The connection established in response to a CONNECT request was reset or abnormally closed$Z
API String ID: 2468299162-706977911
Opcode ID: 90a97ea561bfd6c1275b09807063e89e7fd26526c00763a80d3e2d92f9278f4b
Instruction ID: 8131f457a1f2a03368683921518a406d39dd296ba6ad89367ee136b6e90c389b
Opcode Fuzzy Hash: 90a97ea561bfd6c1275b09807063e89e7fd26526c00763a80d3e2d92f9278f4b
Instruction Fuzzy Hash: 9EE039A2B08B8089E7018F74D8501AC7B74BB49798B084661CEAC12A59DB78D295C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF66B9495 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON

Download Yara Rule

APIs

??4QString@@QEAAAEAV0@VQLatin1String@@@Z.QT5CORE ref: 00007FFDF66B950F

Strings

Server is unable to maintain the header compression context for the connection, xrefs: 00007FFDF66B949C
N, xrefs: 00007FFDF66B9495

Memory Dump Source

Source File: 0000000F.00000002.3088902604.00007FFDF6681000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDF6680000, based on PE: true

Associated: 0000000F.00000002.3088882464.00007FFDF6680000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3088973478.00007FFDF675C000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089015329.00007FFDF67AA000.00000004.00000001.01000000.00000017.sdmpDownload File
Associated: 0000000F.00000002.3089035220.00007FFDF67B7000.00000002.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf6680000_SRTMiniServer.jbxd

Similarity

API ID: Latin1String@@String@@@
String ID: N$Server is unable to maintain the header compression context for the connection
API String ID: 2468299162-1635745983
Opcode ID: f97e7ba58474f6741d747e1873e5601515e5e3be74bea702dbea34bf90a69c98
Instruction ID: 52434210571641618aecb973e5678c7063630d1bafa59da0f7631de98a0ff331
Opcode Fuzzy Hash: f97e7ba58474f6741d747e1873e5601515e5e3be74bea702dbea34bf90a69c98
Instruction Fuzzy Hash: 94E0E5B2F04B81C9E7018F65D8505BC7774BB48798F545925CE6C22A98DFB89294C790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFDF5D936C0 Relevance: 5.2, APIs: 4, Instructions: 156COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FFDF5D93735
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDF5D938DD
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDF5D938E5
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDF5D938FA

Memory Dump Source

Source File: 0000000F.00000002.3088255443.00007FFDF5D41000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFDF5D40000, based on PE: true

Associated: 0000000F.00000002.3088239650.00007FFDF5D40000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088295831.00007FFDF5D9D000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088318141.00007FFDF5DB5000.00000004.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DB8000.00000002.00000001.01000000.0000002C.sdmpDownload File
Associated: 0000000F.00000002.3088336034.00007FFDF5DBF000.00000002.00000001.01000000.0000002C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffdf5d40000_SRTMiniServer.jbxd

Similarity

API ID: free$memset
String ID:
API String ID: 2717317152-0
Opcode ID: 1452f9abff354da8d645d3d8651b663263d6f5ecbd0c9ccec8b2074ffc631d5b
Instruction ID: ae8217d5d63b5d56f220e350791dc71d1b4f2a4b1cc73af5055e8e9dcf3b5e0a
Opcode Fuzzy Hash: 1452f9abff354da8d645d3d8651b663263d6f5ecbd0c9ccec8b2074ffc631d5b
Instruction Fuzzy Hash: 58519732B0978586D724DB15B860BAAB7D4FB89B88F444134EE9D43B99DF3CE445CB40

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\SRTMiniServer\Conference.exe

C:\Program Files (x86)\SRTMiniServer\Conference.exe.manifest

C:\Program Files (x86)\SRTMiniServer\CrashRpt1403.dll

C:\Program Files (x86)\SRTMiniServer\CrashRpt1403.lib

C:\Program Files (x86)\SRTMiniServer\CrashSender1403.exe

C:\Program Files (x86)\SRTMiniServer\DLLs\D3DCompiler_43.dll

C:\Program Files (x86)\SRTMiniServer\DLLs\MLProxy.dll

C:\Program Files (x86)\SRTMiniServer\DLLs\MServer.exe

C:\Program Files (x86)\SRTMiniServer\DLLs\MServer.exe.manifest

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Codecs.Core.x64.dll

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Codecs.FFM.x64.dll

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Codecs.GPU.x64.dll

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Codecs.SRT.x64.dll

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.AJA.x64.dll

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.BMD.x64.dll

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.DS.x64.dll

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.NDI.x64.dll

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.Device.SCR.x64.dll

C:\Program Files (x86)\SRTMiniServer\DLLs\Medialooks.MFReader.x64.dll

Windows Analysis Report
https://downloadsnew.garaninapps.com/SRTMiniServer_2.4.3_2024-02-26_INSTALL.exe